last executing test programs: 1.256363251s ago: executing program 3 (id=383): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000212c1400001e0a05010000000000000000070000000900020073797a31000000000900010073797a300000000000140380300000802c000180250001"], 0x14b0}, 0x1, 0x0, 0x0, 0x4008091}, 0x4) 1.222475372s ago: executing program 3 (id=386): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x2, 0x0, 0x0, 0x211, 0x0, 0x0, 0x40f00, 0x12, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x441}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000880), 0x0, 0x0, 0x0, 0x900}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bond_slave_0\x00', 0x200}) socketpair(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89b0, &(0x7f0000000080)) 1.181296562s ago: executing program 3 (id=389): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_DISALLOCATE(r2, 0x5608) 1.130366493s ago: executing program 3 (id=393): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ptrace(0x10, r0) ptrace$peeksig(0x4209, r0, &(0x7f0000000140)={0x0, 0x0, 0x4e}, &(0x7f0000000fc0)) 953.719185ms ago: executing program 4 (id=413): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0}, 0x18) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="000202"], 0x18) 904.943076ms ago: executing program 4 (id=417): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000640)=0x13) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x9) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000280)={0xfeff, 0x8, 0x8, 0xfffe, 0x11, "0100000000000080"}) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000006c0)=0xa) 855.595367ms ago: executing program 4 (id=422): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x18) syz_clone(0x6200, &(0x7f00000006c0), 0x0, 0x0, 0x0, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) 830.529117ms ago: executing program 4 (id=424): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0xd9}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000010010000000ffdbdf2500000000", @ANYRES32, @ANYBLOB="20000000280e0400280012800b0001006d6163736563000018000280050003"], 0x48}, 0x1, 0x0, 0x0, 0x24008001}, 0x0) 786.936208ms ago: executing program 4 (id=427): socketpair(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f8, &(0x7f0000000080)) 759.937598ms ago: executing program 4 (id=432): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x1) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) sendmmsg(r0, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)='$', 0x1}], 0x1, &(0x7f0000001a80)=ANY=[@ANYBLOB="10"], 0x10}}], 0x1, 0x4004804) 673.34301ms ago: executing program 1 (id=440): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000008b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200400100000c0a01010000000000000000070000000900020073797a31000000000900010073797a300000000014010380100100800800034000000002"], 0x1d4}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 646.52992ms ago: executing program 2 (id=444): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kfree\x00', r1, 0x0, 0x4ab}, 0x18) r2 = perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0xfe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x4, 0x4}, 0x140db, 0x0, 0x4, 0x8, 0xa, 0x100, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000000)='cpu<=0||!') 603.221551ms ago: executing program 1 (id=445): r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/rpc\x00') fchdir(r0) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000) 602.691961ms ago: executing program 2 (id=447): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b70300000000b1098500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x59, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@remote}, {@in6=@remote, 0x4d3, 0x32}, @in=@broadcast, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0) 600.329451ms ago: executing program 2 (id=448): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='kfree\x00', r0}, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'sit0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x48801}, 0x0) 597.981691ms ago: executing program 1 (id=449): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0500000001000000070000000c"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r0}, &(0x7f00000005c0), &(0x7f0000000600)='%pS \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x18) process_mrelease(0xffffffffffffffff, 0x700000000000000) 575.617551ms ago: executing program 2 (id=451): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101000) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000300)={0xfffffffd, 0xffffffff, 0x0, 'queue1\x00'}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000580)={0x0, 0x0, 0x0, 'queue0\x00'}) 561.023581ms ago: executing program 1 (id=452): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0xc1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x7995}, 0x8, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) 533.149542ms ago: executing program 2 (id=454): connect$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101900, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000080)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0xffff0000) 532.999992ms ago: executing program 1 (id=455): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x82000000, 0x0, 0x0, 0x0, 0x0, 0x0) 471.223123ms ago: executing program 1 (id=457): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x80, 0x5, 0x7fff0003}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000400)) 470.934953ms ago: executing program 2 (id=459): socket(0x10, 0x803, 0x0) msgget(0x1, 0x2b0) msgrcv(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0x0, 0x2, 0x2000) msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="5113"], 0x4, 0x800) 307.309785ms ago: executing program 3 (id=472): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) setuid(0xee00) 251.098576ms ago: executing program 3 (id=474): r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f0000000740)="ccf0", 0x2) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) 74.583808ms ago: executing program 0 (id=483): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x24, 0x0, 0x15, 0x70bd2c, 0x25dedbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0xa0}]}, 0x24}, 0x1, 0x0, 0x0, 0x1040}, 0x20000090) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r1, @ANYBLOB="00000000000000005c001280110001006272696467655f736c617665000000004400058005000500000000000500200001000000050008"], 0x7c}}, 0x80) 73.972779ms ago: executing program 0 (id=484): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000380)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x28, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93, 0xfc}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1}, {0x0, 0xfffffffc}, {0x1, 0x0, 0x0, 0x4000000, 0x7, 0x80000}, {0x8, 0x5, 0x0, 0xfffffffc, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x5}, {}, {0x0, 0x10}, {0x0, 0x4, 0xfffffffd, 0x8000000}, {0x0, 0xffffffff, 0x0, 0x0, 0xfffffffd}, {0x2, 0x0, 0x400000, 0x0, 0x6}, {}, {}, {}, {0x0, 0x1000, 0x0, 0x8000000}, {}, {0xffff, 0x0, 0x0, 0x0, 0x20}, {0xfffffffd}, {0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0xfffffffc}, {0x0, 0x2000}, {}, {0x0, 0x7, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x5, 0xff}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x4, 0x6}, {0xffffffff}, {}, {}, {}, {0xffffffff, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x3, 0x0, 0x5}, {0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x1, 0x3}, {0x80, 0xfffffffe}, {0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x2}, {}, {0x0, 0x15, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xd, 0xffffffff}, {}, {}, {0x0, 0xfffefffd}, {0x0, 0x0, 0x0, 0x1}, {}, {0x5, 0x0, 0x40}, {}, {0x0, 0x0, 0x0, 0x3ff, 0x40000000}, {}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x400000}, {0x4, 0x0, 0x200}, {}, {}, {0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfb4}, {}, {0x0, 0x101, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x4, 0x9}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2, 0xfffffffc}, {}, {}, {}, {0x800000, 0x0, 0x0, 0x0, 0x0, 0x56}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffefffff}, {}, {0x0, 0x0, 0x6, 0x0, 0x4}, {}, {}, {0x0, 0xfffffffd}, {0x6}, {0x7f}, {}, {}, {0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x2, 0x0, 0x20000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x292}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x0, 0x1}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x10000000, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x2e9c}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x3, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {0xfffffffe, 0x0, 0x0, 0x0, 0x8000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x8000}, {0x0, 0x0, 0x10000, 0x0, 0xfffffffc}, {0x0, 0x80000000, 0x0, 0x7dff804}], [{}, {}, {}, {}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x1}, {}, {}, {}, {0x0, 0x1}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {0x3}, {0x0, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x1}, {0x2}, {0x5}, {}, {0x3}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {0x3}, {0x0, 0x1}, {}, {}, {}, {0x2}, {}, {}, {0x4}, {0x3}, {}, {}, {0x0, 0x1}, {0x2}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0) 15.265349ms ago: executing program 0 (id=485): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000000), 0x1, 0x514, &(0x7f0000002080)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6iztJu3V3i4iuTz4tqOv7WNu0lCZNadJ1Whbt4n8ggoJPvgv+AcIwD/4BMjCgL+KDqCiiM/ogqHMlyc1MJ03autM2nebzgTP3nHtv7vecW3Jyf5y5N4Cx9VJEvB0RExHxakQU8/lpnmKvm9rr3b/3/lI7JZFl7/4tiSSf19tWuzwZEVfzj01FxDe+GvHt5GDc5s7u+mKtVt3Ky5VWfbPS3Nm9vlZfXK2uVjfm5+feXHhr4Y2F2Sz3RO0sdSevRcSXbr32nd/f+Mu177ar9cVPRCH62nGSuk0vdPZFT3sfbZ1GsBGYyNtTeDinMNL6AABwuPYx/kcj4jOd4/9iTHSO5vpMjKJmAAAAwEnJvjwd/0kiMgAAAODCSiNiOpK0nI8FmI40vZRfG/h4XElrjWbrcyuN7Y3l9rKIUhTSlbVadTYfK1yKQtIuz+VjbHvl1/vK8xHxXET8sHi5Uy4vNWrLI772AQAAAOPiat/5/z+LaSd/tAH/TwAAAAA4v0pDCwAAAMBF4ZQfAAAALr7+8/9bI6oHAAAAcCq+9s477ZT13n+9/N7O9nrjvevL1eZ6ub69VF5qbG2WVxuN1c4z++pHba/WaGx+Pja2b1Za1War0tzZvVFvbG+0bqw99gpsAAAA4Aw99+nbv0kiYu8Llzsp8ucAAjzmj6OuAHCSJkZdAWBkPMUbxldh1BUARi45YrnBOwAA8PSb+eTB+/+99/+7NgAXm7E+ADB+3P+H8VUwAhDGV37j/yPdyTPDVht6//9Xxw2UZRF3ivvnuL4IAABna7qTkrSc3wucjjQtlyOejUhLUUhW1mrV2fz84NfFwjPt8lznk8mRY4YBAAAAAAAAAAAAAAAAAAAAAAAAgK4sSyIDAAAALrSI9M9J/hqwmeIr0/3XBy4l/yrGn/LCT9790c3FVmtrrj3/7513eV2KiNaP8/mvD319GAAAAHDSkr2hi7rn6fl07kxrBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAYuH/v/aVeOsu4f/1KRJQGxZ+Mqc50KgoRceUfSUzu+1wSERMnEH/vg4h4flD8JB5kWVbKa9EfP42Iy6ccv9TZNcPjXz2B+DDObrf7n7cHff/SeKkzHfz9m8zTkxre/6V55Oc7/dyg/u/ZA1urD4zxwt2fV4bG/yDihcnB/U+v/02GxH/5wNb+nWXZwRjf+ubu7rD42U8jZgb+/iSPxaq06puV5s7u9bX64mp1tboxPz/35sJbC28szFZW1mrV/N+BMX7wqV88OKz9VwbE/91vu/3vYe1/ZdhG+/z37s17H+tmC4PiX3t54O/vVAyJn+a/fZ/N8+3lM738Xje/34s/u/PiYe1fHrL/j/r7Xztm+1/9+vf/cMxVAYAz0NzZXV+s1apbh2SmjrHO05j55dS5qMb/mcm+1/3LnZf6fNhM+2j10Zxeq85BxfZlsjOLNRHnpMkPMyPtlgAAgFPw6KB/1DUBAAAAAAAAAAAAAAAAAACA8XUWjxPrj7k3mqYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzqfwEAAP//XazfUA==") 15.167509ms ago: executing program 0 (id=486): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x800040, &(0x7f0000000340), 0x1, 0x59b, &(0x7f0000002480)="$eJzs3T1sG2UfAPD/2fGbfuRt+krvK72gDhUgFamqk/QDClO7IipV6oDEUizHjaI4cRQ70EQZ0r1CdECAupQNBkYQAwNiQWJhZQExI1U0AqnpAEb+StvEDk6p6zT+/aSz77nn7P/z3Pl/9nO6kwMYWEdrD6mIZyLiYhIx+kDdUDQrjzbWW19byd9bW8knUa1e+jWJJCLurq3kW+snzeeDEbEaEf+PiG8yEcdTW+OWl5ZncsViYaFZHqvMzo+Vl5ZPTM/mpgpThblTL79y5uzpMxMnJzo3PrOzvl7/6ca7179/7daNTz87spp/P5fEuRhp1j3Yj8epsU0ycW7T8tO9CNZHSb8bwCNJN/O8lkr/i9FIN7O+neroE20a0GPV4YjqTiSrO1od2M2SneU/sGe0fgfUxr9th9Pp3v7+uH2+MQCpxV9vTo2aoca5idhXH5sc+C15aGRSG28e7m3TGACr1yJifGio9vlrTY2apPn5e3Tjj6OB9NTX5xs7auv+T20cf6LN8Wekde70H2od/9a3HP/ux093OP5d7DLGH2/+/FHH+Ncinm0bP9mIn7SJn4qIt7qMf/ONL892qqt+HHEs2sdvSbY/Pzx2ZbpYGG88to3x1bEjr27X/wMd4jfO2e6rf8202/7zXfb/i28/f251m/gvPr/9/m+3/fdHxHtdxv/P3U9e71R3+1pyp/YrYKf7v7bsVpfxXzp39McOVfu7fAsAAAAAAAAAAKCNVP1atiSV3ZhPpbLZxj28/40DqWKpXDl+pbQ4N9m45u1wZFKtK61GG+WkVp5oXo/bKp/cVD7Vuo44vb9ezuZLxck+9x0AAAAAAAAAAAAAAAAAAAB2i4Ob7v//PV2//3/z31UDe1Xnv/wG9jr5D4Pr4fxPIob71hTgCfP9DwOrKv9hcMl/GFzyHwaX/IfBJf9hcMl/GFzyHwAAAAAAAAAAAAAAAAAAAAAAAAAAeuLihQu1qXpvbSVfK08OLS3OlN4+MVkoz2RnF/PZfGlhPjtVKk0VC9l8afbv3q9YKs2Px9zi1bFKoVwZKy8tX54tLc5VLk/P5qYKlwuZJ9IrAAAAAAAAAAAAAAAAAAAAeLqM1KcklY2IVH0+lcpmI/4dEYcjk1yZLhbGI+JQRPyQzgzXyhP9bjQAAAAAAAAAAAAAAAAAAADsMeWl5ZlcsVhYGJCZoS1Lvuu8ckSsPt5m1N5xR68anskVM819tVu24dM2c2j7ddLR9xbuxpk+H5gAAAAAAAAAAAAAAAAAAGAA3b/pt9tX/NnbBgEAAAAAAAAAAAAAAAAAAMBASv2SRERtOjb6wsjm2n8l6+n6c0S8c/PSB1dzlcrCRG35nY3llQ+by0/2o/1At1p52spjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4L7y0vJMrlgsLPRwpt99BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgUfwUAAP//H1DQ4Q==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c460d04000c028000000000000003003e00ecffffff940200000000002172b4ce359280e2004d02000000000000000000000000380001"], 0x78) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x100) 15.086789ms ago: executing program 0 (id=487): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {0x0, 0x0, 0x4}, 0x1}, 0x18) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) writev(r0, &(0x7f0000000200)=[{0x0}, {&(0x7f00000005c0)="585a812271", 0x5}], 0x2) 0s ago: executing program 0 (id=488): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaa"], 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000000)='./file0\x00') kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.202' (ED25519) to the list of known hosts. [ 34.927830][ T29] audit: type=1400 audit(1752308965.670:62): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 34.928929][ T3295] cgroup: Unknown subsys name 'net' [ 34.950584][ T29] audit: type=1400 audit(1752308965.670:63): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 34.978337][ T29] audit: type=1400 audit(1752308965.690:64): avc: denied { unmount } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 35.117656][ T3295] cgroup: Unknown subsys name 'cpuset' [ 35.123930][ T3295] cgroup: Unknown subsys name 'rlimit' [ 35.256377][ T29] audit: type=1400 audit(1752308965.990:65): avc: denied { setattr } for pid=3295 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 35.281902][ T29] audit: type=1400 audit(1752308966.000:66): avc: denied { create } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 35.297952][ T3298] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 35.302484][ T29] audit: type=1400 audit(1752308966.000:67): avc: denied { write } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.331477][ T29] audit: type=1400 audit(1752308966.000:68): avc: denied { read } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.351891][ T29] audit: type=1400 audit(1752308966.000:69): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 35.358622][ T3295] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 35.376747][ T29] audit: type=1400 audit(1752308966.000:70): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 35.408713][ T29] audit: type=1400 audit(1752308966.050:71): avc: denied { relabelto } for pid=3298 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 36.488873][ T3305] chnl_net:caif_netlink_parms(): no params data found [ 36.525490][ T3307] chnl_net:caif_netlink_parms(): no params data found [ 36.604940][ T3310] chnl_net:caif_netlink_parms(): no params data found [ 36.614233][ T3305] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.621376][ T3305] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.628692][ T3305] bridge_slave_0: entered allmulticast mode [ 36.635270][ T3305] bridge_slave_0: entered promiscuous mode [ 36.654294][ T3306] chnl_net:caif_netlink_parms(): no params data found [ 36.666655][ T3305] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.673978][ T3305] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.681200][ T3305] bridge_slave_1: entered allmulticast mode [ 36.687564][ T3305] bridge_slave_1: entered promiscuous mode [ 36.741219][ T3307] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.748373][ T3307] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.755650][ T3307] bridge_slave_0: entered allmulticast mode [ 36.762272][ T3307] bridge_slave_0: entered promiscuous mode [ 36.777897][ T3305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.787137][ T3307] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.794270][ T3307] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.801574][ T3307] bridge_slave_1: entered allmulticast mode [ 36.808156][ T3307] bridge_slave_1: entered promiscuous mode [ 36.814304][ T3315] chnl_net:caif_netlink_parms(): no params data found [ 36.829259][ T3305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.889791][ T3305] team0: Port device team_slave_0 added [ 36.895618][ T3306] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.902773][ T3306] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.910003][ T3306] bridge_slave_0: entered allmulticast mode [ 36.916467][ T3306] bridge_slave_0: entered promiscuous mode [ 36.923360][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.930540][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.937844][ T3310] bridge_slave_0: entered allmulticast mode [ 36.944264][ T3310] bridge_slave_0: entered promiscuous mode [ 36.951931][ T3307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.961079][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.968197][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.975392][ T3310] bridge_slave_1: entered allmulticast mode [ 36.981907][ T3310] bridge_slave_1: entered promiscuous mode [ 36.991072][ T3305] team0: Port device team_slave_1 added [ 37.002575][ T3306] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.009720][ T3306] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.016971][ T3306] bridge_slave_1: entered allmulticast mode [ 37.023762][ T3306] bridge_slave_1: entered promiscuous mode [ 37.031074][ T3307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.057753][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.064757][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.090707][ T3305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.132646][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.139694][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.165762][ T3305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.177236][ T3307] team0: Port device team_slave_0 added [ 37.186287][ T3306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.196270][ T3307] team0: Port device team_slave_1 added [ 37.203114][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.212383][ T3315] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.219604][ T3315] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.226781][ T3315] bridge_slave_0: entered allmulticast mode [ 37.233157][ T3315] bridge_slave_0: entered promiscuous mode [ 37.239887][ T3315] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.247020][ T3315] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.254302][ T3315] bridge_slave_1: entered allmulticast mode [ 37.260773][ T3315] bridge_slave_1: entered promiscuous mode [ 37.273527][ T3306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.288639][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.321374][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.328408][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.354408][ T3307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.375489][ T3305] hsr_slave_0: entered promiscuous mode [ 37.381558][ T3305] hsr_slave_1: entered promiscuous mode [ 37.388346][ T3306] team0: Port device team_slave_0 added [ 37.394512][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.401608][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.427565][ T3307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.444555][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.460029][ T3306] team0: Port device team_slave_1 added [ 37.469264][ T3310] team0: Port device team_slave_0 added [ 37.476070][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.501353][ T3310] team0: Port device team_slave_1 added [ 37.520311][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.527383][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.553406][ T3306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.592726][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.599761][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.625763][ T3306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.643032][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.650070][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.676116][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.687632][ T3315] team0: Port device team_slave_0 added [ 37.693547][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.700565][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.726564][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.739293][ T3307] hsr_slave_0: entered promiscuous mode [ 37.745411][ T3307] hsr_slave_1: entered promiscuous mode [ 37.751278][ T3307] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 37.758875][ T3307] Cannot create hsr debugfs directory [ 37.780397][ T3315] team0: Port device team_slave_1 added [ 37.799053][ T3306] hsr_slave_0: entered promiscuous mode [ 37.805399][ T3306] hsr_slave_1: entered promiscuous mode [ 37.811489][ T3306] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 37.819155][ T3306] Cannot create hsr debugfs directory [ 37.858868][ T3310] hsr_slave_0: entered promiscuous mode [ 37.864875][ T3310] hsr_slave_1: entered promiscuous mode [ 37.870724][ T3310] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 37.878398][ T3310] Cannot create hsr debugfs directory [ 37.887182][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.894164][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.920286][ T3315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.933736][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.940754][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.966898][ T3315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.045242][ T3315] hsr_slave_0: entered promiscuous mode [ 38.051329][ T3315] hsr_slave_1: entered promiscuous mode [ 38.057285][ T3315] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.064974][ T3315] Cannot create hsr debugfs directory [ 38.164097][ T3305] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 38.181894][ T3305] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 38.190685][ T3305] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 38.201845][ T3305] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 38.232252][ T3307] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 38.241576][ T3307] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 38.250799][ T3307] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 38.262109][ T3307] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 38.289361][ T3306] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.298258][ T3306] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.307455][ T3306] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.327424][ T3306] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 38.349808][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.368903][ T3310] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 38.377923][ T3310] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 38.390803][ T3305] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.404484][ T3310] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 38.414590][ T3310] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 38.425434][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.432522][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.446219][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.453426][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.465361][ T3315] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 38.478089][ T3315] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 38.491221][ T3315] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 38.501222][ T3315] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 38.564173][ T3307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.585976][ T3306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.605463][ T3307] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.620549][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.627724][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.647683][ T3306] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.657913][ T316] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.665080][ T316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.681058][ T316] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.688221][ T316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.705801][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.715065][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.722204][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.732261][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.770853][ T3305] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.779952][ T3315] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.787741][ T3310] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.801613][ T3306] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 38.819261][ T316] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.826432][ T316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.855164][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.862336][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.873575][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.880689][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.889811][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.896891][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.916705][ T3310] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 38.927235][ T3310] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 38.986738][ T3307] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.024100][ T3306] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.080412][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.104106][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.169325][ T3305] veth0_vlan: entered promiscuous mode [ 39.195820][ T3306] veth0_vlan: entered promiscuous mode [ 39.210816][ T3306] veth1_vlan: entered promiscuous mode [ 39.221676][ T3305] veth1_vlan: entered promiscuous mode [ 39.235026][ T3306] veth0_macvtap: entered promiscuous mode [ 39.251238][ T3307] veth0_vlan: entered promiscuous mode [ 39.263953][ T3305] veth0_macvtap: entered promiscuous mode [ 39.272195][ T3306] veth1_macvtap: entered promiscuous mode [ 39.289921][ T3307] veth1_vlan: entered promiscuous mode [ 39.300925][ T3305] veth1_macvtap: entered promiscuous mode [ 39.316578][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.329500][ T3315] veth0_vlan: entered promiscuous mode [ 39.340306][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.351273][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.359408][ T3315] veth1_vlan: entered promiscuous mode [ 39.367981][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.376617][ T3305] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.385459][ T3305] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.394341][ T3305] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.403104][ T3305] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.420883][ T3306] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.429718][ T3306] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.438511][ T3306] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.447263][ T3306] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.458452][ T3307] veth0_macvtap: entered promiscuous mode [ 39.465092][ T3310] veth0_vlan: entered promiscuous mode [ 39.476737][ T3307] veth1_macvtap: entered promiscuous mode [ 39.497710][ T3310] veth1_vlan: entered promiscuous mode [ 39.509186][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.520365][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.544706][ T3315] veth0_macvtap: entered promiscuous mode [ 39.557615][ T3310] veth0_macvtap: entered promiscuous mode [ 39.563879][ T3306] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 39.569017][ T3315] veth1_macvtap: entered promiscuous mode [ 39.590461][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.605835][ T3307] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.614712][ T3307] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.623551][ T3307] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.632445][ T3307] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.651528][ T3310] veth1_macvtap: entered promiscuous mode [ 39.663234][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.667585][ T3478] syz.0.1 uses obsolete (PF_INET,SOCK_PACKET) [ 39.685981][ T3315] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.694923][ T3315] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.703702][ T3315] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.712524][ T3315] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.763626][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.767443][ T3481] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2'. [ 39.781861][ T3481] Zero length message leads to an empty skb [ 39.819851][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.848382][ T3310] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.857264][ T3310] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.866021][ T3310] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.874873][ T3310] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.878504][ T3487] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7'. [ 40.028227][ T29] kauditd_printk_skb: 43 callbacks suppressed [ 40.028244][ T29] audit: type=1326 audit(1752308970.770:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3497 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f799e929 code=0x7ffc0000 [ 40.057613][ T29] audit: type=1326 audit(1752308970.770:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3497 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f799e929 code=0x7ffc0000 [ 40.082693][ T3508] macvlan1: entered promiscuous mode [ 40.089296][ T3508] ipvlan0: entered promiscuous mode [ 40.095830][ T3508] ipvlan0: left promiscuous mode [ 40.101808][ T29] audit: type=1326 audit(1752308970.830:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3497 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7fa8f799e929 code=0x7ffc0000 [ 40.125099][ T29] audit: type=1326 audit(1752308970.830:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3497 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f799e929 code=0x7ffc0000 [ 40.148268][ T29] audit: type=1326 audit(1752308970.830:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3497 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f799e929 code=0x7ffc0000 [ 40.149304][ T3505] netlink: 'syz.3.12': attribute type 1 has an invalid length. [ 40.182866][ T3508] macvlan1: left promiscuous mode [ 40.184822][ T29] audit: type=1400 audit(1752308970.920:120): avc: denied { create } for pid=3503 comm="syz.1.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 40.208440][ T29] audit: type=1400 audit(1752308970.920:121): avc: denied { write } for pid=3503 comm="syz.1.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 40.235651][ T3510] : renamed from bond_slave_0 (while UP) [ 40.289469][ T29] audit: type=1400 audit(1752308971.020:122): avc: denied { create } for pid=3513 comm="syz.3.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 40.362512][ T29] audit: type=1400 audit(1752308971.050:123): avc: denied { setopt } for pid=3513 comm="syz.3.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 40.381829][ T29] audit: type=1400 audit(1752308971.090:124): avc: denied { create } for pid=3516 comm="syz.4.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 40.387748][ T3520] loop1: detected capacity change from 0 to 128 [ 40.428420][ T3525] hub 9-0:1.0: USB hub found [ 40.445406][ T3525] hub 9-0:1.0: 8 ports detected [ 40.460183][ T3528] loop4: detected capacity change from 0 to 1024 [ 40.472055][ T3520] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 40.477645][ T3528] ======================================================= [ 40.477645][ T3528] WARNING: The mand mount option has been deprecated and [ 40.477645][ T3528] and is ignored by this kernel. Remove the mand [ 40.477645][ T3528] option from the mount to silence this warning. [ 40.477645][ T3528] ======================================================= [ 40.480020][ T3520] FAT-fs (loop1): Filesystem has been set read-only [ 40.522112][ T3520] syz.1.18: attempt to access beyond end of device [ 40.522112][ T3520] loop1: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 40.539394][ T3520] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 40.547603][ T3520] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 40.555820][ T3528] EXT4-fs: Ignoring removed nobh option [ 40.561466][ T3528] EXT4-fs: Ignoring removed bh option [ 40.572174][ T3520] syz.1.18: attempt to access beyond end of device [ 40.572174][ T3520] loop1: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 40.599425][ T3533] loop3: detected capacity change from 0 to 1024 [ 40.644109][ T3528] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.661912][ T3533] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.691835][ T3520] syz.1.18 (3520) used greatest stack depth: 10920 bytes left [ 40.720594][ T3533] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt. [ 40.787872][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.821916][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.068472][ T3583] loop3: detected capacity change from 0 to 512 [ 41.100559][ T3583] EXT4-fs error (device loop3): ext4_init_orphan_info:585: comm syz.3.47: inode #0: comm syz.3.47: iget: illegal inode # [ 41.101151][ T3590] netlink: 'syz.2.51': attribute type 3 has an invalid length. [ 41.132861][ T3583] EXT4-fs (loop3): get orphan inode failed [ 41.150892][ T3583] EXT4-fs (loop3): mount failed [ 41.259693][ T3606] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 41.359376][ T3608] loop2: detected capacity change from 0 to 8192 [ 41.367901][ T3617] loop0: detected capacity change from 0 to 128 [ 41.405673][ T3617] FAT-fs (loop0): Directory bread(block 162) failed [ 41.425545][ T3617] FAT-fs (loop0): Directory bread(block 163) failed [ 41.439252][ T3617] FAT-fs (loop0): Directory bread(block 164) failed [ 41.443241][ T3310] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1) [ 41.453892][ T3310] FAT-fs (loop2): Filesystem has been set read-only [ 41.480003][ T3617] FAT-fs (loop0): Directory bread(block 165) failed [ 41.492591][ T3617] FAT-fs (loop0): Directory bread(block 166) failed [ 41.511990][ T3617] FAT-fs (loop0): Directory bread(block 167) failed [ 41.525641][ T2995] udevd (2995) used greatest stack depth: 10752 bytes left [ 41.550115][ T3617] FAT-fs (loop0): Directory bread(block 168) failed [ 41.556882][ T3617] FAT-fs (loop0): Directory bread(block 169) failed [ 41.569581][ T3617] FAT-fs (loop0): Directory bread(block 162) failed [ 41.576561][ T3617] FAT-fs (loop0): Directory bread(block 163) failed [ 41.584579][ T3617] syz.0.63: attempt to access beyond end of device [ 41.584579][ T3617] loop0: rw=3, sector=226, nr_sectors = 6 limit=128 [ 41.599757][ T3617] syz.0.63: attempt to access beyond end of device [ 41.599757][ T3617] loop0: rw=2051, sector=232, nr_sectors = 2 limit=128 [ 41.723221][ T3672] netlink: 16 bytes leftover after parsing attributes in process `syz.4.78'. [ 41.749759][ T3685] loop0: detected capacity change from 0 to 512 [ 41.789230][ T3700] loop3: detected capacity change from 0 to 512 [ 41.805486][ T3685] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 41.805780][ T3700] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 41.828416][ T3700] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 41.840677][ T3685] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e02c, mo2=0002] [ 41.866881][ T3685] EXT4-fs (loop0): orphan cleanup on readonly fs [ 41.873344][ T3685] EXT4-fs error (device loop0): ext4_orphan_get:1419: comm syz.0.76: bad orphan inode 267 [ 41.892711][ T3700] EXT4-fs (loop3): 1 orphan inode deleted [ 41.898537][ T3700] EXT4-fs (loop3): 1 truncate cleaned up [ 41.904888][ T3685] EXT4-fs (loop0): Remounting filesystem read-only [ 41.918471][ T3700] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.945496][ T3685] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 42.022799][ T3700] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 42.063812][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.079231][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 42.130508][ T3726] loop0: detected capacity change from 0 to 1024 [ 42.143076][ T3726] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 42.251072][ T3726] EXT4-fs error (device loop0): ext4_map_blocks:816: inode #3: block 1: comm syz.0.83: lblock 1 mapped to illegal pblock 1 (length 1) [ 42.269556][ T3726] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.83: Failed to acquire dquot type 0 [ 42.281174][ T3726] EXT4-fs error (device loop0): ext4_free_blocks:6587: comm syz.0.83: Freeing blocks not in datazone - block = 0, count = 4096 [ 42.299768][ T3726] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.83: Invalid inode bitmap blk 0 in block_group 0 [ 42.328421][ T3725] syz.3.82 (3725) used greatest stack depth: 9824 bytes left [ 42.356532][ T3683] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:41: lblock 1 mapped to illegal pblock 1 (length 1) [ 42.386728][ T3683] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u8:41: Failed to release dquot type 0 [ 42.401161][ T3726] EXT4-fs error (device loop0) in ext4_free_inode:361: Corrupt filesystem [ 42.411005][ T3726] EXT4-fs (loop0): 1 orphan inode deleted [ 42.423107][ T3726] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.438687][ T3726] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.513956][ T3736] netlink: 'syz.0.87': attribute type 1 has an invalid length. [ 42.586746][ T3742] loop2: detected capacity change from 0 to 1024 [ 42.619670][ T3742] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.679370][ T3751] pimreg: entered allmulticast mode [ 42.694422][ T3751] pimreg: left allmulticast mode [ 42.696524][ T3742] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt. [ 42.735960][ T3753] netlink: '’': attribute type 1 has an invalid length. [ 42.825499][ T3762] loop1: detected capacity change from 0 to 512 [ 42.834881][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.844841][ T3762] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 42.856077][ T3764] netlink: 28 bytes leftover after parsing attributes in process `syz.0.99'. [ 42.865148][ T3764] netlink: 28 bytes leftover after parsing attributes in process `syz.0.99'. [ 42.876605][ T3764] netlink: 28 bytes leftover after parsing attributes in process `syz.0.99'. [ 42.885564][ T3764] netlink: 28 bytes leftover after parsing attributes in process `syz.0.99'. [ 42.898097][ T3762] EXT4-fs (loop1): failed to initialize system zone (-117) [ 42.914741][ T3762] EXT4-fs (loop1): mount failed [ 42.948007][ T3778] loop4: detected capacity change from 0 to 2048 [ 42.959657][ T3778] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.993023][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.012851][ T3787] sch_tbf: burst 480 is lower than device lo mtu (65550) ! [ 43.034646][ C0] hrtimer: interrupt took 27176 ns [ 43.124081][ T3805] loop1: detected capacity change from 0 to 128 [ 43.137167][ T3387] kernel write not supported for file /sg0 (pid: 3387 comm: kworker/0:3) [ 43.164651][ T3805] syz.1.116: attempt to access beyond end of device [ 43.164651][ T3805] loop1: rw=0, sector=121, nr_sectors = 128 limit=128 [ 43.192828][ T3463] kworker/u8:7: attempt to access beyond end of device [ 43.192828][ T3463] loop1: rw=1, sector=249, nr_sectors = 792 limit=128 [ 43.215308][ T3813] capability: warning: `syz.0.121' uses 32-bit capabilities (legacy support in use) [ 43.243591][ T3813] program syz.0.121 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 43.278638][ T3821] loop4: detected capacity change from 0 to 512 [ 43.285896][ T3821] EXT4-fs (loop4): external journal device major/minor numbers have changed [ 43.323166][ T3821] EXT4-fs (loop4): failed to open journal device unknown-block(11,131) -6 [ 43.323415][ T3826] netlink: 4 bytes leftover after parsing attributes in process `syz.1.126'. [ 43.478292][ T3836] loop1: detected capacity change from 0 to 512 [ 43.510238][ T3836] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.527587][ T3836] ext4 filesystem being mounted at /24/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 43.565476][ T3851] 9pnet_fd: Insufficient options for proto=fd [ 43.594433][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.603593][ T3853] loop2: detected capacity change from 0 to 128 [ 43.805981][ T3868] loop4: detected capacity change from 0 to 8192 [ 43.833383][ T3874] netlink: 'syz.1.146': attribute type 1 has an invalid length. [ 43.847605][ T3868] loop4: p1 p3 p4 [ 43.851874][ T3868] loop4: p1 size 8390912 extends beyond EOD, truncated [ 43.861898][ T3868] loop4: p3 size 589824 extends beyond EOD, truncated [ 43.949807][ T3878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.148'. [ 44.044039][ T3891] netlink: 92 bytes leftover after parsing attributes in process `syz.3.154'. [ 44.649792][ T3955] loop4: detected capacity change from 0 to 512 [ 44.690702][ T3955] EXT4-fs (loop4): too many log groups per flexible block group [ 44.698436][ T3955] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 44.735793][ T3955] EXT4-fs (loop4): mount failed [ 44.859243][ T3988] capability: warning: `syz.0.197' uses deprecated v2 capabilities in a way that may be insecure [ 44.870071][ T3986] IPv6: addrconf: prefix option has invalid lifetime [ 44.904472][ T3991] loop4: detected capacity change from 0 to 1024 [ 44.932572][ T3991] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.037957][ T29] kauditd_printk_skb: 282 callbacks suppressed [ 45.037971][ T29] audit: type=1400 audit(1752308975.780:404): avc: denied { block_suspend } for pid=4003 comm="syz.2.205" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 45.045577][ T3991] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.200: Allocating blocks 497-513 which overlap fs metadata [ 45.085422][ T4007] loop3: detected capacity change from 0 to 512 [ 45.104412][ T4006] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 15: block 321:freeing already freed block (bit 20); block bitmap corrupt. [ 45.133972][ T4007] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.153460][ T4007] ext4 filesystem being mounted at /40/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.194318][ T4013] loop0: detected capacity change from 0 to 512 [ 45.246722][ T4011] loop2: detected capacity change from 0 to 8192 [ 45.255739][ T4013] EXT4-fs (loop0): too many log groups per flexible block group [ 45.263692][ T4013] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 45.271940][ T4013] EXT4-fs (loop0): mount failed [ 45.274149][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.287498][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.296875][ T29] audit: type=1400 audit(1752308976.030:405): avc: denied { setopt } for pid=4016 comm="syz.1.219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 45.316994][ T29] audit: type=1400 audit(1752308976.030:406): avc: denied { connect } for pid=4016 comm="syz.1.219" lport=132 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 45.357425][ T4011] loop2: p1 p3 p4 [ 45.361301][ T4011] loop2: p1 size 8390912 extends beyond EOD, truncated [ 45.362328][ T29] audit: type=1326 audit(1752308976.100:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4022 comm="syz.3.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b651e929 code=0x7ffc0000 [ 45.391787][ T29] audit: type=1326 audit(1752308976.100:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4022 comm="syz.3.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b651e929 code=0x7ffc0000 [ 45.420841][ T4011] loop2: p3 size 589824 extends beyond EOD, truncated [ 45.437272][ T29] audit: type=1326 audit(1752308976.160:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4022 comm="syz.3.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f32b651e929 code=0x7ffc0000 [ 45.460815][ T29] audit: type=1326 audit(1752308976.160:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4022 comm="syz.3.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b651e929 code=0x7ffc0000 [ 45.484417][ T29] audit: type=1326 audit(1752308976.170:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4022 comm="syz.3.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32b651e929 code=0x7ffc0000 [ 45.549628][ T4030] __nla_validate_parse: 1 callbacks suppressed [ 45.549653][ T4030] netlink: 256 bytes leftover after parsing attributes in process `syz.3.214'. [ 45.804911][ T4044] netlink: 'syz.4.221': attribute type 29 has an invalid length. [ 45.813210][ T4044] netlink: 'syz.4.221': attribute type 29 has an invalid length. [ 45.823093][ T4044] netlink: 500 bytes leftover after parsing attributes in process `syz.4.221'. [ 45.832355][ T4044] unsupported nla_type 58 [ 45.861651][ T4048] loop1: detected capacity change from 0 to 1024 [ 45.862029][ T4048] EXT4-fs: Ignoring removed bh option [ 45.863629][ T4048] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 45.918695][ T4048] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.931633][ T29] audit: type=1400 audit(1752308976.660:412): avc: denied { create } for pid=4055 comm="syz.2.226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 45.966982][ T29] audit: type=1400 audit(1752308976.700:413): avc: denied { read } for pid=4055 comm="syz.2.226" path="socket:[6410]" dev="sockfs" ino=6410 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 46.030184][ T4063] loop2: detected capacity change from 0 to 256 [ 46.101156][ T4048] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 46.101228][ T4048] EXT4-fs error (device loop1): ext4_check_all_de:659: inode #12: block 7: comm syz.1.223: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=124 fake=0 [ 46.104072][ T4048] EXT4-fs (loop1): Remounting filesystem read-only [ 46.189544][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.381693][ T4095] loop3: detected capacity change from 0 to 2048 [ 46.431462][ T4095] loop3: p1 < > p4 [ 46.439846][ T4095] loop3: p4 size 8388608 extends beyond EOD, truncated [ 46.447310][ T4103] netlink: 116 bytes leftover after parsing attributes in process `syz.4.247'. [ 46.565581][ T4126] netlink: 60 bytes leftover after parsing attributes in process `syz.3.256'. [ 46.649383][ T4134] bond1: entered promiscuous mode [ 46.654465][ T4134] bond1: entered allmulticast mode [ 46.661339][ T4134] 8021q: adding VLAN 0 to HW filter on device bond1 [ 46.672535][ T4134] bond1 (unregistering): Released all slaves [ 46.690387][ T4137] dummy0: entered promiscuous mode [ 46.695670][ T4137] macsec1: entered promiscuous mode [ 46.703209][ T4137] macsec1: entered allmulticast mode [ 46.708747][ T4137] dummy0: entered allmulticast mode [ 46.715706][ T4137] dummy0: left allmulticast mode [ 46.722021][ T4137] dummy0: left promiscuous mode [ 46.771247][ T4150] netlink: 28 bytes leftover after parsing attributes in process `syz.3.268'. [ 46.780414][ T4150] netlink: 'syz.3.268': attribute type 7 has an invalid length. [ 46.788126][ T4150] netlink: 'syz.3.268': attribute type 8 has an invalid length. [ 46.795757][ T4150] netlink: 4 bytes leftover after parsing attributes in process `syz.3.268'. [ 46.831076][ T4150] gretap0: entered promiscuous mode [ 46.838871][ T4150] batadv_slave_1: entered promiscuous mode [ 46.848174][ T4157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.271'. [ 46.857959][ T4150] erspan0: entered promiscuous mode [ 46.865506][ T4157] veth1_macvtap: left promiscuous mode [ 46.990545][ T4173] netlink: 40 bytes leftover after parsing attributes in process `syz.0.278'. [ 46.999604][ T4173] netlink: 40 bytes leftover after parsing attributes in process `syz.0.278'. [ 47.219007][ T4190] netlink: 'syz.3.286': attribute type 13 has an invalid length. [ 47.229461][ T4190] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 47.240743][ T4190] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 47.248635][ T4190] gretap1: entered promiscuous mode [ 47.253864][ T4190] gretap1: entered allmulticast mode [ 47.591508][ T4234] can0: slcan on ttyS3. [ 47.647025][ T4234] can0 (unregistered): slcan off ttyS3. [ 47.691558][ T4241] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.309'. [ 47.980023][ T4289] SELinux: syz.0.330 (4289) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 48.276609][ T4325] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 48.285540][ T4325] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 48.294413][ T4325] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 48.303197][ T4325] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 48.541027][ T4381] mmap: syz.2.374 (4381) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 48.679780][ T4408] ALSA: seq fatal error: cannot create timer (-19) [ 48.830781][ T4442] SELinux: syz.2.403 (4442) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 49.011540][ T4476] netlink: 'syz.1.420': attribute type 1 has an invalid length. [ 49.019318][ T4476] netlink: 'syz.1.420': attribute type 2 has an invalid length. [ 49.932650][ T4598] ================================================================== [ 49.940829][ T4598] BUG: KCSAN: data-race in shmem_file_splice_read / shmem_file_splice_read [ 49.949445][ T4598] [ 49.951775][ T4598] write to 0xffff8881154a6ee8 of 8 bytes by task 4591 on cpu 0: [ 49.959430][ T4598] shmem_file_splice_read+0x470/0x600 [ 49.964822][ T4598] splice_direct_to_actor+0x26f/0x680 [ 49.970241][ T4598] do_splice_direct+0xda/0x150 [ 49.975048][ T4598] do_sendfile+0x380/0x650 [ 49.979492][ T4598] __x64_sys_sendfile64+0x105/0x150 [ 49.984722][ T4598] x64_sys_call+0xb39/0x2fb0 [ 49.989334][ T4598] do_syscall_64+0xd2/0x200 [ 49.993856][ T4598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 49.999772][ T4598] [ 50.002110][ T4598] write to 0xffff8881154a6ee8 of 8 bytes by task 4598 on cpu 1: [ 50.010022][ T4598] shmem_file_splice_read+0x470/0x600 [ 50.015433][ T4598] splice_direct_to_actor+0x26f/0x680 [ 50.020849][ T4598] do_splice_direct+0xda/0x150 [ 50.025657][ T4598] do_sendfile+0x380/0x650 [ 50.030102][ T4598] __x64_sys_sendfile64+0x105/0x150 [ 50.035336][ T4598] x64_sys_call+0xb39/0x2fb0 [ 50.039960][ T4598] do_syscall_64+0xd2/0x200 [ 50.044488][ T4598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.050408][ T4598] [ 50.052752][ T4598] value changed: 0x0000000000008cbc -> 0x0000000000008cc6 [ 50.059893][ T4598] [ 50.062240][ T4598] Reported by Kernel Concurrency Sanitizer on: [ 50.068518][ T4598] CPU: 1 UID: 0 PID: 4598 Comm: syz.3.474 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(voluntary) [ 50.080887][ T4598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 50.090982][ T4598] ================================================================== [ 50.108919][ T29] kauditd_printk_skb: 830 callbacks suppressed [ 50.108935][ T29] audit: type=1400 audit(1752308980.850:1244): avc: denied { read write } for pid=3305 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 50.228689][ T29] audit: type=1400 audit(1752308980.960:1245): avc: denied { read write } for pid=3310 comm="syz-executor" name="loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 50.255641][ T29] audit: type=1400 audit(1752308980.970:1246): avc: denied { read write } for pid=3307 comm="syz-executor" name="loop1" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 50.520359][ T29] audit: type=1400 audit(1752308981.260:1247): avc: denied { read write } for pid=3315 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0