last executing test programs: 1.278318308s ago: executing program 3 (id=525): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000400)=[{0x6, 0x1, 0x2, 0x7fff7ffc}]}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="160000000000000005000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000b80)=[{0x6}]}, 0x10) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) bind$bt_hci(r3, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) close_range(r0, 0xffffffffffffffff, 0x0) 1.232611182s ago: executing program 1 (id=527): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$selinux_context(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="02000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000010000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f00000004c0)=0x1000000, 0x4) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000001040)={'sit0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x3, 0x14, 0x64, 0x0, 0x0, 0x4, 0x0, @empty, @local}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000000)={'syztnl2\x00', &(0x7f0000000c80)={'syztnl2\x00', r4, 0x40, 0x7800, 0x8, 0xb, {{0x5, 0x4, 0x1, 0x39, 0x14, 0x65, 0x1, 0x0, 0x4, 0x0, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}) 1.231701592s ago: executing program 3 (id=528): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffff, 0xfffffffffffffff4}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0xdf) write$binfmt_elf64(r3, &(0x7f0000000980)=ANY=[@ANYBLOB="7f454c4600000006010000000000000003003e000000000003000000000000004000000000000000980100000000000002000000000038000200000002000000000000600300000008000000000000000d00000000000000ed08000000000000f0ffffffffffffff0000000000000000080000000000000003000000cff5ffff800300000000000001000000000000000500000000000000ff"], 0x5b0) close(r3) execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x1000) 1.213269764s ago: executing program 0 (id=529): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000500)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x40040d0}, 0xc0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b) r2 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x50, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7f, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffc00, 0x3, 0x2, 0xfffffffd, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x28011, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r4 = io_uring_setup(0xaae, &(0x7f00000003c0)={0x0, 0xffffeffa, 0x2, 0x7, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 1.185767697s ago: executing program 3 (id=530): socket$inet_mptcp(0x2, 0x1, 0x106) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10208}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10) openat$sysfs(0xffffff9c, 0x0, 0x0, 0x77632d15402b7bcf) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="4000000010000305000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000100000180012800e0001007769726567756172640000000400028008000a00", @ANYRES32], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) 890.707845ms ago: executing program 0 (id=532): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xd, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r2 = syz_io_uring_setup(0x1108, &(0x7f0000000300)={0x0, 0x995a, 0x400, 0x0, 0x8000021e}, &(0x7f00000001c0)=0x0, &(0x7f0000000480)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1}) io_uring_enter(r2, 0x47fa, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7}, 0x18) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000780)=ANY=[@ANYBLOB="02030003200000002cbd7000fcdbdf2502000900080000000a0000000000000005000600000000000a0000000000000000000000000000000000000000000034fbffffff000000000200010000ee40000400050c0000000005000500000000000a000000000000000000000000000000000000000000000107000000000000001000080088"], 0x100}, 0x1, 0x7}, 0x14) 785.962275ms ago: executing program 2 (id=533): fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYRES32, @ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r0}, 0x18) r1 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r1, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)="a6", 0xfffffcf4}, {0x0}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x106) recvmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x100) 771.668067ms ago: executing program 3 (id=534): r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f00000000c0), 0x10) r2 = dup3(r1, r0, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) r5 = socket$unix(0x1, 0x5, 0x0) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r5, @ANYBLOB="3bf81bb9f9"], 0x20000600}}, 0x0) sendmsg$can_bcm(r2, &(0x7f0000000080)={&(0x7f00000001c0)={0x1d, r4, 0x3f420f00}, 0x10, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[], 0x4640}, 0x2}, 0x2c004000) sendmsg$can_bcm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x5, 0x823, 0x0, {0x0, 0xea60}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "ce7ffe681c735b5719cfc914234834162f4d55e5827a4fa9d907b30dee5f9af3dc029871384dcbed5f13a5464083101fd2055f2c4271f73e269eef4e7cc3151d"}}, 0x80}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x5, 0x823, 0x7, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x7, 0x0, 0x0, 0x0, "ce7ffe681c735b5719cfc914234834162f4d55e5827a4fa9d907b30dee5f9af3dc029871384dcbed5f13a5464083101fd2055f2c4271f73e269eef4e7cc3151d"}}, 0x80}}, 0x0) 712.267552ms ago: executing program 3 (id=535): perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0xffffffffffffffff, 0x6}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x800) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xfffbffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x2000000, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=ANY=[@ANYBLOB="0600000004000000be7000005c00000000000000", @ANYRES32, @ANYBLOB="0000000000000067194e63b50000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\a'], 0x48) 711.315342ms ago: executing program 1 (id=536): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/11], 0x48) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0xbf) bpf$PROG_LOAD(0x5, &(0x7f0000001a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="18020000feffffff0000000003000000850000004100000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f805ffffb702000008000006b703000003000000850000001700000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8d6}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 702.638344ms ago: executing program 2 (id=537): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xd9}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1818e58, &(0x7f00000003c0), 0x2a, 0x63f, &(0x7f0000000d80)="$eJzs3c9rXFsdAPDvvZPkJWl86RMRX1AMuHgP5KVJfVh1Y1sXdlGwYBciLhqapIZOf5CkYGvBBFwoKIi4LdKN/4B76d6dCOrOtVBFKha0dB73zp1mMplfaTIzSe7nA5M599wzOeebOyf33HvnzA2gtOazH2nE+xGvbyQRs03rZqK+cr4o9+Lfj29mjyRqte/+K4mkyGuUT4rnM8XCZET86XLEpyv76918+Oj2crVW95OIc1t37p/bfPjoo/U7y7dWb63eXTr/tY8vLH596eOlpoa+vTPF85Wr3/n8L3/6w6+u/bn6URIX4/r4j1eiJY6jMh/z8boIsTl/LCIuZIk2f5eT5hSEUGqV4v04HhGfjdmo5Et1s7H+i5E2DhioWiWi1l3SqwBwUuneUFaNcUDj2L6/4+DrAx6VDM/zS/UDoP3xjxWnHCbzY6PpF0nTkVH93MbZI6g/q+PV48knrx7PPYk95yFevtk6Y0dQTyfbOxHxuXbxJ3nbzuaRZvGne47104hYjIiJon3fOkQbkqb0IM7DdHOQ+Ju3Qxb/xeI5y7/8lvW3ntYadvwAlNOzS8WOfDtb2t3/ZWOPxvgn2ox/Zg5/SSY36v1f5/FfY38/mY970pZxWDZmudb+V463Zvz951d+3an++vhv7knjkdXfGAsOw/OdiLmW+H+WBVuMf7L4kzbbPyty42J/dXz7L/+80mndqOOvPY34oO3xz+6oNEt1uT55bm29urpY/9m2jj/88Qe/61R/+/jfGUCk7WXbf7pD/E3bP219XfY3ud/+V+60Zvz+2tM7neqf6bn9039MJPXjzYki50c7W1sbSxETydWiSJG/vLW1cb57vPUyL2v581I9/g+/1L7/73n/t0Q11fiX2Yf737v9otO6t3n/N11Mfl3rsw2dZPGv9N7++/p/lverPuv47/cffKHTum7xTx0mMAAAAAAAACihNL8Gm6QLb9JpurBQny/7mZhOq/c2t768du/B3ZWID/PPQ46nkSb5R0Zm68vJ2np1dan4PGxj+XzL8lci4r2I+E1lKl9euHmvujLq4AEAAAAAAAAAAAAAAAAAAOCYOFPM/2/cp/o/lfr8f6Aket9gbt/9H4BTYpA3mASOt7z/d9vFvzu8tgDDZf8P5aX/Q3np/1Be+j+Ul/4P5aX/Q3np/1Be+j8AAAAAnErvffHZ35KI2P7GVP7ITBTrTPqF0238QKUrA2sHMHx6NJTXm0v/BvtQOn2N//9XfDng4JsDjEDSLjMfHNS6d/5nbV+5a+fwbQMAAAAAAAAAAAAA6j54v/P8/4PNDQZOGtP+oLwOMf/fVwfACeer/6G8HOMDPWbxx2SnFb3m/wMAAAAAAAAAAAAAR2YmfyTpQjEXeCbSdGEh4lMRcTbGk7X16upiRLwbEX+tjL+TLS+NutEAAAAAAAAAAAAAAAAAAABwymw+fHR7uVpd3WhO/H9fzulONO6C2rtwrY8yXRPfjAO+KpLh/1mmImLkG2VgibGmnCRiO9vyx6JhG5txPJqRJ0b8jwkAAAAAAAAAAAAAAAAAAEqoae5xe3O/HXKLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD4du//3yOxMl1/QV+F9yZGHSMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcDJ9EgAA//+YYDw3") lsm_set_self_attr(0x66, 0x0, 0x43, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x80000, 0x0) setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000480), 0x4) 690.725775ms ago: executing program 0 (id=538): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x2, @perf_config_ext={0x326, 0xe1}, 0x100a02, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0xffffffffffffffa0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) 635.135159ms ago: executing program 1 (id=539): execve(0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18) socket$packet(0x11, 0xa, 0x300) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000240)="f2435f0100088000000000850800", 0xe, 0x0, &(0x7f0000000200)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) 582.122195ms ago: executing program 1 (id=540): r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c45, 0x0) flock(r0, 0x5) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x8804, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000580)='kmem_cache_free\x00', r3}, 0x18) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x80) dup3(r4, r0, 0x0) 561.686007ms ago: executing program 0 (id=541): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x8}, 0x18) r1 = socket(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_META={0xc, 0x1, 0x0, 0x0, {{0x0, 0x4, 0x6}}}]}]}]}}]}, 0x50}}, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x8000) 549.198808ms ago: executing program 3 (id=542): sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) 480.213475ms ago: executing program 1 (id=543): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000900)='kfree\x00', r0}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d1a3a700080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1400000010007b0000000000000000000500000a480000001e0a010100000000000000000a0000060900020073797a31000000000900010073797a31"], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0) 390.454843ms ago: executing program 4 (id=544): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x96, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x9, 0x6, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xa27}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x6, 0x7, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x67152944, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000b40)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x800000000001ff, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x8) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x25}, 0x94) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_virt_wifi\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080)) 358.703116ms ago: executing program 0 (id=545): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001c00)=ANY=[@ANYBLOB="0b00000005000000070000000900000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000040), &(0x7f0000000300)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r2}, 0x10) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 341.751058ms ago: executing program 1 (id=546): r0 = socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x5, 0x4f, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000003}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0xffffffffffffffff}, 0x13) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000}, 0x94) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040)) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r0, &(0x7f0000002a40)=[{{0x0, 0x94, 0x0}, 0x5}], 0x1, 0x10000, 0x0) 246.707777ms ago: executing program 0 (id=547): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$selinux_context(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="02000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000010000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f00000004c0)=0x1000000, 0x4) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000001040)={'sit0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x3, 0x14, 0x64, 0x0, 0x0, 0x4, 0x0, @empty, @local}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000000)={'syztnl2\x00', &(0x7f0000000c80)={'syztnl2\x00', r4, 0x40, 0x7800, 0x8, 0xb, {{0x5, 0x4, 0x1, 0x39, 0x14, 0x65, 0x1, 0x0, 0x4, 0x0, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}) 246.266267ms ago: executing program 2 (id=548): bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r0}, 0x18) socket(0xa, 0x3, 0xff) socket$netlink(0x10, 0x3, 0x10) socket(0xa, 0x3, 0xff) syz_emit_ethernet(0x6e, &(0x7f00000001c0)={@random="cfb14e407d33", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}, @void, {@ipv6={0x86dd, @icmpv6={0x9, 0x6, 'z&-', 0x38, 0x3a, 0x1, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x8001, {0x2, 0x6, "081331", 0x9, 0xff, 0x0, @loopback, @loopback, [@fragment={0x3b, 0x0, 0xe, 0x0, 0x0, 0x3, 0x65}]}}}}}}}, 0x0) socket$unix(0x1, 0x1, 0x0) 235.372368ms ago: executing program 4 (id=549): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r1}, 0x18) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x4) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x200000000000000) 163.180925ms ago: executing program 2 (id=550): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = gettid() sendmsg$unix(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="a77e", 0x2}], 0x1, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r2, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="1c000000000000000100000402000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB="0000000018"], 0xa0}, 0x4004881) r3 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x95, 0x80003}, 0x100002, 0x0, 0xffffffff, 0x3, 0xf, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0xb}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f00000001c0)=r3}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10) recvmsg$unix(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x2000) 139.172087ms ago: executing program 4 (id=551): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000840)={0x0, 0x0}, 0x28) socketpair$nbd(0x1, 0x1, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 112.58282ms ago: executing program 2 (id=552): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r2) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x20, 0x8, [0x0, 0x0, 0x0, 0x100, 0x5, 0x0, 0x0, 0x2]}}) 104.418381ms ago: executing program 4 (id=553): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000001000080000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r4}, 0x18) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r0, &(0x7f00000001c0)={0x2c, 0x8, r2, 0x600}, 0x10) 47.005416ms ago: executing program 2 (id=554): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000001700000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) r3 = getpid() r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r5, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r3}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0xb0) 39.430107ms ago: executing program 4 (id=555): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r2}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000000), 0x75, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000540)='inet_sock_set_state\x00', r3}, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x3) 0s ago: executing program 4 (id=556): syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r3) socket$inet6(0xa, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20) close_range(r2, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.143' (ED25519) to the list of known hosts. [ 35.662573][ T29] audit: type=1400 audit(1766306962.603:62): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 35.685648][ T29] audit: type=1400 audit(1766306962.633:63): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 35.688024][ T3306] cgroup: Unknown subsys name 'net' [ 35.713593][ T29] audit: type=1400 audit(1766306962.653:64): avc: denied { unmount } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 35.845733][ T3306] cgroup: Unknown subsys name 'cpuset' [ 35.852046][ T3306] cgroup: Unknown subsys name 'rlimit' [ 36.023304][ T29] audit: type=1400 audit(1766306962.963:65): avc: denied { setattr } for pid=3306 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 36.055009][ T29] audit: type=1400 audit(1766306962.973:66): avc: denied { create } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 36.075572][ T29] audit: type=1400 audit(1766306962.973:67): avc: denied { write } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 36.093368][ T3309] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 36.096349][ T29] audit: type=1400 audit(1766306962.973:68): avc: denied { read } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 36.125108][ T29] audit: type=1400 audit(1766306962.983:69): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 36.145768][ T3306] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 36.149994][ T29] audit: type=1400 audit(1766306962.983:70): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 36.181802][ T29] audit: type=1400 audit(1766306962.993:71): avc: denied { read } for pid=3045 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 38.069441][ T3316] chnl_net:caif_netlink_parms(): no params data found [ 38.104744][ T3326] chnl_net:caif_netlink_parms(): no params data found [ 38.117471][ T3318] chnl_net:caif_netlink_parms(): no params data found [ 38.173540][ T3316] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.180683][ T3316] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.187974][ T3316] bridge_slave_0: entered allmulticast mode [ 38.194424][ T3316] bridge_slave_0: entered promiscuous mode [ 38.212301][ T3316] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.219423][ T3316] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.226636][ T3316] bridge_slave_1: entered allmulticast mode [ 38.233195][ T3316] bridge_slave_1: entered promiscuous mode [ 38.291499][ T3318] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.298688][ T3318] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.305876][ T3318] bridge_slave_0: entered allmulticast mode [ 38.312267][ T3318] bridge_slave_0: entered promiscuous mode [ 38.320275][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.329505][ T3326] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.336649][ T3326] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.343995][ T3326] bridge_slave_0: entered allmulticast mode [ 38.350638][ T3326] bridge_slave_0: entered promiscuous mode [ 38.359244][ T3326] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.366370][ T3326] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.373546][ T3326] bridge_slave_1: entered allmulticast mode [ 38.380095][ T3326] bridge_slave_1: entered promiscuous mode [ 38.391348][ T3318] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.398568][ T3318] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.405770][ T3318] bridge_slave_1: entered allmulticast mode [ 38.412212][ T3318] bridge_slave_1: entered promiscuous mode [ 38.419500][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.428845][ T3322] chnl_net:caif_netlink_parms(): no params data found [ 38.486466][ T3326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.496997][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.507188][ T3316] team0: Port device team_slave_0 added [ 38.518949][ T3326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.531117][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.540987][ T3316] team0: Port device team_slave_1 added [ 38.549141][ T3323] chnl_net:caif_netlink_parms(): no params data found [ 38.605195][ T3326] team0: Port device team_slave_0 added [ 38.611793][ T3318] team0: Port device team_slave_0 added [ 38.617861][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.624934][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.650903][ T3316] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.672070][ T3326] team0: Port device team_slave_1 added [ 38.678859][ T3318] team0: Port device team_slave_1 added [ 38.684743][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.691807][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.717955][ T3316] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.731534][ T3322] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.738750][ T3322] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.745983][ T3322] bridge_slave_0: entered allmulticast mode [ 38.752408][ T3322] bridge_slave_0: entered promiscuous mode [ 38.776851][ T3322] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.783959][ T3322] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.791316][ T3322] bridge_slave_1: entered allmulticast mode [ 38.797913][ T3322] bridge_slave_1: entered promiscuous mode [ 38.825917][ T3326] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.832905][ T3326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.858840][ T3326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.869973][ T3318] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.877046][ T3318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.903150][ T3318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.914954][ T3318] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.921911][ T3318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.947871][ T3318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.968958][ T3326] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.975998][ T3326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 39.002042][ T3326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.021305][ T3323] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.028439][ T3323] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.035856][ T3323] bridge_slave_0: entered allmulticast mode [ 39.042387][ T3323] bridge_slave_0: entered promiscuous mode [ 39.050569][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 39.063416][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 39.082923][ T3323] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.090149][ T3323] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.097459][ T3323] bridge_slave_1: entered allmulticast mode [ 39.103965][ T3323] bridge_slave_1: entered promiscuous mode [ 39.122009][ T3316] hsr_slave_0: entered promiscuous mode [ 39.128300][ T3316] hsr_slave_1: entered promiscuous mode [ 39.165534][ T3322] team0: Port device team_slave_0 added [ 39.172181][ T3322] team0: Port device team_slave_1 added [ 39.183992][ T3323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 39.195369][ T3326] hsr_slave_0: entered promiscuous mode [ 39.201437][ T3326] hsr_slave_1: entered promiscuous mode [ 39.207542][ T3326] debugfs: 'hsr0' already exists in 'hsr' [ 39.213291][ T3326] Cannot create hsr debugfs directory [ 39.232083][ T3318] hsr_slave_0: entered promiscuous mode [ 39.238319][ T3318] hsr_slave_1: entered promiscuous mode [ 39.244237][ T3318] debugfs: 'hsr0' already exists in 'hsr' [ 39.250089][ T3318] Cannot create hsr debugfs directory [ 39.256503][ T3323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 39.285131][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.292120][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 39.318060][ T3322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 39.348970][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 39.356096][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 39.382080][ T3322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.393883][ T3323] team0: Port device team_slave_0 added [ 39.418328][ T3323] team0: Port device team_slave_1 added [ 39.470196][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.477260][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 39.503241][ T3323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 39.527939][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 39.535000][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 39.561070][ T3323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.577869][ T3322] hsr_slave_0: entered promiscuous mode [ 39.584046][ T3322] hsr_slave_1: entered promiscuous mode [ 39.590190][ T3322] debugfs: 'hsr0' already exists in 'hsr' [ 39.596005][ T3322] Cannot create hsr debugfs directory [ 39.660378][ T3323] hsr_slave_0: entered promiscuous mode [ 39.667386][ T3323] hsr_slave_1: entered promiscuous mode [ 39.673416][ T3323] debugfs: 'hsr0' already exists in 'hsr' [ 39.679240][ T3323] Cannot create hsr debugfs directory [ 39.748404][ T3316] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 39.762389][ T3316] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 39.779098][ T3316] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 39.793524][ T3316] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 39.826332][ T3326] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 39.838615][ T3326] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 39.847704][ T3326] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 39.859704][ T3326] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 39.895039][ T3318] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 39.906885][ T3318] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 39.916319][ T3318] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 39.931810][ T3318] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 39.968396][ T3323] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 39.980610][ T3323] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 39.990003][ T3323] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 39.999667][ T3323] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 40.039831][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.051063][ T3322] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 40.060166][ T3322] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 40.069242][ T3322] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 40.080046][ T3322] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 40.103671][ T3316] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.117248][ T3326] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.132413][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.139610][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.157741][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.164913][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.192662][ T3326] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.214812][ T1725] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.221963][ T1725] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.235588][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.242692][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.258376][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.286219][ T3323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.298530][ T3323] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.312042][ T3318] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.327705][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.334895][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.344180][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.351367][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.368030][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.375136][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.383958][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.391051][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.447627][ T3316] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.457013][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.481206][ T3323] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 40.501452][ T3322] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.534471][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.541636][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.566113][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.573245][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.587222][ T3326] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.631927][ T3323] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.680771][ T3318] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.690688][ T3316] veth0_vlan: entered promiscuous mode [ 40.716240][ T3316] veth1_vlan: entered promiscuous mode [ 40.765466][ T3316] veth0_macvtap: entered promiscuous mode [ 40.786255][ T3326] veth0_vlan: entered promiscuous mode [ 40.795977][ T3326] veth1_vlan: entered promiscuous mode [ 40.803904][ T3316] veth1_macvtap: entered promiscuous mode [ 40.825005][ T3326] veth0_macvtap: entered promiscuous mode [ 40.845989][ T3326] veth1_macvtap: entered promiscuous mode [ 40.856119][ T3322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.872672][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.880433][ T3323] veth0_vlan: entered promiscuous mode [ 40.890731][ T3323] veth1_vlan: entered promiscuous mode [ 40.903027][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.913414][ T3326] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.928281][ T3326] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.942278][ T1725] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.977427][ T1725] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.989516][ T1725] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.009158][ T3323] veth0_macvtap: entered promiscuous mode [ 41.009641][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 41.009682][ T29] audit: type=1400 audit(1766306967.953:85): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/root/syzkaller.tr1nkV/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 41.036045][ T3323] veth1_macvtap: entered promiscuous mode [ 41.051555][ T29] audit: type=1400 audit(1766306967.993:86): avc: denied { mount } for pid=3316 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 41.074514][ T29] audit: type=1400 audit(1766306967.993:87): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/root/syzkaller.tr1nkV/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 41.099903][ T29] audit: type=1400 audit(1766306967.993:88): avc: denied { mount } for pid=3316 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 41.121840][ T29] audit: type=1400 audit(1766306968.023:89): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/root/syzkaller.tr1nkV/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 41.148490][ T29] audit: type=1400 audit(1766306968.023:90): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/root/syzkaller.tr1nkV/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3915 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 41.176015][ T29] audit: type=1400 audit(1766306968.023:91): avc: denied { unmount } for pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 41.200015][ T1725] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.211133][ T29] audit: type=1400 audit(1766306968.123:92): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 41.233964][ T29] audit: type=1400 audit(1766306968.123:93): avc: denied { mount } for pid=3316 comm="syz-executor" name="/" dev="gadgetfs" ino=3921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 41.250558][ T1725] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.266808][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.285669][ T3316] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 41.301353][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.321120][ T1725] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.330054][ T1725] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.358850][ T29] audit: type=1400 audit(1766306968.293:94): avc: denied { read write } for pid=3326 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 41.387984][ T1725] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.403568][ T3318] veth0_vlan: entered promiscuous mode [ 41.415606][ T1725] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.438092][ T3322] veth0_vlan: entered promiscuous mode [ 41.449340][ T1725] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.459456][ T3318] veth1_vlan: entered promiscuous mode [ 41.461031][ T3497] netlink: 'syz.1.6': attribute type 1 has an invalid length. [ 41.472669][ T3497] netlink: 'syz.1.6': attribute type 4 has an invalid length. [ 41.480206][ T3497] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.6'. [ 41.490241][ T3497] netlink: 'syz.1.6': attribute type 1 has an invalid length. [ 41.498005][ T3497] netlink: 'syz.1.6': attribute type 4 has an invalid length. [ 41.505701][ T3497] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.6'. [ 41.506745][ T802] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.526234][ T802] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.536079][ T3322] veth1_vlan: entered promiscuous mode [ 41.599142][ T3318] veth0_macvtap: entered promiscuous mode [ 41.622363][ T3509] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 41.629661][ T3509] IPv6: NLM_F_CREATE should be set when creating new route [ 41.630859][ T3318] veth1_macvtap: entered promiscuous mode [ 41.636907][ T3509] IPv6: NLM_F_CREATE should be set when creating new route [ 41.680276][ T3322] veth0_macvtap: entered promiscuous mode [ 41.780800][ T3318] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.796663][ T3322] veth1_macvtap: entered promiscuous mode [ 41.804045][ T3318] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.818644][ T65] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.837909][ T65] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.853896][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.870095][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.882980][ T65] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.931670][ T65] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.951326][ T65] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.970509][ T65] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.000314][ T65] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.025787][ T65] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.051080][ T3534] loop0: detected capacity change from 0 to 128 [ 42.131082][ T3534] syz.0.16: attempt to access beyond end of device [ 42.131082][ T3534] loop0: rw=0, sector=121, nr_sectors = 920 limit=128 [ 42.405829][ T3552] loop3: detected capacity change from 0 to 1024 [ 42.416658][ T3552] EXT4-fs: Ignoring removed orlov option [ 42.440125][ T3552] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.509008][ T3565] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 42.523594][ T3562] netlink: 'syz.4.23': attribute type 1 has an invalid length. [ 42.556713][ T3565] netlink: 4 bytes leftover after parsing attributes in process `syz.1.25'. [ 42.615048][ T3565] bridge_slave_1: left allmulticast mode [ 42.620813][ T3565] bridge_slave_1: left promiscuous mode [ 42.626879][ T3565] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.649282][ T3565] bridge_slave_0: left allmulticast mode [ 42.655010][ T3565] bridge_slave_0: left promiscuous mode [ 42.660830][ T3565] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.765067][ T3555] netlink: 68 bytes leftover after parsing attributes in process `syz.2.21'. [ 43.053095][ T3600] loop2: detected capacity change from 0 to 128 [ 43.072130][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.092275][ T3600] ======================================================= [ 43.092275][ T3600] WARNING: The mand mount option has been deprecated and [ 43.092275][ T3600] and is ignored by this kernel. Remove the mand [ 43.092275][ T3600] option from the mount to silence this warning. [ 43.092275][ T3600] ======================================================= [ 43.360536][ T3627] loop2: detected capacity change from 0 to 512 [ 43.378785][ T3627] EXT4-fs: Ignoring removed nobh option [ 43.433637][ T3627] EXT4-fs (loop2): failed to initialize system zone (-117) [ 43.465163][ T3627] EXT4-fs (loop2): mount failed [ 43.564757][ T3635] loop3: detected capacity change from 0 to 4096 [ 43.591241][ T3635] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.747829][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.864875][ C1] hrtimer: interrupt took 37670 ns [ 44.020065][ T3640] cgroup: fork rejected by pids controller in /syz0 [ 44.370119][ T3824] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.675975][ T3824] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.767676][ T4210] tipc: Enabling of bearer rejected, failed to enable media [ 44.839283][ T3824] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.933888][ T4231] veth2: entered promiscuous mode [ 44.939120][ T4231] veth2: entered allmulticast mode [ 45.012440][ T3824] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.164996][ T31] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.206655][ T31] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.262908][ T31] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.303607][ T31] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.406836][ T4243] loop4: detected capacity change from 0 to 512 [ 45.424319][ T4243] EXT4-fs: Ignoring removed i_version option [ 45.440559][ T4245] netlink: 24 bytes leftover after parsing attributes in process `syz.1.61'. [ 45.455392][ T4243] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 45.468715][ T4243] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 45.484421][ T4245] netlink: 48 bytes leftover after parsing attributes in process `syz.1.61'. [ 45.499815][ T4243] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 45.543042][ T4243] EXT4-fs (loop4): 1 truncate cleaned up [ 45.565672][ T4243] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.671677][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.718662][ T4256] netlink: 'syz.3.65': attribute type 1 has an invalid length. [ 45.757667][ T4254] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.831235][ T4254] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.922866][ T4254] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.969781][ T4267] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.017504][ T4254] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.055722][ T29] kauditd_printk_skb: 201 callbacks suppressed [ 46.055740][ T29] audit: type=1400 audit(1766306973.003:296): avc: denied { create } for pid=4269 comm="syz.3.72" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=chr_file permissive=1 [ 46.090928][ T4267] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.169190][ T53] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.181227][ T53] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.196724][ T4267] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.363919][ T1725] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.373180][ T1725] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.395524][ T29] audit: type=1400 audit(1766306973.343:297): avc: denied { mount } for pid=4275 comm="syz.0.75" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 46.422382][ T29] audit: type=1400 audit(1766306973.363:298): avc: denied { mounton } for pid=4275 comm="syz.0.75" path="/15/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 46.444329][ T29] audit: type=1400 audit(1766306973.363:299): avc: denied { unmount } for pid=4275 comm="syz.0.75" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 46.475301][ T29] audit: type=1400 audit(1766306973.423:300): avc: denied { unmount } for pid=3323 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 46.511076][ T4267] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.567770][ T53] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.585854][ T53] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.599096][ T53] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.618811][ T53] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.957719][ T29] audit: type=1400 audit(1766306973.903:301): avc: denied { create } for pid=4299 comm="syz.4.83" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 46.997207][ T4297] bridge_slave_0: left allmulticast mode [ 47.002945][ T4297] bridge_slave_0: left promiscuous mode [ 47.008750][ T4297] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.025601][ T29] audit: type=1400 audit(1766306973.923:302): avc: denied { setopt } for pid=4299 comm="syz.4.83" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 47.045099][ T29] audit: type=1400 audit(1766306973.923:303): avc: denied { bind } for pid=4299 comm="syz.4.83" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 47.064288][ T29] audit: type=1400 audit(1766306973.933:304): avc: denied { listen } for pid=4299 comm="syz.4.83" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 47.083725][ T29] audit: type=1400 audit(1766306973.933:305): avc: denied { connect } for pid=4299 comm="syz.4.83" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 47.107567][ T4297] bridge_slave_1: left allmulticast mode [ 47.113417][ T4297] bridge_slave_1: left promiscuous mode [ 47.119467][ T4297] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.147212][ T4297] bond0: (slave bond_slave_0): Releasing backup interface [ 47.166445][ T4297] bond0: (slave bond_slave_1): Releasing backup interface [ 47.195766][ T4297] team0: Port device team_slave_0 removed [ 47.211819][ T4297] team0: Port device team_slave_1 removed [ 47.224959][ T4297] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 47.232460][ T4297] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 47.256434][ T4297] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 47.263893][ T4297] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 47.273979][ T4297] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 47.293637][ T4301] team0: Mode changed to "broadcast" [ 47.459834][ T4318] netlink: 24 bytes leftover after parsing attributes in process `syz.4.90'. [ 47.545519][ T4324] veth4: entered promiscuous mode [ 47.550619][ T4324] veth4: entered allmulticast mode [ 47.609959][ T4328] netlink: 300 bytes leftover after parsing attributes in process `syz.4.93'. [ 47.807377][ T4338] loop4: detected capacity change from 0 to 1024 [ 47.820865][ T4338] EXT4-fs: Ignoring removed nomblk_io_submit option [ 47.845708][ T4338] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.335073][ T4351] Driver unsupported XDP return value 0 on prog (id 80) dev N/A, expect packet loss! [ 48.395382][ T4344] rdma_op ffff88811c790d80 conn xmit_rdma 0000000000000000 [ 49.168476][ T4338] syz.4.98 (4338) used greatest stack depth: 7256 bytes left [ 49.183855][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.256964][ T4365] netlink: 7 bytes leftover after parsing attributes in process `syz.4.106'. [ 49.312737][ T4365] netlink: 60 bytes leftover after parsing attributes in process `syz.4.106'. [ 49.321777][ T4365] netlink: 60 bytes leftover after parsing attributes in process `syz.4.106'. [ 49.359127][ T4370] loop0: detected capacity change from 0 to 1024 [ 49.381895][ T4365] netlink: 7 bytes leftover after parsing attributes in process `syz.4.106'. [ 49.404979][ T4365] netlink: 60 bytes leftover after parsing attributes in process `syz.4.106'. [ 49.413953][ T4365] netlink: 60 bytes leftover after parsing attributes in process `syz.4.106'. [ 49.483057][ T4365] netlink: 7 bytes leftover after parsing attributes in process `syz.4.106'. [ 49.503263][ T4365] netlink: 60 bytes leftover after parsing attributes in process `syz.4.106'. [ 50.002307][ T4406] bridge: RTM_NEWNEIGH with invalid ether address [ 50.148394][ T4424] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.158436][ T4427] loop0: detected capacity change from 0 to 512 [ 50.177915][ T4427] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.130: bg 0: block 248: padding at end of block bitmap is not set [ 50.192768][ T4427] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.130: Failed to acquire dquot type 1 [ 50.206950][ T4424] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.232474][ T4427] EXT4-fs (loop0): 1 truncate cleaned up [ 50.241551][ T4427] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.254643][ T4427] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.268650][ T4424] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.270868][ T4434] loop1: detected capacity change from 0 to 256 [ 50.306984][ T3323] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.338431][ T4424] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.406904][ T802] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.429419][ T802] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.441214][ T802] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.449770][ T802] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.483775][ T4447] process 'syz.2.135' launched '/dev/fd/3' with NULL argv: empty string added [ 50.523784][ T4450] loop2: detected capacity change from 0 to 128 [ 50.574748][ T4450] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 50.600150][ T4450] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 50.610370][ T4454] macvtap0: refused to change device tx_queue_len [ 50.684466][ T4459] loop2: detected capacity change from 0 to 1024 [ 50.694359][ T4456] loop4: detected capacity change from 0 to 1024 [ 50.865367][ T4459] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.139: bad orphan inode 134217728 [ 50.895618][ T4459] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.081911][ T4476] loop4: detected capacity change from 0 to 512 [ 51.102497][ T29] kauditd_printk_skb: 234 callbacks suppressed [ 51.102514][ T29] audit: type=1400 audit(1766306978.043:538): avc: denied { mount } for pid=4457 comm="syz.3.141" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 51.152914][ T4476] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.324934][ T4476] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 51.349627][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.552672][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.562074][ T29] audit: type=1400 audit(1766306978.493:539): avc: denied { create } for pid=4490 comm="syz.1.151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 51.623922][ T29] audit: type=1400 audit(1766306978.513:540): avc: denied { bind } for pid=4490 comm="syz.1.151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 51.643141][ T29] audit: type=1400 audit(1766306978.553:541): avc: denied { watch } for pid=4495 comm="syz.4.153" path="/33" dev="tmpfs" ino=188 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 51.801294][ T29] audit: type=1400 audit(1766306978.613:542): avc: denied { accept } for pid=4497 comm="syz.4.154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 51.820836][ T29] audit: type=1400 audit(1766306978.613:543): avc: denied { read } for pid=4497 comm="syz.4.154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 51.840234][ T29] audit: type=1400 audit(1766306978.633:544): avc: denied { setopt } for pid=4499 comm="syz.1.155" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 51.859507][ T29] audit: type=1326 audit(1766306978.713:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4503 comm="syz.1.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19a3f9f749 code=0x7ffc0000 [ 51.882776][ T29] audit: type=1326 audit(1766306978.713:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4503 comm="syz.1.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19a3f9f749 code=0x7ffc0000 [ 51.906047][ T29] audit: type=1326 audit(1766306978.713:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4503 comm="syz.1.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19a3f9f749 code=0x7ffc0000 [ 52.390576][ T4522] ip6t_rpfilter: unknown options [ 52.524486][ T4532] loop2: detected capacity change from 0 to 1024 [ 52.954256][ T4559] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 53.407015][ T3392] IPVS: starting estimator thread 0... [ 53.473995][ T4569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 53.490284][ T4571] syz.4.181 uses obsolete (PF_INET,SOCK_PACKET) [ 53.504914][ T4568] IPVS: using max 2208 ests per chain, 110400 per kthread [ 53.517004][ T4569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 53.913488][ T4590] __nla_validate_parse: 4 callbacks suppressed [ 53.913508][ T4590] netlink: 83992 bytes leftover after parsing attributes in process `syz.4.188'. [ 53.930919][ T4590] netlink: zone id is out of range [ 53.936190][ T4590] netlink: zone id is out of range [ 53.942591][ T4590] netlink: zone id is out of range [ 53.954908][ T4590] netlink: zone id is out of range [ 53.963265][ T4590] netlink: zone id is out of range [ 53.977456][ T4590] netlink: set zone limit has 8 unknown bytes [ 54.027630][ T4599] loop3: detected capacity change from 0 to 1024 [ 54.035575][ T4599] EXT4-fs: Ignoring removed orlov option [ 54.063315][ T4599] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.086452][ T4606] netlink: 24 bytes leftover after parsing attributes in process `syz.1.193'. [ 54.127523][ T4606] netlink: 4 bytes leftover after parsing attributes in process `syz.1.193'. [ 54.504127][ T4618] loop1: detected capacity change from 0 to 512 [ 54.570887][ T4618] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #3: comm syz.1.199: corrupted inode contents [ 54.625584][ T4618] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #3: comm syz.1.199: mark_inode_dirty error [ 54.665651][ T4618] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #3: comm syz.1.199: corrupted inode contents [ 54.678726][ T4618] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #3: comm syz.1.199: mark_inode_dirty error [ 54.706124][ T4618] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.199: Failed to acquire dquot type 0 [ 54.720277][ T4618] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.199: corrupted inode contents [ 54.733047][ T4618] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #16: comm syz.1.199: mark_inode_dirty error [ 54.746758][ T4618] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.199: corrupted inode contents [ 54.785119][ T4618] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.199: mark_inode_dirty error [ 54.797042][ T4618] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.199: corrupted inode contents [ 54.828428][ T4618] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 54.853037][ T4618] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.199: corrupted inode contents [ 54.911223][ T4618] EXT4-fs error (device loop1): ext4_truncate:4635: inode #16: comm syz.1.199: mark_inode_dirty error [ 54.945606][ T4618] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 54.957272][ T4618] EXT4-fs (loop1): 1 truncate cleaned up [ 54.980096][ T4618] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.005182][ T4618] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.019019][ T4641] netlink: 40 bytes leftover after parsing attributes in process `syz.4.206'. [ 55.035230][ T4641] ip6gre1: entered promiscuous mode [ 55.040748][ T4641] ip6gre1: entered allmulticast mode [ 55.057506][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.079259][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.161293][ T4648] netlink: 4 bytes leftover after parsing attributes in process `syz.0.210'. [ 55.290071][ T4658] netlink: 12 bytes leftover after parsing attributes in process `syz.1.214'. [ 55.432248][ T4669] loop3: detected capacity change from 0 to 1024 [ 55.456980][ T4669] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 55.469388][ T4669] ext4 filesystem being mounted at /44/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.511770][ T4669] EXT4-fs error (device loop3): ext4_map_blocks:825: inode #15: comm syz.3.217: lblock 0 mapped to illegal pblock 0 (length 6) [ 55.576608][ T4669] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 55.589000][ T4669] EXT4-fs (loop3): This should not happen!! Data will be lost [ 55.589000][ T4669] [ 55.612805][ T4678] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #15: comm syz.3.217: lblock 0 mapped to illegal pblock 0 (length 1) [ 55.626411][ T4678] EXT4-fs error (device loop3): ext4_ext_remove_space:2955: inode #15: comm syz.3.217: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 55.645141][ T4678] EXT4-fs error (device loop3) in ext4_setattr:6035: Corrupt filesystem [ 55.668989][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 56.115095][ T4702] netlink: 24 bytes leftover after parsing attributes in process `syz.4.229'. [ 56.159067][ T29] kauditd_printk_skb: 280 callbacks suppressed [ 56.159082][ T29] audit: type=1400 audit(2000000001.650:826): avc: denied { create } for pid=4703 comm="syz.4.230" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 56.229471][ T29] audit: type=1326 audit(2000000001.690:827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4680 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fcdab3c2005 code=0x7ffc0000 [ 56.311241][ T29] audit: type=1326 audit(2000000001.790:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4680 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fcdab38f749 code=0x7ffc0000 [ 56.351144][ T4707] loop2: detected capacity change from 0 to 128 [ 56.364617][ T4707] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 56.394039][ T4707] ext4 filesystem being mounted at /30/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 56.430481][ T29] audit: type=1400 audit(2000000001.920:829): avc: denied { setattr } for pid=4706 comm="syz.2.231" path="/30/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 56.489359][ T29] audit: type=1400 audit(2000000001.980:830): avc: denied { ioctl } for pid=4706 comm="syz.2.231" path="/30/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop2" ino=12 ioctlcmd=0x6609 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 56.599454][ T4712] netlink: 'syz.0.233': attribute type 1 has an invalid length. [ 56.607327][ T4712] netlink: 'syz.0.233': attribute type 2 has an invalid length. [ 56.617380][ T4710] syzkaller0: entered promiscuous mode [ 56.623037][ T4710] syzkaller0: entered allmulticast mode [ 56.623080][ T4712] netlink: 4 bytes leftover after parsing attributes in process `syz.0.233'. [ 56.639246][ T3322] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 56.652022][ T12] syzkaller0: tun_net_xmit 48 [ 56.657369][ T29] audit: type=1400 audit(2000000002.150:831): avc: denied { relabelfrom } for pid=4709 comm="syz.1.232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 56.677663][ T29] audit: type=1400 audit(2000000002.150:832): avc: denied { relabelto } for pid=4709 comm="syz.1.232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 56.731034][ T4710] syzkaller0: tun_net_xmit 1280 [ 56.736051][ T4710] syzkaller0: create flow: hash 3079338662 index 1 [ 56.763232][ T1039] IPVS: starting estimator thread 0... [ 56.769640][ T29] audit: type=1326 audit(2000000002.230:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4716 comm="syz.2.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcdab38f749 code=0x7ffc0000 [ 56.793095][ T29] audit: type=1326 audit(2000000002.230:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4716 comm="syz.2.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcdab38f749 code=0x7ffc0000 [ 56.816411][ T29] audit: type=1326 audit(2000000002.230:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4716 comm="syz.2.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7fcdab38f749 code=0x7ffc0000 [ 56.846213][ T4709] syzkaller0: delete flow: hash 3079338662 index 1 [ 56.875386][ T4718] IPVS: using max 1728 ests per chain, 86400 per kthread [ 57.455153][ T4738] loop3: detected capacity change from 0 to 512 [ 57.470337][ T4738] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 57.558594][ T4738] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.571485][ T4738] ext4 filesystem being mounted at /51/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 57.635669][ T4738] syz.3.243 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 57.819650][ T4757] loop2: detected capacity change from 0 to 164 [ 57.916311][ T4763] syz.2.251: attempt to access beyond end of device [ 57.916311][ T4763] loop2: rw=8912896, sector=263328, nr_sectors = 4 limit=164 [ 57.957222][ T4763] syz.2.251: attempt to access beyond end of device [ 57.957222][ T4763] loop2: rw=8388608, sector=263328, nr_sectors = 4 limit=164 [ 58.019022][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.143530][ T4610] IPVS: starting estimator thread 0... [ 58.239942][ T4776] IPVS: using max 2208 ests per chain, 110400 per kthread [ 58.361749][ T4784] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.377030][ T4785] mmap: syz.0.257 (4785) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 58.449502][ T4784] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.516652][ T4784] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.569996][ T4784] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.616339][ T4790] syz_tun: entered allmulticast mode [ 58.653054][ T31] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.674363][ T31] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.688385][ T4789] syz_tun: left allmulticast mode [ 58.705841][ T31] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.714087][ T31] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.432840][ T4830] loop3: detected capacity change from 0 to 1764 [ 59.702151][ T4842] netlink: 4 bytes leftover after parsing attributes in process `syz.1.284'. [ 59.919185][ T4835] loop4: detected capacity change from 0 to 32768 [ 59.965333][ T3612] loop4: p1 p2 p3 < p5 p6 > [ 59.976381][ T3612] loop4: p2 size 16775168 extends beyond EOD, truncated [ 60.023273][ T3612] loop4: p5 start 4294970168 is beyond EOD, truncated [ 60.044157][ T4835] loop4: p1 p2 p3 < p5 p6 > [ 60.049584][ T4835] loop4: p2 size 16775168 extends beyond EOD, truncated [ 60.058678][ T4835] loop4: p5 start 4294970168 is beyond EOD, truncated [ 60.222196][ T3310] udevd[3310]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 60.233669][ T3561] udevd[3561]: inotify_add_watch(7, /dev/loop4p6, 10) failed: No such file or directory [ 60.245300][ T3307] udevd[3307]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 60.266648][ T3612] udevd[3612]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 60.291351][ T3561] udevd[3561]: inotify_add_watch(7, /dev/loop4p6, 10) failed: No such file or directory [ 60.302723][ T3307] udevd[3307]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 60.314060][ T3310] udevd[3310]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 60.329787][ T3612] udevd[3612]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 60.700487][ T4873] loop3: detected capacity change from 0 to 128 [ 60.720643][ T4873] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 60.747146][ T4873] ext4 filesystem being mounted at /63/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 60.882219][ T3326] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 61.092581][ T4895] pimreg: entered allmulticast mode [ 61.102102][ T4894] pimreg: left allmulticast mode [ 61.187134][ T29] kauditd_printk_skb: 396 callbacks suppressed [ 61.187159][ T29] audit: type=1326 audit(2000000006.670:1232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4896 comm="syz.3.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b8f3f749 code=0x7ffc0000 [ 61.217049][ T29] audit: type=1326 audit(2000000006.670:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4896 comm="syz.3.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b8f3f749 code=0x7ffc0000 [ 61.240552][ T29] audit: type=1326 audit(2000000006.670:1234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4896 comm="syz.3.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f80b8f3f749 code=0x7ffc0000 [ 61.263974][ T29] audit: type=1326 audit(2000000006.670:1235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4896 comm="syz.3.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b8f3f749 code=0x7ffc0000 [ 61.287385][ T29] audit: type=1326 audit(2000000006.670:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4896 comm="syz.3.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b8f3f749 code=0x7ffc0000 [ 61.310767][ T29] audit: type=1326 audit(2000000006.670:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4896 comm="syz.3.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f80b8f3f749 code=0x7ffc0000 [ 61.334259][ T29] audit: type=1326 audit(2000000006.670:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4896 comm="syz.3.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b8f3f749 code=0x7ffc0000 [ 61.357645][ T29] audit: type=1326 audit(2000000006.670:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4896 comm="syz.3.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b8f3f749 code=0x7ffc0000 [ 61.381068][ T29] audit: type=1326 audit(2000000006.670:1240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4896 comm="syz.3.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f80b8f3f749 code=0x7ffc0000 [ 61.404430][ T29] audit: type=1326 audit(2000000006.670:1241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4896 comm="syz.3.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b8f3f749 code=0x7ffc0000 [ 61.649653][ T4882] Set syz1 is full, maxelem 65536 reached [ 61.959632][ T4916] netlink: 8 bytes leftover after parsing attributes in process `syz.1.311'. [ 61.981214][ T4916] netlink: 8 bytes leftover after parsing attributes in process `syz.1.311'. [ 62.011345][ T4916] netlink: 8 bytes leftover after parsing attributes in process `syz.1.311'. [ 62.028809][ T4918] syz_tun: entered allmulticast mode [ 62.035741][ T4916] netlink: 8 bytes leftover after parsing attributes in process `syz.1.311'. [ 62.059694][ T4917] syz_tun: left allmulticast mode [ 62.139178][ T4923] loop2: detected capacity change from 0 to 512 [ 62.158177][ T4923] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #3: comm syz.2.314: corrupted inode contents [ 62.185295][ T4923] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #3: comm syz.2.314: mark_inode_dirty error [ 62.215056][ T4923] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #3: comm syz.2.314: corrupted inode contents [ 62.227150][ T4923] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #3: comm syz.2.314: mark_inode_dirty error [ 62.227262][ T4929] tipc: Started in network mode [ 62.227292][ T4929] tipc: Node identity ac14140f, cluster identity 4711 [ 62.240640][ T4923] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.314: Failed to acquire dquot type 0 [ 62.261699][ T4929] tipc: New replicast peer: 255.255.255.255 [ 62.267967][ T4929] tipc: Enabled bearer , priority 10 [ 62.275126][ T4923] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.314: corrupted inode contents [ 62.291089][ T4923] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #16: comm syz.2.314: mark_inode_dirty error [ 62.324905][ T4923] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.314: corrupted inode contents [ 62.346960][ T4923] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #16: comm syz.2.314: mark_inode_dirty error [ 62.388140][ T4923] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.314: corrupted inode contents [ 62.410627][ T4923] EXT4-fs error (device loop2) in ext4_orphan_del:303: Corrupt filesystem [ 62.432841][ T4937] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.443330][ T4923] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.314: corrupted inode contents [ 62.475439][ T4923] EXT4-fs error (device loop2): ext4_truncate:4635: inode #16: comm syz.2.314: mark_inode_dirty error [ 62.488585][ T4941] netlink: 60 bytes leftover after parsing attributes in process `syz.4.321'. [ 62.497686][ T4941] netlink: 60 bytes leftover after parsing attributes in process `syz.4.321'. [ 62.505856][ T4923] EXT4-fs error (device loop2) in ext4_process_orphan:345: Corrupt filesystem [ 62.527101][ T4937] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.545750][ T4944] netlink: 12 bytes leftover after parsing attributes in process `syz.1.322'. [ 62.556019][ T4923] EXT4-fs (loop2): 1 truncate cleaned up [ 62.563589][ T4923] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.578858][ T4941] netlink: 60 bytes leftover after parsing attributes in process `syz.4.321'. [ 62.587980][ T4941] netlink: 60 bytes leftover after parsing attributes in process `syz.4.321'. [ 62.594056][ T4923] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.598326][ T4937] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.630371][ T4947] loop1: detected capacity change from 0 to 512 [ 62.647181][ T4937] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.659980][ T4947] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 62.685975][ T4947] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 62.700502][ T4947] EXT4-fs (loop1): failed to initialize system zone (-117) [ 62.709096][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.709535][ T4947] EXT4-fs (loop1): mount failed [ 62.771260][ T290] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.785806][ T290] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.813474][ T290] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.825410][ T290] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.850925][ T4957] loop4: detected capacity change from 0 to 2048 [ 62.860058][ T4962] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.917562][ T4957] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.918301][ T4962] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.940566][ T4964] loop1: detected capacity change from 0 to 1024 [ 62.954669][ T4964] ext4: Unknown parameter 'nouser_xattr' [ 62.962784][ T4971] loop3: detected capacity change from 0 to 128 [ 63.029534][ T4962] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.039384][ T4971] EXT4-fs: test_dummy_encryption option not supported [ 63.088555][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.127048][ T4962] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.204093][ T53] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.236697][ T53] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.274393][ T53] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.282832][ T3478] tipc: Node number set to 2886997007 [ 63.290951][ T4983] loop4: detected capacity change from 0 to 128 [ 63.301304][ T53] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.330608][ T4983] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 63.389764][ T4983] ext4 filesystem being mounted at /72/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 63.588571][ T3318] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 63.681335][ T5006] loop4: detected capacity change from 0 to 128 [ 63.790825][ T5006] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 63.845180][ T5006] ext4 filesystem being mounted at /73/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.886152][ T5024] bond1: option primary_reselect: invalid value (4) [ 63.995273][ T5024] bond1 (unregistering): Released all slaves [ 64.051996][ T5029] ALSA: seq fatal error: cannot create timer (-19) [ 64.084093][ T5032] ext4: Unknown parameter 'fowner' [ 64.213541][ T5096] syzkaller0: entered promiscuous mode [ 64.219131][ T5096] syzkaller0: entered allmulticast mode [ 64.233956][ T3318] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 64.883400][ T5114] pimreg: entered allmulticast mode [ 64.910926][ T5112] pimreg: left allmulticast mode [ 64.926447][ T5117] netlink: 'syz.0.364': attribute type 21 has an invalid length. [ 64.941937][ T5117] netlink: 'syz.0.364': attribute type 1 has an invalid length. [ 64.949713][ T5117] __nla_validate_parse: 5 callbacks suppressed [ 64.949730][ T5117] netlink: 132 bytes leftover after parsing attributes in process `syz.0.364'. [ 65.044641][ T5122] bridge0: port 3(gretap0) entered blocking state [ 65.051260][ T5122] bridge0: port 3(gretap0) entered disabled state [ 65.100377][ T5122] gretap0: entered allmulticast mode [ 65.126399][ T5122] gretap0: entered promiscuous mode [ 65.147105][ T5122] bridge0: port 3(gretap0) entered blocking state [ 65.153632][ T5122] bridge0: port 3(gretap0) entered forwarding state [ 65.205818][ T5133] pim6reg1: entered promiscuous mode [ 65.211246][ T5133] pim6reg1: entered allmulticast mode [ 65.372572][ T5138] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5138 comm=syz.4.373 [ 65.563941][ T5148] netlink: 8 bytes leftover after parsing attributes in process `syz.1.378'. [ 65.573867][ T5148] netlink: 4 bytes leftover after parsing attributes in process `syz.1.378'. [ 66.401810][ T5160] netlink: 8 bytes leftover after parsing attributes in process `syz.2.381'. [ 66.433742][ T5159] set_capacity_and_notify: 2 callbacks suppressed [ 66.433771][ T5159] loop4: detected capacity change from 0 to 512 [ 66.452852][ T5163] netlink: 4 bytes leftover after parsing attributes in process `syz.2.381'. [ 66.471982][ T5159] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #3: comm syz.4.380: corrupted inode contents [ 66.484933][ T5164] sch_fq: defrate 0 ignored. [ 66.535813][ T5159] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #3: comm syz.4.380: mark_inode_dirty error [ 66.608442][ T5159] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #3: comm syz.4.380: corrupted inode contents [ 66.641496][ T5159] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #3: comm syz.4.380: mark_inode_dirty error [ 66.714430][ T5159] __quota_error: 190 callbacks suppressed [ 66.714446][ T5159] Quota error (device loop4): write_blk: dquota write failed [ 66.737238][ T5159] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 66.755034][ T5159] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.380: Failed to acquire dquot type 0 [ 66.776612][ T29] audit: type=1400 audit(2000000000.340:1430): avc: denied { create } for pid=5175 comm="syz.2.386" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 66.800281][ T5176] loop2: detected capacity change from 0 to 1024 [ 66.807248][ T5159] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.380: corrupted inode contents [ 66.831629][ T5176] EXT4-fs: inline encryption not supported [ 66.837980][ T5159] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #16: comm syz.4.380: mark_inode_dirty error [ 66.863873][ T5159] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.380: corrupted inode contents [ 66.877433][ T5176] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 66.890218][ T5159] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #16: comm syz.4.380: mark_inode_dirty error [ 66.906613][ T5178] loop1: detected capacity change from 0 to 512 [ 66.914117][ T29] audit: type=1400 audit(2000000000.470:1431): avc: denied { ioctl } for pid=5175 comm="syz.2.386" path="/55/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop2" ino=15 ioctlcmd=0x5828 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 66.914209][ T5176] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4215: comm syz.2.386: Allocating blocks 385-513 which overlap fs metadata [ 66.918093][ T5176] EXT4-fs (loop2): pa ffff888107a9f850: logic 16, phys. 129, len 24 [ 66.965551][ T5159] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.380: corrupted inode contents [ 66.973782][ T5176] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5466: group 0, free 0, pa_free 8 [ 67.004666][ T5159] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 67.014893][ T5176] EXT4-fs error (device loop2): mb_free_blocks:2037: group 0, inode 15: block 337:freeing already freed block (bit 21); block bitmap corrupt. [ 67.030553][ T5159] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.380: corrupted inode contents [ 67.065738][ T5159] EXT4-fs error (device loop4): ext4_truncate:4635: inode #16: comm syz.4.380: mark_inode_dirty error [ 67.081042][ T5178] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 67.092779][ T5159] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 67.102635][ T5178] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.120167][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.142449][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.149253][ T5159] EXT4-fs (loop4): 1 truncate cleaned up [ 67.184423][ T29] audit: type=1400 audit(2000000000.740:1432): avc: denied { mount } for pid=5185 comm="syz.1.391" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 67.187897][ T5159] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 67.223018][ T5159] ext4 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.286315][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.320379][ T29] audit: type=1400 audit(2000000000.880:1433): avc: denied { connect } for pid=5195 comm="syz.3.396" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 67.373277][ T5200] netlink: 196 bytes leftover after parsing attributes in process `syz.4.395'. [ 67.389533][ T5204] loop3: detected capacity change from 0 to 512 [ 67.398949][ T5203] netlink: 'syz.0.399': attribute type 1 has an invalid length. [ 67.410401][ T29] audit: type=1400 audit(2000000000.880:1434): avc: denied { write } for pid=5196 comm="syz.1.397" path="socket:[9605]" dev="sockfs" ino=9605 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 67.433439][ T29] audit: type=1400 audit(2000000000.900:1435): avc: denied { write } for pid=5195 comm="syz.3.396" laddr=fe80::10 lport=60 faddr=fe80::43 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 67.464009][ T5207] loop1: detected capacity change from 0 to 512 [ 67.470963][ T5203] 8021q: adding VLAN 0 to HW filter on device bond1 [ 67.499858][ T5204] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 67.521727][ T5207] ------------[ cut here ]------------ [ 67.527483][ T5207] EA inode 11 i_nlink=2 [ 67.527496][ T5207] WARNING: fs/ext4/xattr.c:1058 at ext4_xattr_inode_update_ref+0x2e6/0x320, CPU#0: syz.1.397/5207 [ 67.540724][ T5204] ext4 filesystem being mounted at /83/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 67.542458][ T5207] Modules linked in: [ 67.556527][ T5207] CPU: 0 UID: 0 PID: 5207 Comm: syz.1.397 Not tainted syzkaller #0 PREEMPT(voluntary) [ 67.560956][ T5204] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #2: comm syz.3.398: corrupted inode contents [ 67.566376][ T5207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 67.566405][ T5207] RIP: 0010:ext4_xattr_inode_update_ref+0x305/0x320 [ 67.579632][ T5204] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #2: comm syz.3.398: mark_inode_dirty error [ 67.588267][ T5207] Code: 81 e2 9c ff 4c 8d 2d 2a f1 20 05 49 8d 7e 40 e8 81 6b b8 ff 49 8b 6e 40 4c 89 e7 e8 95 66 b8 ff 41 8b 56 48 4c 89 ef 48 89 ee <67> 48 0f b9 3a e9 2b ff ff ff e8 7c ad ba 03 66 66 66 2e 0f 1f 84 [ 67.588289][ T5207] RSP: 0018:ffffc90002dc35a0 EFLAGS: 00010246 [ 67.588308][ T5207] RAX: ffff88811c00dd10 RBX: ffff88811a0064e8 RCX: ffffffff81bb1c7b [ 67.597458][ T5204] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #2: comm syz.3.398: corrupted inode contents [ 67.606106][ T5207] RDX: 0000000000000002 RSI: 000000000000000b RDI: ffffffff86dc0d90 [ 67.606126][ T5207] RBP: 000000000000000b R08: 000188811a00649b R09: 0000000000000000 [ 67.635967][ T5203] bond1: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms [ 67.640068][ T5207] R10: ffffc90002dc34d0 R11: 0001c90002dc34d0 R12: ffff88811a006498 [ 67.685947][ T5207] R13: ffffffff86dc0d90 R14: ffff88811a006450 R15: 0000000000000001 [ 67.694017][ T5207] FS: 00007f19a29de6c0(0000) GS:ffff8882aedc5000(0000) knlGS:0000000000000000 [ 67.703079][ T5207] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.707137][ T5204] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.398: mark_inode_dirty error [ 67.709729][ T5207] CR2: 00007fa4fba1b000 CR3: 000000011a9c6000 CR4: 00000000003506f0 [ 67.728880][ T5207] Call Trace: [ 67.732196][ T5207] [ 67.735254][ T5207] ext4_xattr_set_entry+0x77f/0x1020 [ 67.740615][ T5207] ext4_xattr_ibody_set+0x184/0x3c0 [ 67.746079][ T5207] ext4_expand_extra_isize_ea+0xcbb/0x11f0 [ 67.751952][ T5207] __ext4_expand_extra_isize+0x246/0x280 [ 67.752844][ T29] audit: type=1400 audit(2000000001.310:1436): avc: denied { create } for pid=5202 comm="syz.3.398" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 67.757771][ T5207] __ext4_mark_inode_dirty+0x29d/0x3f0 [ 67.783473][ T5207] ext4_evict_inode+0x7c4/0xd40 [ 67.788437][ T5207] ? __pfx_ext4_evict_inode+0x10/0x10 [ 67.793882][ T5207] evict+0x2af/0x510 [ 67.797912][ T5207] ? __dquot_initialize+0x146/0x7c0 [ 67.803159][ T5207] iput+0x4bd/0x650 [ 67.807173][ T5207] ext4_process_orphan+0x1a9/0x1c0 [ 67.812346][ T5207] ext4_orphan_cleanup+0x6a8/0xa00 [ 67.817603][ T5207] ext4_fill_super+0x3411/0x37a0 [ 67.821708][ T29] audit: type=1400 audit(2000000001.380:1437): avc: denied { add_name } for pid=5202 comm="syz.3.398" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 67.822770][ T5207] ? set_blocksize+0x1a8/0x310 [ 67.822798][ T5207] ? sb_set_blocksize+0xfc/0x170 [ 67.852902][ T5207] ? setup_bdev_super+0x30e/0x370 [ 67.858008][ T5207] ? __pfx_ext4_fill_super+0x10/0x10 [ 67.863335][ T5207] get_tree_bdev_flags+0x291/0x300 [ 67.868605][ T5207] ? __pfx_ext4_fill_super+0x10/0x10 [ 67.873941][ T5207] get_tree_bdev+0x1f/0x30 [ 67.878469][ T5207] ext4_get_tree+0x1c/0x30 [ 67.882935][ T5207] vfs_get_tree+0x57/0x1d0 [ 67.887493][ T5207] do_new_mount+0x24d/0x6a0 [ 67.892091][ T5207] path_mount+0x4ab/0xb80 [ 67.896618][ T5207] ? user_path_at+0xbf/0x130 [ 67.901389][ T5207] __se_sys_mount+0x28c/0x2e0 [ 67.906257][ T5207] __x64_sys_mount+0x67/0x80 [ 67.910975][ T5207] x64_sys_call+0x2cca/0x3000 [ 67.915775][ T5207] do_syscall_64+0xca/0x2b0 [ 67.920344][ T5207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.926302][ T5207] RIP: 0033:0x7f19a3fa0eea [ 67.930754][ T5207] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.950436][ T5207] RSP: 002b:00007f19a29dde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 67.958909][ T5207] RAX: ffffffffffffffda RBX: 00007f19a29ddef0 RCX: 00007f19a3fa0eea [ 67.966930][ T5207] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f19a29ddeb0 [ 67.975030][ T5207] RBP: 0000200000000180 R08: 00007f19a29ddef0 R09: 0000000000800700 [ 67.983015][ T5207] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 67.991060][ T5207] R13: 00007f19a29ddeb0 R14: 000000000000046f R15: 000000000000002c [ 67.999122][ T5207] [ 68.002245][ T5207] ---[ end trace 0000000000000000 ]--- [ 68.008762][ T5207] EXT4-fs error (device loop1): ext4_xattr_inode_iget:441: inode #18: comm syz.1.397: iget: bad extra_isize 90 (inode size 256) [ 68.017828][ T5203] bond1: entered allmulticast mode [ 68.024451][ T5207] EXT4-fs (loop1): Remounting filesystem read-only [ 68.034002][ T5207] EXT4-fs warning (device loop1): ext4_evict_inode:273: xattr delete (err -30) [ 68.038346][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.043582][ T5207] EXT4-fs (loop1): 1 orphan inode deleted [ 68.053189][ T5215] veth1_to_bridge: mtu greater than device maximum [ 68.058977][ T5207] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 68.091420][ T5217] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 68.183524][ T5219] loop3: detected capacity change from 0 to 2048 [ 68.212000][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.236810][ T3307] Alternate GPT is invalid, using primary GPT. [ 68.243267][ T3307] loop3: p1 p2 p3 [ 68.247120][ T3307] loop3: partition table partially beyond EOD, truncated [ 68.261745][ T5219] Alternate GPT is invalid, using primary GPT. [ 68.268242][ T5219] loop3: p1 p2 p3 [ 68.272000][ T5219] loop3: partition table partially beyond EOD, truncated [ 68.386549][ T5235] netlink: 'syz.1.410': attribute type 4 has an invalid length. [ 68.394348][ T5235] netlink: 17 bytes leftover after parsing attributes in process `syz.1.410'. [ 68.445128][ T5242] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 68.445796][ T5241] netlink: 'syz.0.413': attribute type 1 has an invalid length. [ 68.472442][ T3612] udevd[3612]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 68.485408][ T3310] udevd[3310]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 68.494085][ T3475] kernel write not supported for file 204/net/vlan/vlan1 (pid: 3475 comm: kworker/0:5) [ 68.516565][ T3307] udevd[3307]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 68.550150][ T5241] 8021q: adding VLAN 0 to HW filter on device bond2 [ 68.570736][ T5247] netlink: 'syz.3.416': attribute type 1 has an invalid length. [ 68.591903][ T5248] team0: entered promiscuous mode [ 68.597106][ T5248] team_slave_0: entered promiscuous mode [ 68.602985][ T5248] team_slave_1: entered promiscuous mode [ 68.627631][ T3475] kernel read not supported for file /vcs (pid: 3475 comm: kworker/0:5) [ 68.647446][ T3475] kernel read not supported for file /vcs (pid: 3475 comm: kworker/0:5) [ 68.671867][ T3475] kernel read not supported for file /vcs (pid: 3475 comm: kworker/0:5) [ 68.681028][ T5248] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.691399][ T5248] bond2: (slave team0): making interface the new active one [ 68.725867][ T5248] bond2: (slave team0): Enslaving as an active interface with an up link [ 68.737918][ T5256] netlink: 19 bytes leftover after parsing attributes in process `syz.4.419'. [ 68.750295][ T5247] 8021q: adding VLAN 0 to HW filter on device bond1 [ 68.790462][ T5254] veth7: entered promiscuous mode [ 68.858126][ T5254] bond1: (slave veth7): Enslaving as an active interface with a down link [ 68.885929][ T5258] bond1: entered allmulticast mode [ 68.977351][ T5271] netlink: 4 bytes leftover after parsing attributes in process `syz.0.425'. [ 69.040859][ T5273] netlink: 8 bytes leftover after parsing attributes in process `syz.2.426'. [ 69.890819][ T5309] ªªªªª!: renamed from bond_slave_1 (while UP) [ 69.943096][ T5288] Process accounting resumed [ 70.491194][ T5351] loop3: detected capacity change from 0 to 512 [ 70.518533][ T5351] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #3: comm syz.3.451: corrupted inode contents [ 70.537026][ T5351] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #3: comm syz.3.451: mark_inode_dirty error [ 70.555491][ T5351] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #3: comm syz.3.451: corrupted inode contents [ 70.575030][ T5351] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #3: comm syz.3.451: mark_inode_dirty error [ 70.586651][ T5351] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.451: Failed to acquire dquot type 0 [ 70.599357][ T5351] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.451: corrupted inode contents [ 70.613297][ T5351] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #16: comm syz.3.451: mark_inode_dirty error [ 70.632470][ T5346] lo: entered promiscuous mode [ 70.637406][ T5346] lo: entered allmulticast mode [ 70.656549][ T5351] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.451: corrupted inode contents [ 70.668988][ T5351] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #16: comm syz.3.451: mark_inode_dirty error [ 70.680566][ T5351] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.451: corrupted inode contents [ 70.693073][ T5351] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 70.702001][ T5351] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.451: corrupted inode contents [ 70.714771][ T5351] EXT4-fs error (device loop3): ext4_truncate:4635: inode #16: comm syz.3.451: mark_inode_dirty error [ 70.726261][ T5351] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 70.735923][ T5351] EXT4-fs (loop3): 1 truncate cleaned up [ 70.742428][ T5351] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.755385][ T5351] ext4 filesystem being mounted at /97/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 70.920535][ T5380] syz_tun: entered allmulticast mode [ 70.926713][ T5380] syz_tun: left allmulticast mode [ 70.993171][ T5388] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.078085][ T5388] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.129151][ T5388] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.160764][ T5408] syzkaller0: entered promiscuous mode [ 71.166501][ T5408] syzkaller0: entered allmulticast mode [ 71.219771][ T5388] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.235904][ T5415] netlink: 'syz.0.480': attribute type 4 has an invalid length. [ 71.254688][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.287369][ T1725] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.310014][ T1725] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.324747][ T1725] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.336886][ T5426] loop2: detected capacity change from 0 to 128 [ 71.345889][ T1725] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.355985][ T5426] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 71.368360][ T5426] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.419705][ T3322] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 71.446644][ T5439] __nla_validate_parse: 1 callbacks suppressed [ 71.446659][ T5439] netlink: 28 bytes leftover after parsing attributes in process `syz.2.488'. [ 71.456805][ T5437] Zero length message leads to an empty skb [ 71.494332][ T5444] loop4: detected capacity change from 0 to 1024 [ 71.501917][ T5444] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 71.513177][ T5444] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 71.524515][ T5444] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 71.533195][ T5444] EXT4-fs (loop4): orphan cleanup on readonly fs [ 71.540157][ T5444] EXT4-fs error (device loop4): ext4_read_inode_bitmap:167: comm syz.4.491: Inode bitmap for bg 0 marked uninitialized [ 71.560930][ T5444] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 71.583588][ T5444] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 71.591087][ T5444] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 71.600405][ T5444] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 71.607970][ T5444] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 71.619301][ T5447] loop1: detected capacity change from 0 to 512 [ 71.637539][ T5447] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #3: comm syz.1.492: corrupted inode contents [ 71.652914][ T5447] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #3: comm syz.1.492: mark_inode_dirty error [ 71.668434][ T5447] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #3: comm syz.1.492: corrupted inode contents [ 71.680693][ T5447] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #3: comm syz.1.492: mark_inode_dirty error [ 71.693096][ T5447] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.492: Failed to acquire dquot type 0 [ 71.705859][ T5447] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.492: corrupted inode contents [ 71.718170][ T5447] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #16: comm syz.1.492: mark_inode_dirty error [ 71.730077][ T5447] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.492: corrupted inode contents [ 71.750324][ T5447] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.492: mark_inode_dirty error [ 71.762652][ T5447] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.492: corrupted inode contents [ 71.775432][ T5447] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 71.784251][ T5447] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.492: corrupted inode contents [ 71.785320][ T5456] netlink: 'syz.2.495': attribute type 1 has an invalid length. [ 71.806194][ T5447] EXT4-fs error (device loop1): ext4_truncate:4635: inode #16: comm syz.1.492: mark_inode_dirty error [ 71.806684][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.829414][ T5447] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 71.834486][ T5456] 8021q: adding VLAN 0 to HW filter on device bond1 [ 71.845254][ T5447] EXT4-fs (loop1): 1 truncate cleaned up [ 71.855781][ T5447] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.872837][ T5447] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.873202][ T5456] netlink: 28 bytes leftover after parsing attributes in process `syz.2.495'. [ 71.919249][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.930318][ T5461] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.946630][ T29] kauditd_printk_skb: 426 callbacks suppressed [ 71.946649][ T29] audit: type=1400 audit(2000000000.320:1860): avc: denied { setopt } for pid=5462 comm="syz.2.499" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 72.007348][ T5461] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.150874][ T5461] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.288460][ T5482] loop1: detected capacity change from 0 to 512 [ 72.296882][ T5461] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.420136][ T5038] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.431965][ T5482] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.476883][ T5038] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.505875][ T5482] ext4 filesystem being mounted at /94/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 72.536116][ T5038] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.592798][ T1856] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.601173][ T29] audit: type=1400 audit(2000000000.960:1861): avc: denied { append } for pid=5481 comm="syz.1.503" name="file2" dev="loop1" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 72.658651][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.031307][ T3475] IPVS: starting estimator thread 0... [ 73.123142][ T29] audit: type=1400 audit(2000000001.490:1862): avc: denied { getopt } for pid=5501 comm="syz.4.509" lport=48 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 73.125171][ T5516] IPVS: using max 2208 ests per chain, 110400 per kthread [ 73.440881][ T5488] syz.0.506 (5488) used greatest stack depth: 6968 bytes left [ 73.693537][ T5518] syz.1.516 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 73.707791][ T5518] CPU: 0 UID: 0 PID: 5518 Comm: syz.1.516 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 73.707880][ T5518] Tainted: [W]=WARN [ 73.707887][ T5518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 73.707902][ T5518] Call Trace: [ 73.707912][ T5518] [ 73.707923][ T5518] __dump_stack+0x1d/0x30 [ 73.707949][ T5518] dump_stack_lvl+0x95/0xd0 [ 73.708048][ T5518] dump_stack+0x15/0x1b [ 73.708067][ T5518] dump_header+0x81/0x240 [ 73.708093][ T5518] oom_kill_process+0x295/0x350 [ 73.708125][ T5518] out_of_memory+0x97b/0xb80 [ 73.708158][ T5518] try_charge_memcg+0x610/0xa10 [ 73.708250][ T5518] obj_cgroup_charge_pages+0xa6/0x150 [ 73.708291][ T5518] __memcg_kmem_charge_page+0x9f/0x170 [ 73.708373][ T5518] __alloc_frozen_pages_noprof+0x18f/0x360 [ 73.708421][ T5518] alloc_pages_mpol+0xb3/0x260 [ 73.708467][ T5518] alloc_pages_noprof+0x90/0x130 [ 73.708551][ T5518] __vmalloc_node_range_noprof+0xa7b/0x1310 [ 73.708597][ T5518] __kvmalloc_node_noprof+0x492/0x6b0 [ 73.708631][ T5518] ? ip_set_alloc+0x24/0x30 [ 73.708708][ T5518] ? ip_set_alloc+0x24/0x30 [ 73.708823][ T5518] ip_set_alloc+0x24/0x30 [ 73.708922][ T5518] hash_netiface_create+0x282/0x740 [ 73.708966][ T5518] ? __pfx_hash_netiface_create+0x10/0x10 [ 73.709006][ T5518] ip_set_create+0x3cc/0x970 [ 73.709148][ T5518] ? __mutex_lock_slowpath+0xa/0x10 [ 73.709253][ T5518] nfnetlink_rcv_msg+0x4c6/0x590 [ 73.709355][ T5518] netlink_rcv_skb+0x123/0x220 [ 73.709395][ T5518] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 73.709446][ T5518] nfnetlink_rcv+0x167/0x16c0 [ 73.709481][ T5518] ? kmem_cache_free+0xe3/0x3a0 [ 73.709515][ T5518] ? __kfree_skb+0x109/0x150 [ 73.709558][ T5518] ? nlmon_xmit+0x4f/0x60 [ 73.709600][ T5518] ? consume_skb+0x49/0x150 [ 73.709623][ T5518] ? nlmon_xmit+0x4f/0x60 [ 73.709645][ T5518] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 73.709689][ T5518] ? __dev_queue_xmit+0x138d/0x1ec0 [ 73.709783][ T5518] ? __dev_queue_xmit+0x148/0x1ec0 [ 73.709813][ T5518] ? ref_tracker_free+0x37d/0x3e0 [ 73.709841][ T5518] ? __netlink_deliver_tap+0x4dc/0x500 [ 73.709908][ T5518] netlink_unicast+0x5c0/0x690 [ 73.709945][ T5518] netlink_sendmsg+0x58b/0x6b0 [ 73.709979][ T5518] ? __pfx_netlink_sendmsg+0x10/0x10 [ 73.710078][ T5518] __sock_sendmsg+0x145/0x180 [ 73.710156][ T5518] ____sys_sendmsg+0x31e/0x4a0 [ 73.710204][ T5518] ___sys_sendmsg+0x17b/0x1d0 [ 73.710254][ T5518] __x64_sys_sendmsg+0xd4/0x160 [ 73.710321][ T5518] x64_sys_call+0x17ba/0x3000 [ 73.710354][ T5518] do_syscall_64+0xca/0x2b0 [ 73.710392][ T5518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.710498][ T5518] RIP: 0033:0x7f19a3f9f749 [ 73.710518][ T5518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.710542][ T5518] RSP: 002b:00007f19a29ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 73.710568][ T5518] RAX: ffffffffffffffda RBX: 00007f19a41f5fa0 RCX: 00007f19a3f9f749 [ 73.710584][ T5518] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000005 [ 73.710596][ T5518] RBP: 00007f19a4023f91 R08: 0000000000000000 R09: 0000000000000000 [ 73.710608][ T5518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 73.710619][ T5518] R13: 00007f19a41f6038 R14: 00007f19a41f5fa0 R15: 00007fff672f63b8 [ 73.710694][ T5518] [ 73.710703][ T5518] memory: usage 307200kB, limit 307200kB, failcnt 164 [ 74.047053][ T5518] memory+swap: usage 307904kB, limit 9007199254740988kB, failcnt 0 [ 74.055003][ T5518] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0 [ 74.062379][ T5518] Memory cgroup stats for /syz1: [ 74.094589][ T5518] cache 0 [ 74.102898][ T5518] rss 0 [ 74.105748][ T5518] shmem 0 [ 74.108759][ T5518] mapped_file 0 [ 74.112318][ T5518] dirty 0 [ 74.115306][ T5518] writeback 0 [ 74.118616][ T5518] workingset_refault_anon 7 [ 74.123141][ T5518] workingset_refault_file 257 [ 74.127893][ T5518] swap 720896 [ 74.131284][ T5518] swapcached 8192 [ 74.134973][ T5518] pgpgin 17877 [ 74.138375][ T5518] pgpgout 17874 [ 74.141861][ T5518] pgfault 32436 [ 74.145410][ T5518] pgmajfault 8 [ 74.148808][ T5518] inactive_anon 8192 [ 74.152722][ T5518] active_anon 0 [ 74.156248][ T5518] inactive_file 4096 [ 74.160175][ T5518] active_file 0 [ 74.163653][ T5518] unevictable 0 [ 74.167201][ T5518] hierarchical_memory_limit 314572800 [ 74.172592][ T5518] hierarchical_memsw_limit 9223372036854771712 [ 74.178801][ T5518] total_cache 0 [ 74.182331][ T5518] total_rss 0 [ 74.185681][ T5518] total_shmem 0 [ 74.189173][ T5518] total_mapped_file 0 [ 74.193278][ T5518] total_dirty 0 [ 74.196806][ T5518] total_writeback 0 [ 74.200643][ T5518] total_workingset_refault_anon 7 [ 74.205710][ T5518] total_workingset_refault_file 257 [ 74.210931][ T5518] total_swap 720896 [ 74.214846][ T5518] total_swapcached 8192 [ 74.219074][ T5518] total_pgpgin 17877 [ 74.223054][ T5518] total_pgpgout 17874 [ 74.227080][ T5518] total_pgfault 32436 [ 74.231109][ T5518] total_pgmajfault 8 [ 74.235124][ T5518] total_inactive_anon 8192 [ 74.239628][ T5518] total_active_anon 0 [ 74.243631][ T5518] total_inactive_file 4096 [ 74.248272][ T5518] total_active_file 0 [ 74.252279][ T5518] total_unevictable 0 [ 74.256341][ T5518] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.516,pid=5517,uid=0 [ 74.270999][ T5518] Memory cgroup out of memory: Killed process 5517 (syz.1.516) total-vm:93968kB, anon-rss:1136kB, file-rss:22284kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 74.345557][ T5518] syz.1.516 (5518) used greatest stack depth: 6408 bytes left [ 74.860785][ T29] audit: type=1400 audit(2000000003.230:1863): avc: denied { read } for pid=5571 comm="syz.2.533" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 74.928722][ T5581] vlan0: entered allmulticast mode [ 74.953982][ T5583] loop2: detected capacity change from 0 to 1024 [ 74.962084][ T5583] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 74.976191][ T5583] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.537: Invalid block bitmap block 0 in block_group 0 [ 75.060136][ T5583] Quota error (device loop2): write_blk: dquota write failed [ 75.067739][ T5583] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 75.088256][ T5592] netlink: 4 bytes leftover after parsing attributes in process `syz.0.541'. [ 75.113782][ T5583] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.537: Failed to acquire dquot type 0 [ 75.130601][ T5592] netlink: 12 bytes leftover after parsing attributes in process `syz.0.541'. [ 75.143470][ T5583] EXT4-fs error (device loop2): ext4_free_blocks:6728: comm syz.2.537: Freeing blocks not in datazone - block = 0, count = 4096 [ 75.165171][ T5596] netlink: 28 bytes leftover after parsing attributes in process `syz.1.543'. [ 75.183367][ T5583] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.537: Invalid inode bitmap blk 0 in block_group 0 [ 75.196680][ T1856] Quota error (device loop2): do_check_range: Getting block 0 out of range 1-7 [ 75.205903][ T1856] EXT4-fs error (device loop2): ext4_release_dquot:7022: comm kworker/u8:10: Failed to release dquot type 0 [ 75.239754][ T5583] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem [ 75.259784][ T5583] EXT4-fs (loop2): 1 orphan inode deleted [ 75.270053][ T5583] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.307069][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.377191][ T29] audit: type=1400 audit(2000000003.740:1864): avc: denied { create } for pid=5605 comm="syz.2.548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 75.582999][ T5622] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.625879][ T5606] ================================================================== [ 75.634030][ T5606] BUG: KCSAN: data-race in page_pool_put_unrefed_netmem / page_pool_refill_alloc_cache [ 75.643704][ T5606] [ 75.646051][ T5606] write to 0xffff88811a66ca00 of 8 bytes by task 5604 on cpu 0: [ 75.653713][ T5606] page_pool_refill_alloc_cache+0x2a5/0x3c0 [ 75.659627][ T5606] page_pool_alloc_pages+0xd0/0x130 [ 75.664861][ T5606] bpf_test_run_xdp_live+0x54d/0x11d0 [ 75.670274][ T5606] bpf_prog_test_run_xdp+0x525/0x970 [ 75.675595][ T5606] bpf_prog_test_run+0x204/0x340 [ 75.680561][ T5606] __sys_bpf+0x4c0/0x7c0 [ 75.684837][ T5606] __x64_sys_bpf+0x41/0x50 [ 75.689290][ T5606] x64_sys_call+0x28e1/0x3000 [ 75.694001][ T5606] do_syscall_64+0xca/0x2b0 [ 75.698527][ T5606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.704446][ T5606] [ 75.706779][ T5606] read to 0xffff88811a66ca00 of 8 bytes by task 5606 on cpu 1: [ 75.714374][ T5606] page_pool_put_unrefed_netmem+0x38b/0x4b0 [ 75.720283][ T5606] napi_pp_put_page+0xe9/0x200 [ 75.725094][ T5606] skb_free_head+0x12c/0x150 [ 75.729717][ T5606] skb_release_data+0x33b/0x370 [ 75.734594][ T5606] __kfree_skb+0x44/0x150 [ 75.738933][ T5606] sk_skb_reason_drop+0xbd/0x270 [ 75.743896][ T5606] udp_recvmsg+0x11a/0xb90 [ 75.748324][ T5606] inet_recvmsg+0x143/0x290 [ 75.752853][ T5606] sock_recvmsg+0xf6/0x170 [ 75.757293][ T5606] ____sys_recvmsg+0xf5/0x280 [ 75.762017][ T5606] ___sys_recvmsg+0x11f/0x370 [ 75.766736][ T5606] do_recvmmsg+0x1ef/0x540 [ 75.771187][ T5606] __x64_sys_recvmmsg+0xe5/0x170 [ 75.776193][ T5606] x64_sys_call+0x2b75/0x3000 [ 75.780901][ T5606] do_syscall_64+0xca/0x2b0 [ 75.785434][ T5606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.791371][ T5606] [ 75.793705][ T5606] value changed: 0xffffea0004112e80 -> 0x0000000000000000 [ 75.800838][ T5606] [ 75.803213][ T5606] Reported by Kernel Concurrency Sanitizer on: [ 75.809371][ T5606] CPU: 1 UID: 0 PID: 5606 Comm: syz.1.546 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 75.820602][ T5606] Tainted: [W]=WARN [ 75.824425][ T5606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 75.834483][ T5606] ================================================================== [ 75.888080][ T5622] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.929060][ T5622] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.968339][ T5622] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.044582][ T1725] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.055687][ T1725] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.068440][ T5295] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.080216][ T5295] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0