last executing test programs: 1m50.993382352s ago: executing program 0 (id=273): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r2}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) pwrite64(r0, 0x0, 0x0, 0xfecc) 1m50.953804764s ago: executing program 0 (id=275): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket(0x1e, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000f00000008000300", @ANYRES32=r3, @ANYBLOB="0800320000000000050033"], 0x2c}}, 0x0) 1m50.912686956s ago: executing program 0 (id=279): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0xe0880, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r1, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@rdma_args={0x48, 0x114, 0x1, {{0x3, 0x3}, {0x0}, &(0x7f0000000440)=[{&(0x7f0000000a00)=""/4096, 0x1000}], 0x1, 0x60, 0x4}}], 0x48, 0x8004}, 0x0) 1m50.857661888s ago: executing program 0 (id=282): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x21081e, &(0x7f0000000040)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40000}}, {@minixdf}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x105042, 0x1db) r0 = syz_io_uring_setup(0xbda, &(0x7f0000000080)={0x0, 0x356e, 0x101, 0x1, 0x37a}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x847ba, 0x20, 0xe, 0x0, 0x0) 1m50.624553958s ago: executing program 0 (id=294): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079d}) socketpair(0x1, 0x1, 0x1, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080)) write$cgroup_devices(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e0328004d8c71ef2885634a8270001411"], 0xffdd) 1m50.355676559s ago: executing program 0 (id=306): socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x3, 0x2, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x7}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x34, r0, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0) 1m50.33715069s ago: executing program 32 (id=306): socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x3, 0x2, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x7}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x34, r0, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0) 1m24.20880015s ago: executing program 3 (id=1439): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x18) sync() r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) 1m23.728464151s ago: executing program 5 (id=1475): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1807000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xc0100, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r2, 0x400455c8, 0x0) 1m23.384186255s ago: executing program 3 (id=1482): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ptrace$getregset(0x4204, 0x0, 0x2, 0x0) read(r0, &(0x7f0000000000)=""/43, 0x2b) 1m23.094048788s ago: executing program 3 (id=1492): bpf$PROG_BIND_MAP(0x23, 0x0, 0x0) socketpair(0x1, 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f00000002c0)='sched_kthread_work_queue_work\x00', r0}, 0x10) socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0)) 1m22.997899302s ago: executing program 3 (id=1497): syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x103302) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18020000040000000000000000000000850000004100000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffe1b703000008000000b70400000018000085"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f3}) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 1m22.510319243s ago: executing program 3 (id=1508): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000a80)='kfree\x00', r0}, 0x18) socket$inet_sctp(0x2, 0x5, 0x84) mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000780)='./file0/../file0\x00', 0x0, 0xa06002, 0x0) 1m22.493372934s ago: executing program 3 (id=1509): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) rmdir(&(0x7f0000000040)='./bus\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) 1m21.650582611s ago: executing program 5 (id=1531): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48) openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) r0 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x8a73, 0x100, 0x22, 0x1b7}, &(0x7f0000000300)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x47ba, 0x3000000, 0x0, 0x0, 0x0) 1m21.632016531s ago: executing program 5 (id=1532): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x74a}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f00000003c0)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x30, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50) 1m21.576641984s ago: executing program 5 (id=1535): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000080)={@multicast2, @loopback}, 0x10) 1m21.477353568s ago: executing program 5 (id=1542): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000a80)='kfree\x00', r0}, 0x18) socket$inet_sctp(0x2, 0x5, 0x84) mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000780)='./file0/../file0\x00', 0x0, 0xa06002, 0x0) 1m21.451954419s ago: executing program 5 (id=1544): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x18) lseek(0xffffffffffffffff, 0xffdfffffffffbffc, 0x1) 1m7.707023673s ago: executing program 33 (id=1509): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) rmdir(&(0x7f0000000040)='./bus\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) 1m6.61364392s ago: executing program 34 (id=1544): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x18) lseek(0xffffffffffffffff, 0xffdfffffffffbffc, 0x1) 2.142154917s ago: executing program 4 (id=4530): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000380), &(0x7f00000005c0)=r1}, 0x20) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000048000000160a01000000000000000000010000010900010073797a30000000000900020073797a30000000001c0003800800014000000000080002400000000000000140000000004c020000180a0101000b000000000000010000000900010073797a3000000000e800038008000140000000000800014000000000cc0003801400010069703665727370616e3000000000000014000100776732000000000000000000000000001400010076657468305f6d61637674617000000014000100626f6e645f736c6176655f310000000045000100626f6e645f736c6176655f300000000014000100636169663000000000000000000000001400010070696d726567300000000000000000001400010070696d726567310000000000000000001400010069705f76746930000000000000000000140001007465616d5f736c6176655f30000000ffff000140000000200900020073797a30"], 0x2dc}}, 0x0) 2.0857759s ago: executing program 4 (id=4535): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000000f14010025bd7000fcdb9f25090045"], 0x1c}, 0x1, 0x0, 0x0, 0x4000840}, 0x0) 2.08563666s ago: executing program 4 (id=4536): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sys_enter\x00', r0, 0x0, 0x1000000000000000}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) fchmodat(0xffffffffffffff9c, 0x0, 0xfffffffb) io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0) msgrcv(0x0, 0x0, 0x0, 0x2, 0x3000) 1.552097163s ago: executing program 2 (id=4572): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'lo\x00', 0x0}) r2 = socket$packet(0x11, 0x2, 0x300) bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r1, 0x1, 0x77}, 0x14) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r3, &(0x7f00000009c0)=[{&(0x7f0000000340)=""/107, 0x6b}], 0x1, 0x2f, 0xfffffffe) 1.481489286s ago: executing program 2 (id=4576): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x2003, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x44, 0x2, [@TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0x6}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x1}, @TCA_FQ_CODEL_LIMIT={0x0, 0x2, 0x6}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0x1}, @TCA_FQ_CODEL_INTERVAL={0x4, 0x3, 0x3}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0x3}, @TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0x7}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0xfdab, 0xa, 0xaa}]}}]}, 0x78}}, 0x4000010) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.481269406s ago: executing program 2 (id=4577): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x4042, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x4800, 0x2, 0x2, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="d80000001c0081044e81f782db44b904021d08020e0000008100e0a1180002000000000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)="d80000001c0081054e81f782db44b904021d08040e000000100d10a118000c000600142603600e1208000f0000810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee0800080e408e8d8ef52a98516277ce06ebace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad8099639cace81ed0bffec193e2a9ecbee5de6ccd4d6e4ed6f3d93452a92954b43370e970189", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) 1.434129668s ago: executing program 2 (id=4579): bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=ANY=[@ANYBLOB="0600000004000000be7000005c00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\a'], 0x48) 1.412039159s ago: executing program 2 (id=4581): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x4, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) lchown(&(0x7f0000000000)='.\x00', 0x0, 0x0) 1.278367475s ago: executing program 4 (id=4584): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12) write(r1, &(0x7f0000000a00)="c7885a8f24f458bed7", 0x9) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) 683.54945ms ago: executing program 1 (id=4592): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x81, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1, 0x0, 0x8000000000}, 0x18) r2 = socket$pptp(0x18, 0x1, 0x2) close_range(r2, 0xffffffffffffffff, 0x0) 658.090322ms ago: executing program 1 (id=4593): bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=ANY=[@ANYBLOB="0600000004000000be7000005c00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\a'], 0x48) 598.643214ms ago: executing program 2 (id=4595): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x8, 0x4) recvmmsg(r0, &(0x7f0000003040)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)=""/17, 0x11}, 0x9f8}], 0x1, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 598.092334ms ago: executing program 6 (id=4596): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000068000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000212c0011800a0001006c696d69740000001c0002800c00024000000000000000030c0001400000000200000101480000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000001c0003800c00008008000340000000020c"], 0xf8}}, 0x0) 545.360816ms ago: executing program 1 (id=4597): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000440)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x6, 0x0, 0x2}]}, 0x10) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000040)={0x6, 0x43, 0x8, 0x4, 0x3, 0x6, 0x2, 0x6, 0x3, 0xfd, 0xd3, 0x19, 0x6, 0x36}, 0xe) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd"], 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) 465.22442ms ago: executing program 6 (id=4608): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xf, &(0x7f0000000000)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x18) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r2}, 0x10) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) 434.153231ms ago: executing program 7 (id=4599): unshare(0x6a040000) socket$inet6_tcp(0xa, 0x1, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x101040, 0x0) r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000140)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f2000bd2dca8a9848a3c728f1c46b7b31afdc1338d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade", 0x55}], 0x1}, 0x0) write(r0, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000003100f000ee1000c08000b0000000000", 0x24) 364.884084ms ago: executing program 4 (id=4600): syz_mount_image$iso9660(&(0x7f0000000fc0), &(0x7f0000000000)='./file1\x00', 0x218848, &(0x7f0000000d80)=ANY=[], 0x23, 0x7f3, &(0x7f0000001800)="$eJzs3U9oHOfZAPBnFMmWFfAX8n3kM8ZxxnZKbeoqu1KiVOSQbFYjeRJpV+yuik0pSYhtMJaTEBPS+NDEl6QtLaWnHtNcQy6FHgo9lPbQFgqF5tBLD4VATiWFFkpLCajM7K71x1pJTmQrTX8/Yb2z7z7zzjOzo3l21ruzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+pVKrJwYhYOpsOVp9pNRe2uL8/3s/XNVssNyIp/sXoaBzqdh36v9W77yt+HY8j3VtHYrRoRuPa3ffd89j/Dg/1598ioU/q2A7jkog3iqQuPzcUcTsSuYO+87NbnuWfK8XvuayRt5v5Qm0uS/N2M52emqo8dGa2nc7m81n7XLuTLaT1VlbrNFvpyfqptDo9PZlm4+eaS425mdp81u989MsTlcpU+tT4YlZrtZuNh54ab9fP5PPzeWOujJmovBpFzKPFjvh03kk7WW0hTS9eWr4wuV2qRVB1Xc/+dY/XkQfv+fCVD/526UKxQw4aJOntmBPV6sREdeqR6UcerVSGJyoT6zsqG8SNiBiKKCJuy07LZ92B1YPE7h284VMa6tb/iPnIoxFLcTbSSGOo/L36MxKjMROtaMZCcfsPIxvuv6n+f+Ghv/xuq+WW9futoqiP3qjyh1bvPhxl/T/avXV0QP0vDsob89jZz4FbnePKbyPe62aztv9qvBbX4nI8F8uxHBfi5U+Yzx37Gdph3Gj/kdg6bi6yaEQe7WhGHgtRK3vSXk8a0zEVU1GJZ+JMzEY70piNPOYji3aci3Z0Iiv3qHq0IotadKIZrUjjZNTjVKRRjemYjslII4vxOBfNWIpGzMVM1MpRLsalcrtPbsjrvm8+m7zx+w/fLqZvBFW3WJGkeDJXBP11Xff6/aRXzB+IHdX/A70tuD4iiXR4j2sRu6r/p7LT+F04asPuWCnr//BepwEAAADcRkn56nsSESNxfzk1m89nX9vrtAAAAIBdVL6v+UjRjBRT90dSnP9XNol8/47nBgAAAOyOpPyMXRIRY/FAd6r/canNXgQAAAAA/gOV//9/tGjGIl4vO5z/AwAAwOfMtwZdY/+Dfb1r7LcX9yd39aIXzz6YXKkVU7Urvb5e89UbI3ZmDycHe4OUzdTwtbuTiBiuZ0eS/tUvP97fbT8qRzi8egHCQdf6T1qtkeT64ARi6wTKW/HdONaNOXa+257v39NdythsPp+N15vzj1WT3osjnVdeuPSNiGLp324sHEzi4qXlC+PPv7h8vszlejHK9Su9y8Mnt5DLSm8LxP2br/FI+UGM3nLHusutrF3/oe7sQ1svM1m7zDfjeDfm+Fi3HVu//qPFMqvjj1WjVjs41MnOdl5ZWbP2vSyqn3LN34wT3ZgTJ090m02ymFiXxQs3ZzGxNoudbYstsyj0s3j72Otn//6rZpJNbpfF5KfMAmCvXCyv+rNahQ6UVehfK11F/d9Qd/tXNd/0KPfFn/SOoRuOchdXn2X0519T64Zjd6r7m3GyDPnFye7zieHD6+rKE2VdqWxyRH/p0ku/7h3RH373hz/6+tHf/Hi1um04Rj/RfVYwOIt341Q3stfEvb+8qboVQ1TLLfu9DVX1nWKOdwZW1fb8RDISESv/c+Pu8nGKiInJqcrDlcojEzFSPlXoNYMz3b/zvQSAz5ttv2NnB9/C8/DmZ9XRr3j33nhLwXg8Hy/GcpyP0+WnDSLigc1HHVvzNoTT25y1jq35hpfT25xbrsZObIzdfyKJAbGTa7bY//+gbP5x+x4TALjdjm9Th3dS/0/3zrtj8/PuDbX8VPeLc/tnxzG4lm/mK7d7gwDAf4Gs9VEy1nkrabXyxWeq09PVWudMlraa9afTVj4zl6V5o5O16mdqjbksXWw1O816/wXxmaydtpcWF5sfd9LZZitdbLbzs+U3v6e9r35vZwu1xqtRby/OZ7V2ltabjU6t3kln8nY9XVx6cj5vn8la5cztxayez+b1WidvNtJ2c6lVz8bTtJ1lawLzmazRyWfzYrKRLrbyhVrrekTMLy1k6UzWrrfyxU6zO2B/WXljttlaqA1Y/T/fwU0NAJ8ZV1+7dvm55eULL6+fWEk29mw+8ccdxFyNWNnr1QQA1lhbpQEAAAAAAAAAAAAAgM+mmz+uV/Ru+5G+tRMjcQvBGyb2xyeZ6/M78aX3ug/Lbgy4yTj7tpzrrtWeA+se0329nWXvt88tTzz7+OOXB8U8+fqhM3/KIrYfZ/O/lKt337T3xlsHI/b99Pvdnifu1Jq+H921iOFbmn0l2SJmzw5JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDQvwMAAP//wexOyQ==") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) open$dir(&(0x7f00000003c0)='./file1\x00', 0x48100, 0x106) 363.112304ms ago: executing program 6 (id=4611): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x80, 0x2c, 0xd27, 0x70bd23, 0x2, {0x0, 0x0, 0x0, r2, {0x0, 0x2400}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4c, 0x2, [@TCA_BPF_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x8, 0x0, 0x5, 0xb, 0xfffff900, {0x3, 0x0, 0x10, 0x1390, 0x200}, {0x3, 0x2, 0x0, 0x1, 0x7, 0x7}, 0x9, 0xf9, 0x3}}]}, @TCA_BPF_FD={0x8}]}}, @TCA_RATE={0x6, 0x5, {0xff, 0xff}}]}, 0x80}, 0x1, 0x0, 0x0, 0x440}, 0x0) 328.363556ms ago: executing program 4 (id=4601): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f0000000000)={0x5, 0x0, 0x4000000000000004, 0x4, 0xfffffffffffffffb, 0x7, 0xfffffffffffffffa, 0x2002}, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4205, r0, 0x1, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78}) 274.873588ms ago: executing program 6 (id=4602): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x69, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r2, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) bpf$LINK_DETACH(0x22, &(0x7f0000000100)=r3, 0x4) 274.330408ms ago: executing program 1 (id=4614): r0 = socket$netlink(0x10, 0x3, 0xb) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2bfffdffd}, 0xc) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r2}, 0x18) close(r0) 257.398049ms ago: executing program 7 (id=4603): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a58000000060a010400000000000000000a0000010900010073797a31000000002c0004802800018007000100637400001c0002800500030001000000080002400000001108000440000000150900020073797a32"], 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) 241.24435ms ago: executing program 1 (id=4604): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000005a0000008500000022000000180100002020702500000000002020200100000000000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0, 0x0, 0x6}, 0x18) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$AUTOFS_IOC_FAIL(r1, 0x4c80, 0xffffffffffffffb6) 231.60619ms ago: executing program 6 (id=4605): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1064, 0x80, 0x200003, 0x1af}, &(0x7f00000001c0)=0x0, &(0x7f00000002c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x2, 0x1, 0xffffffffffffffff, 0x0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000200)=[{0x0}, {0x0}], 0x2}, 0x0, 0x3, 0x0, {0x2}}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r1, 0x20047f8, 0x4000, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) 228.27362ms ago: executing program 7 (id=4606): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'lo\x00', 0x0}) r2 = socket$packet(0x11, 0x2, 0x300) bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r1, 0x1, 0x77}, 0x14) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r3, &(0x7f00000009c0)=[{&(0x7f0000000340)=""/107, 0x6b}], 0x1, 0x2f, 0xfffffffe) 194.558712ms ago: executing program 7 (id=4607): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040)={[{@grpquota}]}, 0x1, 0xbaf, &(0x7f0000002f00)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5mm6cwcE38/eHPe97wn8zxPTmfOe2BOA/jHms5+pBGHIuJsEjFZ359GxFC1NxKxWTvu/t3L81lLolJ5+7ckkoi4d/fyfOO1kvp2vD4YiYibryXx749a466ubyzPlcullfr46Nr5S0dX1zdeWTo/d650rnThxOyrJ2ZPzs52sdbbl9774pkf3nj+6vWPZ978/MB3SZyOifpccx3dMh3TW3+TZoWImOt2sJwM1OtprjMp5JgQAAAdpU1ruP/GZAzEw8XbZHz7Y67JAQAAAF1RGYioAAAAAPtc4v4fAAAA9rnG9wDu3b0832j5fiOhv+6ciYipWv2N55trM4XYrG5HYjAixn5Povmx1qT2a09tOov09felrEWPnkPuZPNKRPx/u/OfVOufqj7F3Vp/GhEzXYg//ch4L9V/ugvxn6z+4S5EBICIG2dqF7LW61+6tf6Jba5/hW2uXbuR9/W/sf6737L+e1j/QJv131s7jHH4wUs32801r//e/eTnhSx+tn2qop7AnSsRhwvb1Z9s1Z+0qf/sDmOMz9++1m4uqz+rt9H6XX/lesSR6mqutf6GpNP/T3R0calcmqn93Ob11092jt98/rOWxW/cC/RDdv7HYnfn/9IOY0z979dD7eYeX3/6y1DyTrU3VN/z4dza2sqxiKHk9db9xzvn0jim8RpZ/S8+1/n9v1392WfCZv3vkP3ruVLfZuOrj8QcP3L8q93X31tZ/Qu7PP+f7jDGl99ce7/dXN71AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALA3pBExEUla3OqnabEYMR4R/4mxtHxxde3lxYsfXFjI5iKmYjBdXCqXZiJisjZOsvGxav/h+Pgj49mIOBgRn02OVsfF+YvlhbyLBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMt4RExEkhYjIo2IPybTtFjMOysAAACg66byTgAAAADoOff/AAAAsP+13P8X/jIa6WcuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7EsHn71xK4mIzVOj1ZYZqs8N5poZ0Gvpzg4b63UeQP8N5J0AkJtCU79SqVRyTAXoM/f4QPKY+ZG2M8NdzwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv68XDt24lUTE5qnRassM1ecGc80M6LU07wSA3Ax0mkweuwPYwwp5JwDkxj0+UFvZP6jUtM6PtP3N4aeOCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDeMVFtSVqMiLTaT9NiMeJfETEVg8niUrk0ExEHIuKnycHhbHws76QBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoutX1jeW5crm0oqOj08XOaPQt1mj9zdzmmOH2Ux06OX8wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQi9X1jeW5crm0spp3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDeVtc3lufK5dJKDzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+DAAA///6CAm5") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f0000000200), &(0x7f0000000340)=r1}, 0x20) lchown(&(0x7f0000000080)='./file1\x00', 0xee01, 0xee00) 182.565892ms ago: executing program 1 (id=4609): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r0, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x3a}, 0x60) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000280)={0x0, 0xec25, 0x400, 0x3, 0x40000330}, &(0x7f00000006c0)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xfffffe62}], 0x1}) io_uring_enter(r1, 0x47ba, 0x0, 0x28, 0x0, 0x0) 44.232838ms ago: executing program 7 (id=4610): capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb, 0x3}) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r0, 0x0, 0x0, 0x404c802, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000000000)="660b8fcf", 0x4, 0x24044084, 0x0, 0x0) 19.851549ms ago: executing program 7 (id=4612): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12) write(r1, &(0x7f0000000a00)="c7885a8f24f458bed7", 0x9) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) 0s ago: executing program 6 (id=4613): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x7, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000001000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000380)='kmem_cache_free\x00', r1}, 0x18) r2 = open(&(0x7f0000000140)='./bus\x00', 0x143bc2, 0x1c0) fcntl$setlease(r2, 0x400, 0x1) lsetxattr$security_selinux(&(0x7f00000001c0)='./bus\x00', &(0x7f0000000200), &(0x7f0000000180)='system_u:object_r:systemd_systemctl_exec_t:s0\x00', 0x2e, 0x0) kernel console output (not intermixed with test programs): tover after parsing attributes in process `syz.4.1858'. [ 83.432077][ T7771] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1858'. [ 83.441766][ T7771] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1858'. [ 83.453826][ T7772] netlink: 'syz.1.1857': attribute type 30 has an invalid length. [ 83.477396][ T3349] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.518197][ T3349] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.531500][ T7627] hsr_slave_0: entered promiscuous mode [ 83.539406][ T7627] hsr_slave_1: entered promiscuous mode [ 83.546238][ T7627] debugfs: 'hsr0' already exists in 'hsr' [ 83.551965][ T7627] Cannot create hsr debugfs directory [ 83.557924][ T411] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.604436][ T411] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.720848][ T7627] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 83.729825][ T7627] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 83.748467][ T7627] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 83.763186][ T7627] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 83.855002][ T7627] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.867923][ T7627] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.878456][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.885543][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.912547][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.919641][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.996225][ T3402] Process accounting resumed [ 84.026818][ T7833] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 84.040943][ T7627] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.182012][ T7627] veth0_vlan: entered promiscuous mode [ 84.192599][ T7627] veth1_vlan: entered promiscuous mode [ 84.213755][ T7627] veth0_macvtap: entered promiscuous mode [ 84.221872][ T7627] veth1_macvtap: entered promiscuous mode [ 84.233137][ T7627] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.244018][ T7627] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.254156][ T411] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.270902][ T411] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.280308][ T411] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.289461][ T411] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.511207][ T7902] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1905'. [ 84.668210][ T7916] lo speed is unknown, defaulting to 1000 [ 84.863019][ T7929] netlink: 264 bytes leftover after parsing attributes in process `syz.1.1918'. [ 84.928683][ T7934] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.1920'. [ 85.143891][ T7958] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1930'. [ 85.209249][ T411] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 85.218349][ T411] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 85.237252][ T411] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 85.246740][ T411] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 85.270460][ T7969] netlink: 'syz.2.1935': attribute type 13 has an invalid length. [ 85.280945][ T7973] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.302986][ T7969] gretap0: refused to change device tx_queue_len [ 85.307119][ T7977] netlink: 'syz.4.1939': attribute type 1 has an invalid length. [ 85.309425][ T7969] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 85.408685][ T7987] netlink: 'syz.6.1944': attribute type 8 has an invalid length. [ 85.433176][ T7995] netlink: 'syz.6.1947': attribute type 1 has an invalid length. [ 85.739832][ T29] kauditd_printk_skb: 217 callbacks suppressed [ 85.739844][ T29] audit: type=1326 audit(1763663756.005:3597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8013 comm="syz.6.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 85.804634][ T29] audit: type=1326 audit(1763663756.005:3598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8013 comm="syz.6.1956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 85.882822][ T29] audit: type=1400 audit(1763663756.162:3599): avc: denied { block_suspend } for pid=8027 comm="syz.4.1963" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 85.935788][ T8032] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=8032 comm=syz.4.1965 [ 85.945470][ T29] audit: type=1400 audit(1763663756.215:3600): avc: denied { getopt } for pid=8022 comm="syz.2.1957" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 86.083198][ T29] audit: type=1400 audit(1763663756.372:3601): avc: denied { create } for pid=8045 comm="syz.1.1971" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 86.134119][ T29] audit: type=1400 audit(1763663756.372:3602): avc: denied { listen } for pid=8045 comm="syz.1.1971" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 86.170607][ T29] audit: type=1400 audit(1763663756.456:3603): avc: denied { relabelfrom } for pid=8049 comm="syz.6.1973" name="NETLINK" dev="sockfs" ino=20254 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 86.195336][ T29] audit: type=1400 audit(1763663756.456:3604): avc: denied { relabelto } for pid=8049 comm="syz.6.1973" name="NETLINK" dev="sockfs" ino=20254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_netfilter_socket permissive=1 [ 86.306347][ T29] audit: type=1400 audit(1763663756.603:3605): avc: denied { create } for pid=8065 comm="syz.6.1981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 86.357795][ T8076] loop6: detected capacity change from 0 to 2048 [ 86.365094][ T29] audit: type=1400 audit(1763663756.635:3606): avc: denied { write } for pid=8065 comm="syz.6.1981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 86.400764][ T8076] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.457596][ T7559] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.517823][ T7973] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.545410][ T8098] Falling back ldisc for ttyS3. [ 87.394939][ T8150] __nla_validate_parse: 14 callbacks suppressed [ 87.394957][ T8150] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2018'. [ 87.796073][ T7973] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.863962][ T7973] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.921453][ T52] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.940858][ T52] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.953117][ T52] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.971863][ T52] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.502494][ T8225] vhci_hcd: invalid port number 96 [ 88.507736][ T8225] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 88.693467][ T8246] loop6: detected capacity change from 0 to 8192 [ 88.701898][ T8246] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 88.759389][ T8258] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2067'. [ 88.770164][ T8262] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2068'. [ 88.832112][ T8274] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2075'. [ 88.932678][ T8293] lo speed is unknown, defaulting to 1000 [ 89.006631][ T8305] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8305 comm=syz.6.2087 [ 89.161992][ T9] hid_parser_main: 8 callbacks suppressed [ 89.162008][ T9] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 89.179796][ T9] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 89.187237][ T9] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 89.194748][ T9] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 89.202293][ T9] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 89.209718][ T9] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 89.211500][ T8321] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2093'. [ 89.217148][ T9] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 89.234310][ T9] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 89.242084][ T9] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 89.249577][ T9] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 89.258592][ T9] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz0] on syz1 [ 89.369013][ T8336] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2101'. [ 89.378431][ T8336] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2101'. [ 89.576428][ T8347] loop6: detected capacity change from 0 to 1024 [ 89.583552][ T8347] EXT4-fs: Ignoring removed orlov option [ 89.590611][ T8347] EXT4-fs (loop6): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 89.623712][ T8347] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.656126][ T7559] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.256034][ T8396] xt_CT: You must specify a L4 protocol and not use inversions on it [ 90.337603][ T8408] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2131'. [ 90.396735][ T8415] veth0_vlan: entered allmulticast mode [ 90.402726][ T3395] hid-generic 0003:0004:0000.0008: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 90.419248][ T8418] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2136'. [ 90.428314][ T8418] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2136'. [ 90.437730][ T8415] ÿÿÿÿÿÿ: renamed from vlan1 [ 90.536364][ T8432] IPVS: Unknown mcast interface: hsr0 [ 90.614547][ T8444] netlink: 'syz.2.2145': attribute type 1 has an invalid length. [ 90.627590][ T29] kauditd_printk_skb: 172 callbacks suppressed [ 90.627676][ T29] audit: type=1326 audit(1763664017.136:3779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8447 comm="syz.4.2149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 90.657549][ T29] audit: type=1326 audit(1763664017.167:3780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8447 comm="syz.4.2149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 90.681034][ T29] audit: type=1326 audit(1763664017.167:3781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8447 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 90.703867][ T29] audit: type=1326 audit(1763664017.167:3782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8447 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 90.727537][ T29] audit: type=1326 audit(1763664017.251:3783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8447 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 90.750462][ T29] audit: type=1326 audit(1763664017.251:3784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8447 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 90.773287][ T29] audit: type=1326 audit(1763664017.251:3785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8447 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 90.796782][ T29] audit: type=1326 audit(1763664017.251:3786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8447 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 90.818057][ T8451] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 90.819778][ T29] audit: type=1326 audit(1763664017.314:3787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8447 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 90.849792][ T29] audit: type=1326 audit(1763664017.314:3788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8447 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 90.902865][ T8460] program syz.1.2155 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 91.070172][ T8476] loop6: detected capacity change from 0 to 1024 [ 91.100889][ T8476] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 91.113572][ T8476] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.131217][ T8476] EXT4-fs error (device loop6): ext4_map_blocks:814: inode #15: comm syz.6.2163: lblock 0 mapped to illegal pblock 0 (length 6) [ 91.147891][ T8476] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 91.160269][ T8476] EXT4-fs (loop6): This should not happen!! Data will be lost [ 91.160269][ T8476] [ 91.170782][ T8476] EXT4-fs error (device loop6): ext4_map_blocks:814: inode #15: block 7: comm syz.6.2163: lblock 7 mapped to illegal pblock 7 (length 9) [ 91.185627][ T8476] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 7 with max blocks 9 with error 117 [ 91.198194][ T8476] EXT4-fs (loop6): This should not happen!! Data will be lost [ 91.198194][ T8476] [ 91.222042][ T58] EXT4-fs error (device loop6): ext4_validate_block_bitmap:432: comm kworker/u8:4: bg 0: block 3: invalid block bitmap [ 91.234916][ T58] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 32 with max blocks 1 with error 117 [ 91.239437][ T8487] usb usb5: usbfs: process 8487 (syz.1.2166) did not claim interface 0 before use [ 91.247450][ T58] EXT4-fs (loop6): This should not happen!! Data will be lost [ 91.247450][ T58] [ 91.250477][ T7559] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 91.408921][ T8511] sd 0:0:1:0: device reset [ 91.635979][ T8562] syzkaller0: entered promiscuous mode [ 91.641561][ T8562] syzkaller0: entered allmulticast mode [ 91.697769][ T8576] SELinux: Context system_u:object_r:systemd_passwd_agent_exec_t:s0 is not valid (left unmapped). [ 92.013121][ T8612] loop6: detected capacity change from 0 to 8192 [ 92.021412][ T8612] syz.6.2225: attempt to access beyond end of device [ 92.021412][ T8612] loop6: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 92.040451][ T8612] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1) [ 92.048382][ T8612] FAT-fs (loop6): Filesystem has been set read-only [ 92.059288][ T8612] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1) [ 92.067427][ T8612] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1) [ 92.114958][ T8614] netlink: 'syz.6.2226': attribute type 10 has an invalid length. [ 92.176832][ T8624] __nla_validate_parse: 2 callbacks suppressed [ 92.176846][ T8624] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2231'. [ 92.212344][ T8627] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2232'. [ 92.233940][ T8627] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2232'. [ 92.233976][ T3349] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.255400][ T3349] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.265778][ T3349] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.277752][ T3349] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.021166][ T8738] netlink: 'syz.4.2282': attribute type 7 has an invalid length. [ 93.041519][ T8738] netlink: 'syz.4.2282': attribute type 7 has an invalid length. [ 93.049366][ T52] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.060816][ T52] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.081939][ T8740] netlink: 'syz.7.2283': attribute type 3 has an invalid length. [ 93.083257][ T52] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.099106][ T52] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.210556][ T8752] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 93.218839][ T8752] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 93.308489][ T8762] bond0: (slave vlan2): Error -34 calling dev_set_mtu [ 93.452756][ T8784] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2304'. [ 93.510799][ T8792] IPVS: Unknown mcast interface: hsr0 [ 93.807311][ T8833] loop7: detected capacity change from 0 to 512 [ 93.829808][ T8836] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0 [ 93.840223][ T8830] IPVS: stopping master sync thread 8836 ... [ 93.858897][ T8833] EXT4-fs (loop7): too many log groups per flexible block group [ 93.873760][ T8833] EXT4-fs (loop7): failed to initialize mballoc (-12) [ 93.880916][ T8833] EXT4-fs (loop7): mount failed [ 93.994617][ T8854] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2336'. [ 94.004879][ T8854] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2336'. [ 94.048736][ T8862] netlink: 'syz.7.2339': attribute type 3 has an invalid length. [ 94.056604][ T8862] netlink: 'syz.7.2339': attribute type 4 has an invalid length. [ 94.064701][ T8862] netlink: 9067 bytes leftover after parsing attributes in process `syz.7.2339'. [ 94.116189][ T8872] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0 [ 94.126058][ T8870] IPVS: stopping master sync thread 8872 ... [ 94.300726][ T8898] loop6: detected capacity change from 0 to 512 [ 94.319165][ T8898] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.334859][ T8898] ext4 filesystem being mounted at /114/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.355240][ T8898] SELinux: Context @ is not valid (left unmapped). [ 94.377235][ T7559] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.440425][ T8915] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0 [ 94.449873][ T8912] IPVS: stopping master sync thread 8915 ... [ 94.602000][ T8946] netlink: 'syz.6.2376': attribute type 30 has an invalid length. [ 94.748247][ T8970] syzkaller0: entered promiscuous mode [ 94.753759][ T8970] syzkaller0: entered allmulticast mode [ 94.765844][ T8973] loop7: detected capacity change from 0 to 4096 [ 94.774361][ T8973] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.804411][ T7627] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.865326][ T8983] netlink: 'syz.7.2395': attribute type 30 has an invalid length. [ 94.900410][ T8991] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2399'. [ 94.955915][ T8999] netlink: 'syz.1.2402': attribute type 1 has an invalid length. [ 94.976370][ T1061] Process accounting resumed [ 95.172792][ T9023] loop7: detected capacity change from 0 to 2048 [ 95.191074][ T9023] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 95.251815][ T7627] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.447666][ T9063] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2432'. [ 95.577968][ T29] kauditd_printk_skb: 476 callbacks suppressed [ 95.577982][ T29] audit: type=1326 audit(1763664022.343:4265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9079 comm="syz.4.2439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 95.611587][ T29] audit: type=1326 audit(1763664022.364:4266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9079 comm="syz.4.2439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 95.635129][ T29] audit: type=1326 audit(1763664022.364:4267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9079 comm="syz.4.2439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 95.658528][ T29] audit: type=1326 audit(1763664022.364:4268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9079 comm="syz.4.2439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 95.706872][ T29] audit: type=1326 audit(1763664022.469:4269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9086 comm="syz.4.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 95.730429][ T29] audit: type=1326 audit(1763664022.469:4270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9086 comm="syz.4.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=263 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 95.756982][ T29] audit: type=1326 audit(1763664022.479:4271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9086 comm="syz.4.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 95.780467][ T29] audit: type=1326 audit(1763664022.500:4272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9086 comm="syz.4.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 95.822751][ T9094] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2445'. [ 95.834978][ T29] audit: type=1400 audit(1763664022.605:4273): avc: denied { setopt } for pid=9097 comm="syz.1.2447" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 95.918549][ T9108] lo speed is unknown, defaulting to 1000 [ 96.217501][ T29] audit: type=1326 audit(1763664023.004:4274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9115 comm="syz.2.2465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4082def749 code=0x7ffc0000 [ 96.499538][ T9149] netlink: 'syz.4.2469': attribute type 1 has an invalid length. [ 96.522697][ T9149] bond1: entered promiscuous mode [ 96.528250][ T9149] 8021q: adding VLAN 0 to HW filter on device bond1 [ 96.531038][ T9150] loop6: detected capacity change from 0 to 8192 [ 96.548548][ T9149] 8021q: adding VLAN 0 to HW filter on device bond1 [ 96.555940][ T9149] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 96.566134][ T9149] bond1: (slave vxcan3): Setting fail_over_mac to active for active-backup mode [ 96.620552][ T9149] bond1: (slave vxcan3): making interface the new active one [ 96.628060][ T9149] vxcan3: entered promiscuous mode [ 96.655836][ T9149] bond1: (slave vxcan3): Enslaving as an active interface with an up link [ 97.136933][ T9218] lo speed is unknown, defaulting to 1000 [ 97.260111][ T9224] netlink: 'syz.1.2503': attribute type 12 has an invalid length. [ 97.376473][ T9238] __nla_validate_parse: 10 callbacks suppressed [ 97.376490][ T9238] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2510'. [ 97.391888][ T9238] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2510'. [ 97.458188][ T9246] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2514'. [ 97.467610][ T9246] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2514'. [ 97.474311][ T9249] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2525'. [ 97.521090][ T9252] Falling back ldisc for ttyS3. [ 97.588841][ T9268] loop6: detected capacity change from 0 to 128 [ 97.600769][ T9268] syz.6.2523: attempt to access beyond end of device [ 97.600769][ T9268] loop6: rw=2049, sector=138, nr_sectors = 8 limit=128 [ 97.614932][ T9268] syz.6.2523: attempt to access beyond end of device [ 97.614932][ T9268] loop6: rw=2049, sector=146, nr_sectors = 6 limit=128 [ 97.629374][ T9268] syz.6.2523: attempt to access beyond end of device [ 97.629374][ T9268] loop6: rw=2049, sector=150, nr_sectors = 2 limit=128 [ 97.642927][ T9268] buffer_io_error: 46 callbacks suppressed [ 97.642942][ T9268] Buffer I/O error on dev loop6, logical block 75, lost async page write [ 97.656005][ T9277] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2527'. [ 97.658785][ T9268] syz.6.2523: attempt to access beyond end of device [ 97.658785][ T9268] loop6: rw=2049, sector=152, nr_sectors = 2 limit=128 [ 97.679779][ T9268] Buffer I/O error on dev loop6, logical block 76, lost async page write [ 97.689048][ T9268] syz.6.2523: attempt to access beyond end of device [ 97.689048][ T9268] loop6: rw=2049, sector=170, nr_sectors = 6 limit=128 [ 97.690544][ T9276] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2529'. [ 97.702920][ T9268] syz.6.2523: attempt to access beyond end of device [ 97.702920][ T9268] loop6: rw=2049, sector=174, nr_sectors = 2 limit=128 [ 97.725024][ T9268] Buffer I/O error on dev loop6, logical block 87, lost async page write [ 97.733492][ T9268] syz.6.2523: attempt to access beyond end of device [ 97.733492][ T9268] loop6: rw=2049, sector=176, nr_sectors = 2 limit=128 [ 97.746937][ T9268] Buffer I/O error on dev loop6, logical block 88, lost async page write [ 97.769974][ T9268] syz.6.2523: attempt to access beyond end of device [ 97.769974][ T9268] loop6: rw=2049, sector=178, nr_sectors = 6 limit=128 [ 97.803219][ T9268] syz.6.2523: attempt to access beyond end of device [ 97.803219][ T9268] loop6: rw=2049, sector=182, nr_sectors = 2 limit=128 [ 97.816686][ T9268] Buffer I/O error on dev loop6, logical block 91, lost async page write [ 97.838862][ T9268] syz.6.2523: attempt to access beyond end of device [ 97.838862][ T9268] loop6: rw=2049, sector=184, nr_sectors = 2 limit=128 [ 97.852310][ T9268] Buffer I/O error on dev loop6, logical block 92, lost async page write [ 97.873236][ T9268] Buffer I/O error on dev loop6, logical block 103, lost async page write [ 97.881964][ T9268] Buffer I/O error on dev loop6, logical block 104, lost async page write [ 97.897981][ T9268] Buffer I/O error on dev loop6, logical block 107, lost async page write [ 97.919691][ T9268] Buffer I/O error on dev loop6, logical block 108, lost async page write [ 98.169016][ T9315] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2546'. [ 99.069962][ T9357] 9pnet: Could not find request transport: f [ 99.140011][ T9372] lo speed is unknown, defaulting to 1000 [ 99.239296][ T9383] vhci_hcd: invalid port number 96 [ 99.244507][ T9383] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 99.678980][ T9431] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 99.689397][ T9431] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.701597][ T9434] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9434 comm=syz.1.2602 [ 99.736648][ T9436] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 99.824920][ T9442] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 99.882656][ T9431] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 99.893107][ T9431] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.905476][ T9448] batman_adv: batadv0: Adding interface: dummy0 [ 99.911786][ T9448] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 99.938231][ T9448] batman_adv: batadv0: Interface activated: dummy0 [ 99.947683][ T9451] batadv0: mtu less than device minimum [ 99.953733][ T9451] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 99.964581][ T9451] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 99.975353][ T9451] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 99.986303][ T9451] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 99.997086][ T9451] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 100.007924][ T9451] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 100.018659][ T9451] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 100.029347][ T9451] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 100.040159][ T9451] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 100.115773][ T9431] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 100.126206][ T9431] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.217564][ T9431] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 100.228002][ T9431] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.268884][ T9478] netlink: 172 bytes leftover after parsing attributes in process `syz.7.2623'. [ 100.292906][ T9480] loop7: detected capacity change from 0 to 1024 [ 100.299662][ T9480] EXT4-fs: Ignoring removed orlov option [ 100.305637][ T9480] EXT4-fs (loop7): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 100.321997][ T52] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.328122][ T9480] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.330237][ T52] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.334012][ T52] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.358660][ T52] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.364827][ T29] kauditd_printk_skb: 212 callbacks suppressed [ 100.364841][ T29] audit: type=1400 audit(1763664283.362:4487): avc: denied { read } for pid=9479 comm="syz.7.2624" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 100.396326][ T29] audit: type=1400 audit(1763664283.362:4488): avc: denied { open } for pid=9479 comm="syz.7.2624" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 100.421665][ T29] audit: type=1326 audit(1763664283.394:4489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9475 comm="syz.7.2622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 100.445199][ T29] audit: type=1400 audit(1763664283.415:4490): avc: denied { ioctl } for pid=9479 comm="syz.7.2624" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 100.446887][ T58] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.478454][ T58] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.492857][ T29] audit: type=1400 audit(1763664283.499:4491): avc: denied { create } for pid=9485 comm="syz.4.2626" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 100.519430][ T29] audit: type=1400 audit(1763664283.499:4492): avc: denied { setopt } for pid=9485 comm="syz.4.2626" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 100.540175][ T7627] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.560250][ T29] audit: type=1400 audit(1763664283.530:4493): avc: denied { unmount } for pid=7627 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 100.589303][ T411] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 100.597552][ T411] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.606451][ T29] audit: type=1400 audit(1763664283.604:4494): avc: denied { create } for pid=9488 comm="syz.7.2627" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 100.627742][ T29] audit: type=1400 audit(1763664283.604:4495): avc: denied { map } for pid=9488 comm="syz.7.2627" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=23550 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 100.652214][ T29] audit: type=1400 audit(1763664283.604:4496): avc: denied { read write } for pid=9488 comm="syz.7.2627" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=23550 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 100.694755][ T9493] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 100.702594][ T9493] SELinux: failed to load policy [ 100.721309][ T9497] Cannot find add_set index 0 as target [ 100.780206][ T9510] loop7: detected capacity change from 0 to 512 [ 100.794198][ T9510] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 100.812544][ T9510] EXT4-fs (loop7): 1 truncate cleaned up [ 100.818931][ T9510] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.848091][ T7627] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.043234][ T9535] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9535 comm=syz.7.2649 [ 101.055745][ T9535] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=9535 comm=syz.7.2649 [ 101.149440][ T9546] xt_CT: You must specify a L4 protocol and not use inversions on it [ 101.263552][ T9561] veth0_vlan: entered allmulticast mode [ 101.285922][ T9561] ÿÿÿÿÿÿ: renamed from vlan1 [ 101.301978][ T9566] IPVS: Unknown mcast interface: hsr0 [ 101.340734][ T9571] loop7: detected capacity change from 0 to 2048 [ 101.402075][ T9571] loop7: p2 p3 p7 [ 101.448528][ T9583] loop7: detected capacity change from 0 to 512 [ 101.455268][ T9583] EXT4-fs: inline encryption not supported [ 101.476665][ T9583] EXT4-fs (loop7): Cannot turn on journaled quota: type 0: error -2 [ 101.491445][ T9583] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #13: comm syz.7.2672: invalid indirect mapped block 2683928664 (level 1) [ 101.507674][ T9583] EXT4-fs (loop7): 1 truncate cleaned up [ 101.513743][ T9583] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.566562][ T9583] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:483: comm syz.7.2672: Invalid block bitmap block 3 in block_group 0 [ 101.591760][ T9583] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:483: comm syz.7.2672: Invalid block bitmap block 3 in block_group 0 [ 101.605856][ T9583] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:483: comm syz.7.2672: Invalid block bitmap block 3 in block_group 0 [ 101.642531][ T7627] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.709011][ T9598] syzkaller0: entered promiscuous mode [ 101.714506][ T9598] syzkaller0: entered allmulticast mode [ 103.317828][ T6979] Bluetooth: hci0: command 0x1003 tx timeout [ 103.323889][ T4762] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 103.364081][ T9611] loop6: detected capacity change from 0 to 2048 [ 103.371278][ T9617] netlink: 'syz.4.2686': attribute type 1 has an invalid length. [ 103.398105][ T9611] loop6: p2 p3 p7 [ 104.408587][ T9685] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2718'. [ 104.417841][ T9685] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2718'. [ 104.465872][ T9691] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2721'. [ 104.475155][ T9691] netlink: 108 bytes leftover after parsing attributes in process `syz.7.2721'. [ 104.488578][ T9691] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2721'. [ 104.498666][ T9691] netlink: 108 bytes leftover after parsing attributes in process `syz.7.2721'. [ 104.507824][ T9691] netlink: 84 bytes leftover after parsing attributes in process `syz.7.2721'. [ 104.569591][ T9707] loop7: detected capacity change from 0 to 2048 [ 104.617011][ T9707] Alternate GPT is invalid, using primary GPT. [ 104.623544][ T9707] loop7: p2 p3 p7 [ 104.669718][ T9721] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2733'. [ 104.685672][ T9721] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2733'. [ 104.745439][ T9734] SELinux: Context system_u:object_r:netutils_exec_t:s0 is not valid (left unmapped). [ 104.864837][ T9746] loop7: detected capacity change from 0 to 8192 [ 104.875949][ T9746] bio_check_eod: 30 callbacks suppressed [ 104.875966][ T9746] syz.7.2744: attempt to access beyond end of device [ 104.875966][ T9746] loop7: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 104.899823][ T9746] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1) [ 104.907684][ T9746] FAT-fs (loop7): Filesystem has been set read-only [ 104.915616][ T9746] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1) [ 104.925365][ T9746] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1) [ 105.227086][ T29] kauditd_printk_skb: 136 callbacks suppressed [ 105.227100][ T29] audit: type=1400 audit(1763664288.464:4633): avc: denied { create } for pid=9788 comm="syz.4.2765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 105.281994][ T29] audit: type=1400 audit(1763664288.464:4634): avc: denied { setopt } for pid=9788 comm="syz.4.2765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 105.301627][ T29] audit: type=1326 audit(1763664288.506:4635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.7.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 105.325364][ T29] audit: type=1326 audit(1763664288.506:4636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.7.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 105.348970][ T29] audit: type=1326 audit(1763664288.506:4637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.7.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 105.372400][ T29] audit: type=1326 audit(1763664288.506:4638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.7.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 105.395917][ T29] audit: type=1326 audit(1763664288.506:4639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.7.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 105.447423][ T29] audit: type=1326 audit(1763664288.527:4640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.7.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 105.470892][ T29] audit: type=1326 audit(1763664288.527:4641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.7.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 105.494269][ T29] audit: type=1326 audit(1763664288.527:4642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9790 comm="syz.7.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 105.523706][ T9799] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2770'. [ 105.570507][ T9812] SELinux: Context Ü is not valid (left unmapped). [ 105.698708][ T9829] loop6: detected capacity change from 0 to 1024 [ 105.705694][ T9829] ext4: Bad value for 'barrier' [ 105.872693][ T9852] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9852 comm=syz.2.2793 [ 105.885217][ T9852] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=9852 comm=syz.2.2793 [ 105.948639][ T9865] IPv6: Can't replace route, no match found [ 106.004211][ T9879] bridge1: entered promiscuous mode [ 106.667186][T10000] IPVS: Error connecting to the multicast addr [ 107.069355][T10038] loop7: detected capacity change from 0 to 1024 [ 107.084604][T10038] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.117266][ T7627] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.530908][ T9] Process accounting resumed [ 107.608951][T10107] loop6: detected capacity change from 0 to 1024 [ 107.655612][T10107] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 107.680564][T10107] ext4 filesystem being mounted at /201/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.706946][T10107] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.2888: bg 0: block 112: padding at end of block bitmap is not set [ 107.744321][T10107] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 32 with max blocks 1 with error 117 [ 107.756766][T10107] EXT4-fs (loop6): This should not happen!! Data will be lost [ 107.756766][T10107] [ 107.776070][T10107] EXT4-fs error (device loop6): ext4_map_blocks:814: inode #15: comm syz.6.2888: lblock 0 mapped to illegal pblock 0 (length 1) [ 107.825406][ T7559] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 107.892275][T10135] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 107.919636][T10135] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 108.157594][T10170] syz.1.2917: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 108.172271][T10170] CPU: 1 UID: 0 PID: 10170 Comm: syz.1.2917 Not tainted syzkaller #0 PREEMPT(voluntary) [ 108.172314][T10170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 108.172324][T10170] Call Trace: [ 108.172331][T10170] [ 108.172338][T10170] __dump_stack+0x1d/0x30 [ 108.172363][T10170] dump_stack_lvl+0xe8/0x140 [ 108.172426][T10170] dump_stack+0x15/0x1b [ 108.172444][T10170] warn_alloc+0x12b/0x1a0 [ 108.172476][T10170] __vmalloc_node_range_noprof+0x9d/0xed0 [ 108.172518][T10170] ? probe_sched_wakeup+0x85/0xa0 [ 108.172628][T10170] ? ttwu_do_activate+0x1d0/0x210 [ 108.172701][T10170] ? __rcu_read_unlock+0x4f/0x70 [ 108.172727][T10170] ? avc_has_perm_noaudit+0x1b1/0x200 [ 108.172746][T10170] ? should_fail_ex+0x30/0x280 [ 108.172777][T10170] ? xskq_create+0x36/0xe0 [ 108.172881][T10170] vmalloc_user_noprof+0x7d/0xb0 [ 108.172910][T10170] ? xskq_create+0x80/0xe0 [ 108.172929][T10170] xskq_create+0x80/0xe0 [ 108.172995][T10170] xsk_init_queue+0x95/0xf0 [ 108.173017][T10170] xsk_setsockopt+0x477/0x640 [ 108.173101][T10170] ? __pfx_xsk_setsockopt+0x10/0x10 [ 108.173122][T10170] __sys_setsockopt+0x184/0x200 [ 108.173150][T10170] __x64_sys_setsockopt+0x64/0x80 [ 108.173227][T10170] x64_sys_call+0x20ec/0x3000 [ 108.173290][T10170] do_syscall_64+0xd2/0x200 [ 108.173308][T10170] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 108.173373][T10170] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 108.173474][T10170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.173494][T10170] RIP: 0033:0x7f8afe0ef749 [ 108.173542][T10170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.173559][T10170] RSP: 002b:00007f8afcb57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 108.173576][T10170] RAX: ffffffffffffffda RBX: 00007f8afe345fa0 RCX: 00007f8afe0ef749 [ 108.173587][T10170] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000004 [ 108.173645][T10170] RBP: 00007f8afe173f91 R08: 0000000000000004 R09: 0000000000000000 [ 108.173735][T10170] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 108.173882][T10170] R13: 00007f8afe346038 R14: 00007f8afe345fa0 R15: 00007fffd1eebd28 [ 108.173902][T10170] [ 108.173981][T10170] Mem-Info: [ 108.396871][T10170] active_anon:14843 inactive_anon:220 isolated_anon:0 [ 108.396871][T10170] active_file:10155 inactive_file:13042 isolated_file:0 [ 108.396871][T10170] unevictable:0 dirty:87 writeback:0 [ 108.396871][T10170] slab_reclaimable:3487 slab_unreclaimable:18255 [ 108.396871][T10170] mapped:28808 shmem:278 pagetables:1308 [ 108.396871][T10170] sec_pagetables:0 bounce:0 [ 108.396871][T10170] kernel_misc_reclaimable:0 [ 108.396871][T10170] free:1878244 free_pcp:5813 free_cma:0 [ 108.441962][T10170] Node 0 active_anon:59372kB inactive_anon:880kB active_file:40620kB inactive_file:52168kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:115232kB dirty:348kB writeback:0kB shmem:1112kB kernel_stack:4448kB pagetables:5232kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 108.469348][T10170] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 108.499153][T10170] lowmem_reserve[]: 0 2881 7859 7859 [ 108.504492][T10170] Node 0 DMA32 free:2946728kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2950256kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:0kB free_cma:0kB [ 108.535583][T10170] lowmem_reserve[]: 0 0 4978 4978 [ 108.540629][T10170] Node 0 Normal free:4550888kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:59372kB inactive_anon:880kB active_file:40620kB inactive_file:52168kB unevictable:0kB writepending:348kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:19724kB local_pcp:8644kB free_cma:0kB [ 108.573708][T10170] lowmem_reserve[]: 0 0 0 0 [ 108.578439][T10170] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 108.591197][T10170] Node 0 DMA32: 4*4kB (M) 3*8kB (M) 4*16kB (M) 2*32kB (M) 4*64kB (M) 2*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2946728kB [ 108.607384][T10170] Node 0 Normal: 1572*4kB (UME) 1118*8kB (UME) 648*16kB (UME) 366*32kB (UME) 258*64kB (UME) 271*128kB (UME) 167*256kB (UM) 130*512kB (UME) 79*1024kB (UME) 32*2048kB (UME) 1027*4096kB (UM) = 4550848kB [ 108.627096][T10170] Node 0 hugepages_total=4 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 108.636384][T10170] 23715 total pagecache pages [ 108.641041][T10170] 245 pages in swap cache [ 108.645364][T10170] Free swap = 124016kB [ 108.649492][T10170] Total swap = 124996kB [ 108.653682][T10170] 2097051 pages RAM [ 108.657469][T10170] 0 pages HighMem/MovableOnly [ 108.662202][T10170] 81087 pages reserved [ 108.667591][T10175] IPv6: NLM_F_CREATE should be specified when creating new route [ 108.930068][ T9876] netdevsim netdevsim7 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 108.957953][ T9876] netdevsim netdevsim7 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 108.983450][ T9876] netdevsim netdevsim7 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 108.994926][ T9876] netdevsim netdevsim7 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 109.143097][T10246] netlink: 'syz.1.2952': attribute type 1 has an invalid length. [ 109.163751][T10246] bond1: entered promiscuous mode [ 109.169168][T10246] 8021q: adding VLAN 0 to HW filter on device bond1 [ 109.197777][T10246] 8021q: adding VLAN 0 to HW filter on device bond1 [ 109.210966][T10246] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 109.221241][T10246] bond1: (slave vxcan3): Setting fail_over_mac to active for active-backup mode [ 109.248275][T10246] bond1: (slave vxcan3): making interface the new active one [ 109.251952][T10257] xt_hashlimit: size too large, truncated to 1048576 [ 109.255747][T10246] vxcan3: entered promiscuous mode [ 109.267825][T10246] bond1: (slave vxcan3): Enslaving as an active interface with an up link [ 109.461719][T10268] random: crng reseeded on system resumption [ 109.590344][T10288] program syz.1.2971 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 109.812357][T10331] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10331 comm=syz.1.3001 [ 109.896054][T10345] __nla_validate_parse: 16 callbacks suppressed [ 109.896070][T10345] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2993'. [ 109.911249][T10345] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2993'. [ 109.943180][T10353] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2998'. [ 109.958693][T10353] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2998'. [ 110.023842][T10366] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3010'. [ 110.036644][T10366] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3010'. [ 110.045599][T10366] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3010'. [ 110.073202][ T29] kauditd_printk_skb: 292 callbacks suppressed [ 110.073215][ T29] audit: type=1326 audit(1763664293.556:4935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10373 comm="syz.6.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 110.118737][ T29] audit: type=1326 audit(1763664293.556:4936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10373 comm="syz.6.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 110.142324][ T29] audit: type=1326 audit(1763664293.556:4937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10373 comm="syz.6.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 110.165926][ T29] audit: type=1326 audit(1763664293.556:4938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10373 comm="syz.6.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 110.176431][T10377] loop7: detected capacity change from 0 to 4096 [ 110.189560][ T29] audit: type=1326 audit(1763664293.556:4939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10373 comm="syz.6.3013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 110.240055][ T29] audit: type=1400 audit(1763664293.724:4940): avc: denied { create } for pid=10380 comm="syz.6.3018" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 110.260311][ T29] audit: type=1400 audit(1763664293.724:4941): avc: denied { read } for pid=10375 comm="syz.7.3014" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 110.280738][ T29] audit: type=1400 audit(1763664293.724:4942): avc: denied { write } for pid=10380 comm="syz.6.3018" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 110.301194][ T29] audit: type=1400 audit(1763664293.724:4943): avc: denied { read } for pid=10380 comm="syz.6.3018" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 110.322234][ T29] audit: type=1400 audit(1763664293.797:4944): avc: denied { ioctl } for pid=10380 comm="syz.6.3018" path="socket:[26987]" dev="sockfs" ino=26987 ioctlcmd=0x891c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 110.845072][T10433] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3047'. [ 111.179640][T10478] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3059'. [ 111.300461][T10498] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 111.383595][T10502] lo speed is unknown, defaulting to 1000 [ 111.524404][T10511] vhci_hcd: invalid port number 96 [ 111.529629][T10511] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 111.534479][T10514] loop7: detected capacity change from 0 to 8192 [ 111.546021][T10514] FAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 111.617449][T10525] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3079'. [ 111.705832][T10541] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10541 comm=syz.7.3088 [ 111.759919][T10549] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 111.853408][ T9] IPVS: starting estimator thread 0... [ 111.872277][T10565] 9pnet: Could not find request transport: f [ 111.878875][T10573] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 111.957468][T10571] IPVS: using max 2592 ests per chain, 129600 per kthread [ 111.973374][T10583] loop7: detected capacity change from 0 to 512 [ 111.985878][T10583] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 111.995778][T10583] EXT4-fs (loop7): SIPHASH is not a valid default hash value [ 112.107677][ T3395] hid_parser_main: 51 callbacks suppressed [ 112.107694][ T3395] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 112.121072][ T3395] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 112.128557][ T3395] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 112.136044][ T3395] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 112.143586][ T3395] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 112.151111][ T3395] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 112.158561][ T3395] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 112.165986][ T3395] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 112.173413][ T3395] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 112.181226][ T3395] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 112.216131][ T3395] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz0] on syz1 [ 112.345054][T10631] batman_adv: batadv0: Adding interface: dummy0 [ 112.351439][T10631] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 112.377438][T10631] batman_adv: batadv0: Interface activated: dummy0 [ 112.387465][T10631] net_ratelimit: 10 callbacks suppressed [ 112.387479][T10631] batadv0: mtu less than device minimum [ 112.399504][T10631] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 112.410166][T10631] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 112.421033][T10631] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 112.431724][T10631] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 112.442496][T10631] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 112.453428][T10631] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 112.464005][T10631] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 112.474718][T10631] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 112.485370][T10631] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 112.626866][T10650] $Hÿ: renamed from bond0 (while UP) [ 112.635175][T10650] $Hÿ: entered promiscuous mode [ 112.640322][T10650] bond_slave_0: entered promiscuous mode [ 112.646186][T10650] bond_slave_1: entered promiscuous mode [ 112.997482][T10699] IPVS: stopping master sync thread 10700 ... [ 113.003704][T10700] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0 [ 113.100428][T10708] loop6: detected capacity change from 0 to 512 [ 113.117878][T10708] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 113.130224][ T9] hid-generic 0003:0004:0000.000A: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 113.150327][T10708] EXT4-fs (loop6): 1 truncate cleaned up [ 113.156486][T10708] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.187786][T10716] veth0_vlan: entered allmulticast mode [ 113.217007][ T7559] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.236899][T10722] ÿÿÿÿÿÿ: renamed from vlan1 [ 113.367877][T10742] bond_slave_0: entered promiscuous mode [ 113.373586][T10742] bond_slave_1: entered promiscuous mode [ 113.397233][T10742] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 113.416283][T10742] bond_slave_0: left promiscuous mode [ 113.421859][T10742] bond_slave_1: left promiscuous mode [ 113.513804][T10755] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10755 comm=syz.2.3184 [ 113.526393][T10755] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=10755 comm=syz.2.3184 [ 113.797613][T10787] SET target dimension over the limit! [ 114.052805][T10803] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 114.103850][T10807] program syz.2.3204 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 114.486475][T10823] lo speed is unknown, defaulting to 1000 [ 114.661532][T10842] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0 [ 114.673827][T10841] IPVS: stopping master sync thread 10842 ... [ 114.912992][ T29] kauditd_printk_skb: 202 callbacks suppressed [ 114.913011][ T29] audit: type=1326 audit(1763664554.637:5147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10860 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 114.949000][ T29] audit: type=1326 audit(1763664554.668:5148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10860 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 114.972766][ T29] audit: type=1326 audit(1763664554.668:5149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10860 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 114.996470][ T29] audit: type=1326 audit(1763664554.668:5150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10860 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 115.019959][ T29] audit: type=1326 audit(1763664554.668:5151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10860 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 115.043537][ T29] audit: type=1326 audit(1763664554.668:5152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10860 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 115.067213][ T29] audit: type=1326 audit(1763664554.668:5153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10860 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 115.090862][ T29] audit: type=1326 audit(1763664554.668:5154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10860 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 115.114350][ T29] audit: type=1326 audit(1763664554.668:5155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10860 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 115.137843][ T29] audit: type=1326 audit(1763664554.668:5156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10860 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 115.346345][T10895] __nla_validate_parse: 4 callbacks suppressed [ 115.346362][T10895] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3241'. [ 115.365229][T10895] bond_slave_0: entered promiscuous mode [ 115.370950][T10895] bond_slave_1: entered promiscuous mode [ 115.379814][T10895] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 115.392222][T10895] bond_slave_0: left promiscuous mode [ 115.397693][T10895] bond_slave_1: left promiscuous mode [ 115.419428][T10900] loop6: detected capacity change from 0 to 1024 [ 115.438308][T10900] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.455337][T10900] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.3246: bg 0: block 385: padding at end of block bitmap is not set [ 115.482880][ T7559] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.504473][T10912] Cannot find add_set index 0 as target [ 115.795410][T10951] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3267'. [ 116.112045][T10993] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3287'. [ 116.121122][T10993] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3287'. [ 116.220058][T11006] netlink: 'syz.2.3292': attribute type 10 has an invalid length. [ 116.227931][T11006] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3292'. [ 116.268659][T11012] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3294'. [ 116.277967][T11012] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3294'. [ 116.341232][T11021] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3298'. [ 116.350263][T11021] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3298'. [ 116.359619][T11021] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3298'. [ 117.416065][ T6979] Bluetooth: hci0: command 0x1003 tx timeout [ 117.416102][ T4762] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 117.449663][T11085] loop7: detected capacity change from 0 to 1024 [ 117.474408][T11085] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.490556][T11085] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.3325: bg 0: block 385: padding at end of block bitmap is not set [ 117.513820][ T7627] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.578575][T11099] Cannot find add_set index 0 as target [ 117.708779][T11115] syzkaller0: entered promiscuous mode [ 117.714430][T11115] syzkaller0: entered allmulticast mode [ 117.936472][T11140] loop6: detected capacity change from 0 to 1024 [ 117.943939][T11140] EXT4-fs: Ignoring removed orlov option [ 117.961222][T11140] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.010077][ T7559] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.028500][T11153] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=11153 comm=syz.7.3356 [ 118.041539][T11153] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=11153 comm=syz.7.3356 [ 118.051901][T11155] syzkaller0: entered promiscuous mode [ 118.059557][T11155] syzkaller0: entered allmulticast mode [ 118.116194][T11161] loop7: detected capacity change from 0 to 256 [ 118.125578][T11161] FAT-fs (loop7): error, invalid access to FAT (entry 0x00000001) [ 118.360425][T11184] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=11184 comm=syz.4.3369 [ 118.373030][T11184] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=11184 comm=syz.4.3369 [ 118.380587][T11186] syzkaller0: entered promiscuous mode [ 118.391079][T11186] syzkaller0: entered allmulticast mode [ 118.509827][T11192] loop6: detected capacity change from 0 to 256 [ 118.528493][T11192] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000001) [ 120.311887][ T4762] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 120.311887][ T6979] Bluetooth: hci0: command 0x1003 tx timeout [ 120.340228][T11211] loop7: detected capacity change from 0 to 1024 [ 120.353942][T11210] loop6: detected capacity change from 0 to 512 [ 120.358393][T11211] EXT4-fs: Ignoring removed orlov option [ 120.370298][T11210] EXT4-fs (loop6): too many log groups per flexible block group [ 120.395418][T11210] EXT4-fs (loop6): failed to initialize mballoc (-12) [ 120.404355][T11210] EXT4-fs (loop6): mount failed [ 120.404639][T11211] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 120.426007][ T29] kauditd_printk_skb: 200 callbacks suppressed [ 120.426019][ T29] audit: type=1400 audit(1763664560.432:5357): avc: denied { append } for pid=11223 comm="syz.2.3389" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 120.480190][ T7627] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.602667][ T29] audit: type=1326 audit(1763664560.610:5358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.4.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 120.626288][ T29] audit: type=1326 audit(1763664560.610:5359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.4.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 120.653833][T11249] loop7: detected capacity change from 0 to 1024 [ 120.660773][T11249] EXT4-fs: Ignoring removed orlov option [ 120.672998][ T29] audit: type=1326 audit(1763664560.610:5360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.4.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 120.696577][ T29] audit: type=1326 audit(1763664560.610:5361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.4.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 120.720261][ T29] audit: type=1326 audit(1763664560.610:5362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.4.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 120.743781][ T29] audit: type=1326 audit(1763664560.663:5363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.4.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 120.767222][ T29] audit: type=1326 audit(1763664560.663:5364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.4.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 120.790957][ T29] audit: type=1326 audit(1763664560.663:5365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.4.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 120.814493][ T29] audit: type=1326 audit(1763664560.663:5366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.4.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 120.845508][T11249] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 120.932207][ T7627] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.079136][T11276] loop6: detected capacity change from 0 to 4096 [ 121.109488][T11276] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.150453][ T7559] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.189324][T11291] __nla_validate_parse: 10 callbacks suppressed [ 121.189487][T11291] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3418'. [ 121.206792][T11288] loop7: detected capacity change from 0 to 2048 [ 121.213644][T11288] EXT4-fs: Ignoring removed bh option [ 121.237310][T11288] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.252615][T11288] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 121.267626][T11288] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 12 with max blocks 1 with error 28 [ 121.279952][T11288] EXT4-fs (loop7): This should not happen!! Data will be lost [ 121.279952][T11288] [ 121.289623][T11288] EXT4-fs (loop7): Total free blocks count 0 [ 121.295714][T11288] EXT4-fs (loop7): Free/Dirty block details [ 121.301647][T11288] EXT4-fs (loop7): free_blocks=2415919104 [ 121.307512][T11288] EXT4-fs (loop7): dirty_blocks=16 [ 121.312657][T11288] EXT4-fs (loop7): Block reservation details [ 121.318711][T11288] EXT4-fs (loop7): i_reserved_data_blocks=1 [ 121.322233][ T9876] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 121.393436][T11308] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3424'. [ 121.402823][T11308] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3424'. [ 121.513404][T11326] loop7: detected capacity change from 0 to 1024 [ 121.539782][T11326] EXT4-fs: Ignoring removed nomblk_io_submit option [ 121.577565][T11326] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.624399][ T7627] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.642799][T11350] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 121.654958][T11350] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 121.770513][T11363] loop6: detected capacity change from 0 to 2048 [ 121.777211][T11363] EXT4-fs: Ignoring removed bh option [ 121.790400][T11363] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.804040][T11372] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 121.821667][T11373] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3450'. [ 121.833758][T11373] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3450'. [ 121.843103][T11363] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 121.858180][T11363] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 12 with max blocks 1 with error 28 [ 121.860266][T11372] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 121.870489][T11363] EXT4-fs (loop6): This should not happen!! Data will be lost [ 121.870489][T11363] [ 121.870509][T11363] EXT4-fs (loop6): Total free blocks count 0 [ 121.893633][T11363] EXT4-fs (loop6): Free/Dirty block details [ 121.899530][T11363] EXT4-fs (loop6): free_blocks=2415919104 [ 121.902907][ T9908] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 121.905311][T11363] EXT4-fs (loop6): dirty_blocks=16 [ 121.905372][T11363] EXT4-fs (loop6): Block reservation details [ 121.905383][T11363] EXT4-fs (loop6): i_reserved_data_blocks=1 [ 122.068654][T11389] netlink: 'syz.6.3459': attribute type 1 has an invalid length. [ 122.337579][T11406] netlink: 272 bytes leftover after parsing attributes in process `syz.1.3478'. [ 122.384065][T11414] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 122.391720][T11414] net_ratelimit: 10 callbacks suppressed [ 122.391736][T11414] batadv0: mtu less than device minimum [ 122.403410][T11414] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.414546][T11414] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.425260][T11414] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.435916][T11414] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.446716][T11414] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.457559][T11414] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.468211][T11414] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.479021][T11414] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.489748][T11414] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 122.511670][T11414] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 122.551522][T11430] loop7: detected capacity change from 0 to 2048 [ 122.558251][T11430] EXT4-fs: Ignoring removed bh option [ 122.588768][T11430] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.609363][T11430] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 122.624405][T11430] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 12 with max blocks 1 with error 28 [ 122.636704][T11430] EXT4-fs (loop7): This should not happen!! Data will be lost [ 122.636704][T11430] [ 122.646351][T11430] EXT4-fs (loop7): Total free blocks count 0 [ 122.652325][T11430] EXT4-fs (loop7): Free/Dirty block details [ 122.658245][T11430] EXT4-fs (loop7): free_blocks=2415919104 [ 122.664073][T11430] EXT4-fs (loop7): dirty_blocks=16 [ 122.669407][T11430] EXT4-fs (loop7): Block reservation details [ 122.674656][ T9876] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 122.675585][T11430] EXT4-fs (loop7): i_reserved_data_blocks=1 [ 122.764270][T11450] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 122.764270][T11450] program syz.1.3494 not setting count and/or reply_len properly [ 122.856777][T11466] netlink: 'syz.7.3492': attribute type 1 has an invalid length. [ 122.872645][T11466] bond1: entered promiscuous mode [ 122.879345][T11466] 8021q: adding VLAN 0 to HW filter on device bond1 [ 122.906534][T11466] 8021q: adding VLAN 0 to HW filter on device bond1 [ 122.914145][T11466] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 122.924516][T11466] bond1: (slave vxcan3): Setting fail_over_mac to active for active-backup mode [ 122.936978][T11466] bond1: (slave vxcan3): making interface the new active one [ 122.944441][T11466] vxcan3: entered promiscuous mode [ 122.951208][T11466] bond1: (slave vxcan3): Enslaving as an active interface with an up link [ 122.999243][T11484] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3499'. [ 123.008198][T11484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3499'. [ 123.043412][T11490] random: crng reseeded on system resumption [ 123.059167][T11492] xt_hashlimit: size too large, truncated to 1048576 [ 123.085621][T11494] IPv6: NLM_F_CREATE should be specified when creating new route [ 123.112057][T11484] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3499'. [ 123.120960][T11484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3499'. [ 123.383778][T11524] 9pnet_fd: Insufficient options for proto=fd [ 123.398533][T11523] xt_connbytes: Forcing CT accounting to be enabled [ 123.408301][T11523] Cannot find set identified by id 0 to match [ 123.467560][T11542] loop6: detected capacity change from 0 to 1024 [ 123.478506][T11542] EXT4-fs: Ignoring removed orlov option [ 123.508853][T11542] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 123.537415][ T7559] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.655786][T11554] loop6: detected capacity change from 0 to 1024 [ 123.663223][T11554] EXT4-fs: Ignoring removed nomblk_io_submit option [ 123.716831][T11554] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 123.756802][ T7559] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.819920][T11575] program syz.2.3535 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 123.938719][T11599] Falling back ldisc for ttyS3. [ 123.960862][T11602] random: crng reseeded on system resumption [ 125.477796][ T9908] Bluetooth: hci0: Frame reassembly failed (-84) [ 125.805440][ T29] kauditd_printk_skb: 210 callbacks suppressed [ 125.805454][ T29] audit: type=1107 audit(1763664566.069:5577): pid=11772 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 126.084446][T11799] __nla_validate_parse: 13 callbacks suppressed [ 126.084462][T11799] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3647'. [ 126.090985][ T29] audit: type=1400 audit(1763664566.363:5578): avc: denied { recv } for pid=11797 comm="syz.4.3647" saddr=10.128.0.163 src=30036 daddr=10.128.0.176 dest=47478 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 126.126000][T11799] IPVS: Error connecting to the multicast addr [ 126.199285][ T29] audit: type=1326 audit(1763664566.489:5579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11802 comm="syz.2.3637" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f4082de65e7 code=0x0 [ 126.534182][T11836] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3653'. [ 126.566541][T11836] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3653'. [ 127.023255][T11858] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3664'. [ 127.168575][T11866] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3666'. [ 127.329145][ T29] audit: type=1326 audit(1763664567.665:5580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.6.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 127.373667][ T29] audit: type=1326 audit(1763664567.665:5581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.6.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 127.397229][ T29] audit: type=1326 audit(1763664567.665:5582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.6.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 127.398696][ T4762] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 127.420728][ T29] audit: type=1326 audit(1763664567.696:5583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.6.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=5 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 127.450047][ T29] audit: type=1326 audit(1763664567.696:5584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.6.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 127.473563][ T29] audit: type=1326 audit(1763664567.696:5585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.6.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 127.497137][ T29] audit: type=1326 audit(1763664567.696:5586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11891 comm="syz.6.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 127.558470][T11901] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3686'. [ 127.601635][ T9908] Bluetooth: hci0: Frame reassembly failed (-84) [ 129.532624][ T6979] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 129.533737][ T4762] Bluetooth: hci0: command 0x1003 tx timeout [ 129.781285][T11922] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 129.809905][T11924] lo speed is unknown, defaulting to 1000 [ 129.864806][T11937] syz.7.3710: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 129.879483][T11937] CPU: 1 UID: 0 PID: 11937 Comm: syz.7.3710 Not tainted syzkaller #0 PREEMPT(voluntary) [ 129.879510][T11937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 129.879525][T11937] Call Trace: [ 129.879535][T11937] [ 129.879543][T11937] __dump_stack+0x1d/0x30 [ 129.879597][T11937] dump_stack_lvl+0xe8/0x140 [ 129.879614][T11937] dump_stack+0x15/0x1b [ 129.879669][T11937] warn_alloc+0x12b/0x1a0 [ 129.879747][T11937] ? __rcu_read_unlock+0x4f/0x70 [ 129.879774][T11937] __vmalloc_node_range_noprof+0x9d/0xed0 [ 129.879800][T11937] ? __futex_wait+0x1fa/0x260 [ 129.879818][T11937] ? __pfx_futex_wake_mark+0x10/0x10 [ 129.879835][T11937] ? __rcu_read_unlock+0x4f/0x70 [ 129.879860][T11937] ? avc_has_perm_noaudit+0x1b1/0x200 [ 129.879888][T11937] ? should_fail_ex+0x30/0x280 [ 129.879928][T11937] ? xskq_create+0x36/0xe0 [ 129.879959][T11937] vmalloc_user_noprof+0x7d/0xb0 [ 129.879992][T11937] ? xskq_create+0x80/0xe0 [ 129.880026][T11937] xskq_create+0x80/0xe0 [ 129.880046][T11937] xsk_init_queue+0x95/0xf0 [ 129.880103][T11937] xsk_setsockopt+0x477/0x640 [ 129.880148][T11937] ? __pfx_xsk_setsockopt+0x10/0x10 [ 129.880177][T11937] __sys_setsockopt+0x184/0x200 [ 129.880242][T11937] __x64_sys_setsockopt+0x64/0x80 [ 129.880271][T11937] x64_sys_call+0x20ec/0x3000 [ 129.880354][T11937] do_syscall_64+0xd2/0x200 [ 129.880414][T11937] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 129.880441][T11937] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 129.880473][T11937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.880544][T11937] RIP: 0033:0x7f31ff46f749 [ 129.880559][T11937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.880584][T11937] RSP: 002b:00007f31fdecf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 129.880602][T11937] RAX: ffffffffffffffda RBX: 00007f31ff6c5fa0 RCX: 00007f31ff46f749 [ 129.880612][T11937] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000004 [ 129.880623][T11937] RBP: 00007f31ff4f3f91 R08: 0000000000000004 R09: 0000000000000000 [ 129.880634][T11937] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 129.880692][T11937] R13: 00007f31ff6c6038 R14: 00007f31ff6c5fa0 R15: 00007ffc87f06d28 [ 129.880818][T11937] [ 129.880832][T11937] Mem-Info: [ 130.108584][T11937] active_anon:21233 inactive_anon:225 isolated_anon:0 [ 130.108584][T11937] active_file:10155 inactive_file:13052 isolated_file:0 [ 130.108584][T11937] unevictable:0 dirty:253 writeback:0 [ 130.108584][T11937] slab_reclaimable:3483 slab_unreclaimable:18290 [ 130.108584][T11937] mapped:28796 shmem:244 pagetables:1294 [ 130.108584][T11937] sec_pagetables:0 bounce:0 [ 130.108584][T11937] kernel_misc_reclaimable:0 [ 130.108584][T11937] free:1869497 free_pcp:8075 free_cma:0 [ 130.153723][T11937] Node 0 active_anon:84932kB inactive_anon:900kB active_file:40620kB inactive_file:52208kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:115184kB dirty:1012kB writeback:0kB shmem:976kB kernel_stack:4528kB pagetables:5176kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 130.181220][T11937] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 130.211025][T11937] lowmem_reserve[]: 0 2881 7859 7859 [ 130.216306][T11937] Node 0 DMA32 free:2946728kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2950256kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:0kB free_cma:0kB [ 130.247398][T11937] lowmem_reserve[]: 0 0 4978 4978 [ 130.252444][T11937] Node 0 Normal free:4515900kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:84932kB inactive_anon:900kB active_file:40620kB inactive_file:52208kB unevictable:0kB writepending:1012kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:28772kB local_pcp:15220kB free_cma:0kB [ 130.285771][T11937] lowmem_reserve[]: 0 0 0 0 [ 130.290336][T11937] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 130.303066][T11937] Node 0 DMA32: 4*4kB (M) 3*8kB (M) 4*16kB (M) 2*32kB (M) 4*64kB (M) 2*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2946728kB [ 130.319145][T11937] Node 0 Normal: 1039*4kB (UM) 1480*8kB (UME) 724*16kB (UME) 593*32kB (UME) 315*64kB (UM) 246*128kB (UME) 111*256kB (UME) 97*512kB (UM) 82*1024kB (UME) 24*2048kB (UME) 1027*4096kB (UM) = 4515996kB [ 130.338683][T11937] Node 0 hugepages_total=4 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 130.347972][T11937] 23694 total pagecache pages [ 130.352716][T11937] 250 pages in swap cache [ 130.357077][T11937] Free swap = 123996kB [ 130.361212][T11937] Total swap = 124996kB [ 130.365399][T11937] 2097051 pages RAM [ 130.369181][T11937] 0 pages HighMem/MovableOnly [ 130.373844][T11937] 81087 pages reserved [ 130.445426][T11950] netlink: 7 bytes leftover after parsing attributes in process `syz.1.3707'. [ 130.463721][T11950] netlink: 7 bytes leftover after parsing attributes in process `syz.1.3707'. [ 130.578027][T11973] netlink: 272 bytes leftover after parsing attributes in process `syz.7.3714'. [ 130.589365][ T29] kauditd_printk_skb: 42 callbacks suppressed [ 130.589377][ T29] audit: type=1326 audit(1763664571.098:5629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11976 comm="syz.6.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 130.634774][ T29] audit: type=1326 audit(1763664571.129:5630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11976 comm="syz.6.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 130.658333][ T29] audit: type=1326 audit(1763664571.129:5631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11976 comm="syz.6.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 130.682022][ T29] audit: type=1326 audit(1763664571.129:5632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11976 comm="syz.6.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 130.705526][ T29] audit: type=1326 audit(1763664571.129:5633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11976 comm="syz.6.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 130.729088][ T29] audit: type=1326 audit(1763664571.129:5634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11976 comm="syz.6.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 130.752647][ T29] audit: type=1326 audit(1763664571.129:5635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11976 comm="syz.6.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 130.776160][ T29] audit: type=1326 audit(1763664571.129:5636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11976 comm="syz.6.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 130.799809][ T29] audit: type=1326 audit(1763664571.129:5637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11976 comm="syz.6.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 130.823427][ T29] audit: type=1326 audit(1763664571.129:5638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11976 comm="syz.6.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbad960f749 code=0x7ffc0000 [ 131.134399][T12028] xt_hashlimit: size too large, truncated to 1048576 [ 131.453046][T12038] xt_hashlimit: size too large, truncated to 1048576 [ 131.778707][T12049] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 131.778707][T12049] program syz.6.3749 not setting count and/or reply_len properly [ 131.960550][T12069] program syz.6.3759 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 132.026598][T12082] xt_hashlimit: size too large, truncated to 1048576 [ 132.126366][T12092] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3771'. [ 132.383729][T12107] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3777'. [ 132.424679][T12114] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3778'. [ 132.434626][T12114] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3778'. [ 132.443638][T12114] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3778'. [ 132.487927][T12127] xt_hashlimit: size too large, truncated to 1048576 [ 132.537654][T12132] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 132.690778][ T9] IPVS: starting estimator thread 0... [ 132.780661][T12144] IPVS: using max 2784 ests per chain, 139200 per kthread [ 132.915323][ T3402] IPVS: starting estimator thread 0... [ 132.956934][T12196] netlink: 'syz.6.3815': attribute type 10 has an invalid length. [ 132.957301][T12198] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3814'. [ 132.964864][T12196] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3815'. [ 132.973518][T12201] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3817'. [ 132.996339][T12196] batadv0: entered promiscuous mode [ 132.999504][T12190] IPVS: using max 2352 ests per chain, 117600 per kthread [ 133.001650][T12196] batadv0: entered allmulticast mode [ 133.015219][T12196] bridge0: port 3(batadv0) entered blocking state [ 133.021855][T12196] bridge0: port 3(batadv0) entered disabled state [ 133.029481][T12196] net_ratelimit: 10 callbacks suppressed [ 133.029563][T12196] batman_adv: batadv0: Local translation table size (116) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:2a [ 133.050171][T12196] bridge0: port 3(batadv0) entered blocking state [ 133.056695][T12196] bridge0: port 3(batadv0) entered forwarding state [ 133.214756][T12234] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3833'. [ 133.253193][T12239] ip6gre1: entered promiscuous mode [ 133.258566][T12239] ip6gre1: entered allmulticast mode [ 133.266005][ T9924] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 133.269123][T12239] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 133.273701][ T9924] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 133.289103][ T9] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 133.297502][T12241] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3836'. [ 133.390171][ T9927] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 133.399529][ T9927] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 133.419834][T12260] ip6gretap0: entered promiscuous mode [ 133.427907][T12260] ip6gretap0: left promiscuous mode [ 133.571173][ T1061] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 133.595178][ T9] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 133.687332][T12295] 9pnet_fd: Insufficient options for proto=fd [ 133.933543][T12319] ip6gretap0: entered promiscuous mode [ 133.941277][T12319] ip6gretap0: left promiscuous mode [ 134.038216][T12329] xt_connbytes: Forcing CT accounting to be enabled [ 134.044916][T12329] Cannot find set identified by id 0 to match [ 134.080265][T12334] netlink: 'syz.7.3890': attribute type 10 has an invalid length. [ 134.098547][T12334] batadv0: entered promiscuous mode [ 134.103947][T12334] batadv0: entered allmulticast mode [ 134.110767][T12334] bridge0: port 3(batadv0) entered blocking state [ 134.117249][T12334] bridge0: port 3(batadv0) entered disabled state [ 134.124627][T12334] bridge0: port 3(batadv0) entered blocking state [ 134.131149][T12334] bridge0: port 3(batadv0) entered forwarding state [ 134.390365][ T9924] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 134.399705][ T9924] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 134.445939][T12368] xt_connbytes: Forcing CT accounting to be enabled [ 134.452825][T12368] set match dimension is over the limit! [ 134.778861][T12405] ip6gretap0: entered promiscuous mode [ 134.787512][T12405] ip6gretap0: left promiscuous mode [ 134.985343][T12430] Cannot find set identified by id 0 to match [ 135.061443][T12440] ip6gretap0: entered promiscuous mode [ 135.071126][T12440] ip6gretap0: left promiscuous mode [ 135.661478][ T29] kauditd_printk_skb: 287 callbacks suppressed [ 135.661494][ T29] audit: type=1326 audit(138.621:5926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12493 comm="syz.4.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 135.706357][ T29] audit: type=1326 audit(138.621:5927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12493 comm="syz.4.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 135.729304][ T29] audit: type=1326 audit(138.663:5928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12493 comm="syz.4.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 135.752512][ T29] audit: type=1326 audit(138.663:5929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12493 comm="syz.4.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 135.775518][ T29] audit: type=1326 audit(138.663:5930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12493 comm="syz.4.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 135.798385][ T29] audit: type=1326 audit(138.663:5931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12493 comm="syz.4.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59a172f749 code=0x7ffc0000 [ 135.861149][T12511] netlink: 'syz.2.3963': attribute type 1 has an invalid length. [ 136.133345][ T29] audit: type=1400 audit(139.114:5932): avc: denied { write } for pid=12533 comm="syz.7.3974" name="qrtr-tun" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 136.215514][T12536] ip6gretap0: entered promiscuous mode [ 136.224682][T12536] ip6gretap0: left promiscuous mode [ 136.597022][T12566] wireguard0: entered promiscuous mode [ 136.602707][T12566] wireguard0: entered allmulticast mode [ 136.804723][T12582] ip6gretap0: entered promiscuous mode [ 136.813028][T12582] ip6gretap0: left promiscuous mode [ 136.892210][ T29] audit: type=1326 audit(139.912:5933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12595 comm="syz.7.4002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 136.921122][ T29] audit: type=1326 audit(139.912:5934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12595 comm="syz.7.4002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 136.944137][ T29] audit: type=1326 audit(139.912:5935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12595 comm="syz.7.4002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 137.000444][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 137.033177][T12606] __nla_validate_parse: 6 callbacks suppressed [ 137.033191][T12606] netlink: 36 bytes leftover after parsing attributes in process `syz.6.4008'. [ 137.052880][T12610] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4009'. [ 137.062610][T12610] unsupported nlmsg_type 40 [ 137.120830][T12623] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4016'. [ 137.235376][T12644] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4024'. [ 137.271143][T12649] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4028'. [ 137.289591][T12651] ip6gretap0: entered promiscuous mode [ 137.297026][T12651] ip6gretap0: left promiscuous mode [ 137.370902][T12662] ip6gretap0: entered promiscuous mode [ 137.385300][T12662] ip6gretap0: left promiscuous mode [ 137.490703][T12684] block device autoloading is deprecated and will be removed. [ 137.530472][T12689] wireguard0: entered promiscuous mode [ 137.536106][T12689] wireguard0: entered allmulticast mode [ 137.563714][T12692] loop2: detected capacity change from 0 to 1024 [ 137.570684][T12692] /dev/loop2: Can't open blockdev [ 137.634806][T12698] netlink: 36 bytes leftover after parsing attributes in process `syz.7.4061'. [ 137.683834][T12705] netlink: 60 bytes leftover after parsing attributes in process `syz.6.4051'. [ 137.853592][T12735] wireguard0: entered promiscuous mode [ 137.859142][T12735] wireguard0: entered allmulticast mode [ 137.868664][T12741] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4068'. [ 137.997843][T12766] tls_set_device_offload_rx: netdev not found [ 138.074573][T12778] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4086'. [ 138.205889][T12792] wireguard0: entered promiscuous mode [ 138.211490][T12792] wireguard0: entered allmulticast mode [ 138.267246][T12804] tls_set_device_offload_rx: netdev not found [ 138.563214][T12825] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4105'. [ 138.763643][T12854] netlink: 'syz.1.4118': attribute type 10 has an invalid length. [ 138.782870][T12854] team0: Port device dummy0 added [ 138.789727][T12854] netlink: 'syz.1.4118': attribute type 10 has an invalid length. [ 138.809118][T12854] team0: Port device dummy0 removed [ 138.822578][T12854] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 138.870513][T12866] bridge0: entered promiscuous mode [ 138.876102][T12866] macsec1: entered promiscuous mode [ 138.883177][T12866] bridge0: port 3(macsec1) entered blocking state [ 138.889779][T12866] bridge0: port 3(macsec1) entered disabled state [ 138.897509][T12866] macsec1: entered allmulticast mode [ 138.902820][T12866] bridge0: entered allmulticast mode [ 138.909053][T12866] macsec1: left allmulticast mode [ 138.914094][T12866] bridge0: left allmulticast mode [ 138.919854][T12866] bridge0: left promiscuous mode [ 139.408576][T12925] block device autoloading is deprecated and will be removed. [ 139.563201][T12938] netlink: 'syz.7.4158': attribute type 13 has an invalid length. [ 139.646189][T12938] bridge0: port 3(batadv0) entered disabled state [ 139.652774][T12938] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.660052][T12938] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.743383][T12938] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 139.745113][T12947] netlink: 'syz.2.4163': attribute type 10 has an invalid length. [ 139.808516][T12953] netlink: 'syz.2.4163': attribute type 10 has an invalid length. [ 139.854906][T12947] team0: Port device dummy0 added [ 139.861645][ T9882] netdevsim netdevsim7 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 139.870205][ T9882] netdevsim netdevsim7 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.904240][T12953] team0: Port device dummy0 removed [ 139.916930][T12953] dummy0: entered promiscuous mode [ 139.922340][T12953] $Hÿ: (slave dummy0): Enslaving as an active interface with an up link [ 139.931047][ T9882] netdevsim netdevsim7 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 139.939493][ T9882] netdevsim netdevsim7 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.963490][ T9882] netdevsim netdevsim7 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 139.971948][ T9882] netdevsim netdevsim7 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.982441][T12973] netlink: 'syz.1.4183': attribute type 13 has an invalid length. [ 140.056087][T12973] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.063419][T12973] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.192274][T12973] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 140.213372][T12995] block device autoloading is deprecated and will be removed. [ 140.333629][ T9882] netdevsim netdevsim7 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 140.342260][ T9882] netdevsim netdevsim7 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.350925][ T9882] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 140.360037][ T9882] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.412443][ T9882] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 140.421452][ T9882] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.433542][ T9882] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 140.442603][ T9882] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.451785][ T9882] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 140.460731][ T9882] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.535528][ T29] kauditd_printk_skb: 155 callbacks suppressed [ 140.535597][ T29] audit: type=1326 audit(143.744:6091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13016 comm="syz.7.4182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 140.564798][ T29] audit: type=1326 audit(143.744:6092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13016 comm="syz.7.4182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 140.590119][ T29] audit: type=1326 audit(143.776:6093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13016 comm="syz.7.4182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 140.613184][ T29] audit: type=1326 audit(143.776:6094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13016 comm="syz.7.4182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 140.636300][ T29] audit: type=1326 audit(143.776:6095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13016 comm="syz.7.4182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 140.659187][ T29] audit: type=1326 audit(143.776:6096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13016 comm="syz.7.4182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 140.682269][ T29] audit: type=1326 audit(143.797:6097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13016 comm="syz.7.4182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 140.711330][ T29] audit: type=1326 audit(143.923:6098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13020 comm="syz.1.4185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afe0ef749 code=0x7ffc0000 [ 140.734393][ T29] audit: type=1326 audit(143.923:6099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13020 comm="syz.1.4185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f8afe0ef749 code=0x7ffc0000 [ 140.757462][ T29] audit: type=1326 audit(143.923:6100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13020 comm="syz.1.4185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afe0ef749 code=0x7ffc0000 [ 140.784115][T13019] macsec1: entered promiscuous mode [ 140.789341][T13019] bridge0: entered promiscuous mode [ 140.792427][T13023] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 140.795503][T13019] bridge0: port 4(macsec1) entered blocking state [ 140.808770][T13019] bridge0: port 4(macsec1) entered disabled state [ 140.819569][T13019] macsec1: entered allmulticast mode [ 140.825118][T13019] bridge0: entered allmulticast mode [ 140.830984][T13019] macsec1: left allmulticast mode [ 140.836193][T13019] bridge0: left allmulticast mode [ 140.841828][T13019] bridge0: left promiscuous mode [ 140.899164][T13036] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 140.905322][T13037] netlink: 'syz.2.4194': attribute type 13 has an invalid length. [ 140.947011][T13045] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 140.985343][T13037] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.992798][T13037] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.049765][T13037] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 141.105673][ T58] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 141.114311][ T58] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.133662][ T58] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 141.142131][ T58] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.160029][ T58] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 141.168447][ T58] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.177200][ T58] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 141.185776][ T58] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.295406][T13069] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 141.331343][T13071] bridge0: entered promiscuous mode [ 141.348995][T13071] macsec1: entered promiscuous mode [ 141.361417][T13071] bridge0: port 4(macsec1) entered blocking state [ 141.367974][T13071] bridge0: port 4(macsec1) entered disabled state [ 141.387021][T13071] macsec1: entered allmulticast mode [ 141.392495][T13071] bridge0: entered allmulticast mode [ 141.399757][T13071] macsec1: left allmulticast mode [ 141.404916][T13071] bridge0: left allmulticast mode [ 141.416184][T13071] bridge0: left promiscuous mode [ 141.511705][T13083] netlink: 'syz.6.4214': attribute type 1 has an invalid length. [ 141.644707][T13101] netlink: 'syz.4.4225': attribute type 13 has an invalid length. [ 141.717348][T13101] batman_adv: batadv0: Interface deactivated: dummy0 [ 141.761857][ T36] lo speed is unknown, defaulting to 1000 [ 141.762029][ T9882] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 141.767736][ T36] syz2: Port: 1 Link DOWN [ 141.795307][ T9882] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 141.808172][ T9882] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 141.817197][ T9882] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 141.931256][T13145] macsec1: entered promiscuous mode [ 141.936664][T13145] bridge0: entered promiscuous mode [ 141.945217][T13145] bridge0: port 3(macsec1) entered blocking state [ 141.951738][T13145] bridge0: port 3(macsec1) entered disabled state [ 141.960547][T13145] macsec1: entered allmulticast mode [ 141.965920][T13145] bridge0: entered allmulticast mode [ 142.014580][T13158] netlink: 'syz.6.4249': attribute type 13 has an invalid length. [ 142.068022][T13145] macsec1: left allmulticast mode [ 142.073195][T13145] bridge0: left allmulticast mode [ 142.080935][T13145] bridge0: left promiscuous mode [ 142.179622][T13158] bridge0: port 3(batadv0) entered disabled state [ 142.186294][T13158] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.193615][T13158] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.213887][T13158] batman_adv: batadv0: Interface deactivated: dummy0 [ 142.250445][T13158] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 142.320402][ T9924] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 142.329364][ T9924] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.338674][ T9924] netdevsim netdevsim6 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 142.347808][ T9924] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.359782][ T9924] netdevsim netdevsim6 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 142.368762][ T9924] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.392886][ T9924] netdevsim netdevsim6 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 142.401842][ T9924] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.477286][T13206] loop2: detected capacity change from 0 to 1024 [ 142.536226][T13219] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 142.576896][T13223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 142.585753][T13223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.626598][T13206] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.917712][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.044975][T13268] sg_write: data in/out 156/1 bytes for SCSI command 0x0-- guessing data in; [ 143.044975][T13268] program syz.7.4294 not setting count and/or reply_len properly [ 143.086410][T13272] __nla_validate_parse: 10 callbacks suppressed [ 143.086427][T13272] netlink: 156 bytes leftover after parsing attributes in process `syz.7.4296'. [ 143.196431][T13295] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4305'. [ 143.264140][T13308] loop2: detected capacity change from 0 to 1024 [ 143.316216][T13308] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.356893][T13308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 143.366088][T13308] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 143.445467][T13328] netlink: 56 bytes leftover after parsing attributes in process `syz.4.4319'. [ 143.676888][T13369] netlink: 56 bytes leftover after parsing attributes in process `syz.7.4335'. [ 143.727546][T13383] netlink: 36 bytes leftover after parsing attributes in process `syz.7.4342'. [ 143.926701][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.101647][T13451] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4374'. [ 144.120945][T13453] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 144.150281][T13453] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 144.172629][T13462] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4388'. [ 144.215052][T13461] validate_nla: 2 callbacks suppressed [ 144.215070][T13461] netlink: 'syz.2.4378': attribute type 1 has an invalid length. [ 144.310736][T13485] unsupported nla_type 52263 [ 144.403776][T13494] block device autoloading is deprecated and will be removed. [ 144.445938][T13500] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4393'. [ 144.811009][T13554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 144.823907][T13554] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 144.949979][T13580] block device autoloading is deprecated and will be removed. [ 145.342085][ T29] kauditd_printk_skb: 303 callbacks suppressed [ 145.342097][ T29] audit: type=1326 audit(148.783:6404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13656 comm="syz.7.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 145.385219][ T29] audit: type=1326 audit(148.783:6405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13656 comm="syz.7.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 145.408153][ T29] audit: type=1326 audit(148.804:6406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13656 comm="syz.7.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 145.431064][ T29] audit: type=1326 audit(148.804:6407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13656 comm="syz.7.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 145.453996][ T29] audit: type=1326 audit(148.804:6408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13656 comm="syz.7.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 145.477355][ T29] audit: type=1326 audit(148.804:6409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13656 comm="syz.7.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 145.500290][ T29] audit: type=1326 audit(148.804:6410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13656 comm="syz.7.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 145.523265][ T29] audit: type=1326 audit(148.804:6411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13656 comm="syz.7.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 145.546236][ T29] audit: type=1326 audit(148.804:6412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13656 comm="syz.7.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 145.569162][ T29] audit: type=1326 audit(148.825:6413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13656 comm="syz.7.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31ff46f749 code=0x7ffc0000 [ 145.674720][T13684] smc: net device hsr0 applied user defined pnetid SYZ2 [ 145.685785][T13684] smc: net device hsr0 erased user defined pnetid SYZ2 [ 146.092900][T13774] lo speed is unknown, defaulting to 1000 [ 146.136097][T13779] netlink: 'syz.6.4512': attribute type 4 has an invalid length. [ 146.143873][T13779] netlink: 17 bytes leftover after parsing attributes in process `syz.6.4512'. [ 146.234721][T13794] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13794 comm=syz.6.4521 [ 146.427522][T13813] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4528'. [ 146.795443][T13869] netlink: 'syz.7.4554': attribute type 21 has an invalid length. [ 147.082596][T13914] loop1: detected capacity change from 0 to 4096 [ 147.091423][T13914] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.114885][T13922] netlink: 'syz.2.4577': attribute type 12 has an invalid length. [ 147.123836][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.192926][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.202351][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.210005][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.217777][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.225424][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.233217][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.240991][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.248713][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.256394][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.264408][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.272436][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.280731][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.288687][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.296978][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.321076][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.337542][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.354060][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.369338][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.390268][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.411812][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.430920][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.451442][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.485001][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.510620][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.532588][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.553993][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.584675][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.605275][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.626745][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.656064][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.663756][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.678806][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.686307][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.712703][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.727847][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.732816][T13944] loop1: detected capacity change from 0 to 764 [ 147.748598][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.749352][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.765425][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.788541][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.810622][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.823066][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.849137][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.849171][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.866952][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.892358][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.900886][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.936197][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.952973][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.971387][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 147.996517][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.006315][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.022793][T13932] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.047260][T13962] __nla_validate_parse: 10 callbacks suppressed [ 148.047342][T13962] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4596'. [ 148.078161][T13962] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4596'. [ 148.198633][T13972] lo speed is unknown, defaulting to 1000 [ 148.232794][T13973] netlink: 'syz.7.4599': attribute type 4 has an invalid length. [ 148.241275][T13973] netlink: 17 bytes leftover after parsing attributes in process `syz.7.4599'. [ 148.416691][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.426772][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.435228][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.448122][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.455790][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.475548][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.487420][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.501118][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.511255][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.518942][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.540333][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.553317][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.576065][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.584540][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.595569][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.614458][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.622090][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.630035][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.637745][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.645316][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.653347][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.663780][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.672107][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.681869][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.690530][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.703130][T14007] ================================================================== [ 148.707800][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.710618][T14007] BUG: KCSAN: data-race in shmem_file_splice_read / shmem_file_splice_read [ 148.731287][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.734678][T14007] [ 148.734689][T14007] write to 0xffff888118c52168 of 8 bytes by task 14004 on cpu 1: [ 148.734706][T14007] shmem_file_splice_read+0x470/0x600 [ 148.754233][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.757667][T14007] splice_direct_to_actor+0x26f/0x680 [ 148.757696][T14007] do_splice_direct+0xda/0x150 [ 148.757715][T14007] do_sendfile+0x380/0x650 [ 148.757745][T14007] __x64_sys_sendfile64+0x105/0x150 [ 148.757772][T14007] x64_sys_call+0x2bb4/0x3000 [ 148.757793][T14007] do_syscall_64+0xd2/0x200 [ 148.757814][T14007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.757835][T14007] [ 148.757841][T14007] write to 0xffff888118c52168 of 8 bytes by task 14007 on cpu 0: [ 148.757855][T14007] shmem_file_splice_read+0x470/0x600 [ 148.757880][T14007] splice_direct_to_actor+0x26f/0x680 [ 148.757907][T14007] do_splice_direct+0xda/0x150 [ 148.757927][T14007] do_sendfile+0x380/0x650 [ 148.757954][T14007] __x64_sys_sendfile64+0x105/0x150 [ 148.757980][T14007] x64_sys_call+0x2bb4/0x3000 [ 148.758002][T14007] do_syscall_64+0xd2/0x200 [ 148.758022][T14007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.758042][T14007] [ 148.758046][T14007] value changed: 0x0000000000010038 -> 0x000000000001004a [ 148.758058][T14007] [ 148.758062][T14007] Reported by Kernel Concurrency Sanitizer on: [ 148.758074][T14007] CPU: 0 UID: 0 PID: 14007 Comm: syz.7.4612 Not tainted syzkaller #0 PREEMPT(voluntary) [ 148.758098][T14007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 148.758111][T14007] ================================================================== [ 148.907743][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.909108][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.918806][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.926391][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.935181][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.942761][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.953334][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.962019][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.970578][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.982556][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.990522][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 148.998080][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.005811][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.013616][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.021209][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.029042][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.036669][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.044983][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.067406][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.092666][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.109709][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.119702][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.127462][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.134981][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.142780][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.150356][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.158477][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.166197][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.173841][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.181709][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.189337][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.197331][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.205322][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.227918][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 149.243475][T13997] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 151.564991][ T1061] page_pool_release_retry() stalled pool shutdown: id 69, 1 inflight 60 sec