last executing test programs: 1.477965936s ago: executing program 4 (id=569): ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendto$inet(0xffffffffffffffff, &(0x7f0000000100)='5', 0x1, 0x8080, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x4fed, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f3}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]}) io_uring_enter(r0, 0x2219, 0x7724, 0x16, 0x0, 0x13) 1.124054972s ago: executing program 4 (id=585): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000400)=[{0x6, 0x1, 0x2, 0x7fff7ffc}]}) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f00000012c0)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x290) close_range(r1, 0xffffffffffffffff, 0x0) 1.039802165s ago: executing program 4 (id=592): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffec3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket(0x10, 0x3, 0x0) connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1, 0x400000}, 0xc) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={&(0x7f0000000300), 0xc, &(0x7f00000002c0)={&(0x7f0000001580)=@newtaction={0x18, 0x32, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x6011}, 0x80) 1.018309386s ago: executing program 0 (id=594): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x2}, {}, {0x5, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_FLAGS={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) 1.004716597s ago: executing program 4 (id=596): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2}, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000003, 0x20000000ec072, 0xffffffffffffffff, 0x0) 959.774869ms ago: executing program 4 (id=598): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000380)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) flock(r1, 0x2) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) flock(r2, 0x2) 924.92841ms ago: executing program 0 (id=600): r0 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x4a3, @local, 0x4f1}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000001a00)=ANY=[@ANYBLOB="03000000000000000a004e2300000010ff010000000000000000000000000001f8ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b0000000a004e2000000008fe8000000000000000000000000000aa05000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000010000000c0000000000000000000000000000000104000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ad94e2100000073fe8000000000000000000000000000aa09000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e210000000800000000000000000000000000000001"], 0x610) r1 = socket(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0x88f}}, {{0xa, 0x4e08, 0x4a3, @private2, 0x4f0}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000780)={0x3, {{0xa, 0x4e23, 0x9, @mcast1, 0x8}}}, 0x90) close(0x4) 891.486462ms ago: executing program 0 (id=602): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="160000000000000005000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000bc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002ec0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="5953fdfffffffddbdf256b000000080043"], 0x28}}, 0x50) 822.833875ms ago: executing program 0 (id=606): syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) syz_usb_disconnect(0xffffffffffffffff) ioprio_set$pid(0x2, 0x0, 0x4007) 744.840078ms ago: executing program 3 (id=611): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000480)=@gcm_256={{0x303}, "000200", "e123c5876ff425b1ebe250a8486be34705f4f827ae60ecb65e528248d5552bff", "7e25837b", "15d0db2c77179e1a"}, 0x38) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000380)='\x00', 0x1}, {&(0x7f0000000040)="31748244c325bd08fdef8d4752abf704f643a08702ac23440fad166d1e4e1610809ec0549e672c1f911e9cf20d", 0x2d}], 0x2) 710.599799ms ago: executing program 3 (id=613): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x45, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000300000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r1}, 0x18) r2 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r2, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)="a6", 0xfffffcf4}, {0x0}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x106) recvmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x100) 710.034459ms ago: executing program 1 (id=623): capset(&(0x7f0000000380)={0x19980330}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7}) setrlimit(0x40000000000008, &(0x7f0000000080)={0x0, 0x6}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000005e002200850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000200)=0x1, 0x4) sendmmsg$inet(r1, &(0x7f0000002800)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4000804) 678.173631ms ago: executing program 3 (id=614): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x6, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x18) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) 657.948382ms ago: executing program 1 (id=615): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xb, 0x5, 0x2, 0x2, 0x5}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000180), 0x10) close_range(r2, 0xffffffffffffffff, 0x0) 653.923572ms ago: executing program 2 (id=616): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000050b6850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x80}, 0x18) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000004c0)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r1, 0x8004587d, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x9cf, 0x1, 0x800000000001004}) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) 625.614603ms ago: executing program 1 (id=617): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x54, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10000}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x7}, @IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x28}}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x0) 599.630195ms ago: executing program 3 (id=618): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70300001d000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2, 0x0, 0xffffffffffffffff}, 0x18) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 568.753555ms ago: executing program 3 (id=619): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000100000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) r2 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10) connect$vsock_stream(r2, &(0x7f0000000400)={0x28, 0x0, 0x2710, @host}, 0x10) 496.213239ms ago: executing program 3 (id=620): unshare(0x6020400) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)=@o_path={&(0x7f0000000100)='./file0\x00', 0x0, 0x4000}, 0x18) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x3214, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x6, 0x36, &(0x7f00000002c0)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x40085507, &(0x7f0000000100)=0xb) 476.95152ms ago: executing program 1 (id=621): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x8}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x8f0, &(0x7f0000002400)=0x0) io_submit(r2, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r1, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}]) 457.57068ms ago: executing program 2 (id=622): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x32) r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0) r3 = openat$selinux_policy(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0) write$selinux_load(r2, &(0x7f0000000000)=ANY=[], 0x190da) 394.200064ms ago: executing program 1 (id=624): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x14dd, &(0x7f0000000300)={0x0, 0x5121, 0x0, 0x3, 0x258}, &(0x7f0000000040)=0x0, &(0x7f0000000600)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_SYMLINKAT={0x26, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r2, 0x59f1, 0x2, 0x8, 0x0, 0xb2) 392.922624ms ago: executing program 2 (id=625): r0 = socket$inet6(0xa, 0x3, 0x3c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) 366.803074ms ago: executing program 2 (id=626): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r2}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 345.175795ms ago: executing program 2 (id=627): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) writev(r1, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 314.154317ms ago: executing program 2 (id=628): timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) vmsplice(r1, &(0x7f0000000280)=[{&(0x7f0000000000)="a6", 0x1}], 0x1, 0x5) 260.265869ms ago: executing program 1 (id=629): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000000c0)='kmem_cache_free\x00', r1}, 0x18) r2 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000180)={'vxcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f00000000c0)={0x1d, r3, 0x8000000000000002, {0x1, 0xf0}, 0xfd}, 0x18) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)={0x30, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {{}, {}, {0x14, 0x19, {0x2, 0xfffffff7, 0xffffffff, 0xff}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) 120.564365ms ago: executing program 0 (id=630): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x2}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0xf, 0x0, 0x70bd2c, 0x25dfdbfb, [@sadb_key={0x3, 0x9, 0x80, 0x0, "1cdc0dca1d9f68846960e56de42944af"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @remote}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc, 0x1}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}}, @sadb_x_sa2={0x2, 0x13, 0x3, 0x0, 0x0, 0x70bd28, 0x3503}]}, 0x78}, 0x1, 0x7}, 0x0) 187.5µs ago: executing program 0 (id=631): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x6, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x18) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) 0s ago: executing program 4 (id=632): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12) write(r1, &(0x7f0000000a00)="c7885a8f24f458bed72116", 0xb) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) syz_clone(0x4000, &(0x7f00000001c0)="b0c4dc345846be585bf5b5590398bdef9afdcc0aea", 0x15, &(0x7f0000000200), &(0x7f0000000280), &(0x7f0000000640)="309b418c2ff6ecdc2325525eb0f919ed1e740654d86989c6c6078bc1da5e22f1aba91544f7a3d49c85c63c4ecbc0126032a428edf3f02782f9be1f36d8f276bf565a2ae3422f772cb62ad7b776582306ae5c8544501f942375553298fbdf44ff5954bdb9599b50228be204d9fa3a366c83a7") kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.117' (ED25519) to the list of known hosts. [ 21.358448][ T29] audit: type=1400 audit(1763635854.496:62): avc: denied { mounton } for pid=3299 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.381389][ T29] audit: type=1400 audit(1763635854.526:63): avc: denied { mount } for pid=3299 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.382113][ T3299] cgroup: Unknown subsys name 'net' [ 21.409127][ T29] audit: type=1400 audit(1763635854.556:64): avc: denied { unmount } for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.548886][ T3299] cgroup: Unknown subsys name 'cpuset' [ 21.554916][ T3299] cgroup: Unknown subsys name 'rlimit' [ 21.744060][ T29] audit: type=1400 audit(1763635854.886:65): avc: denied { setattr } for pid=3299 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.768401][ T29] audit: type=1400 audit(1763635854.886:66): avc: denied { create } for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 21.786881][ T3303] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.788819][ T29] audit: type=1400 audit(1763635854.886:67): avc: denied { write } for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 21.817660][ T29] audit: type=1400 audit(1763635854.886:68): avc: denied { read } for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.837914][ T29] audit: type=1400 audit(1763635854.896:69): avc: denied { mounton } for pid=3299 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.858252][ T3299] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.862744][ T29] audit: type=1400 audit(1763635854.896:70): avc: denied { mount } for pid=3299 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 21.894573][ T29] audit: type=1400 audit(1763635854.946:71): avc: denied { relabelto } for pid=3303 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.974036][ T3311] chnl_net:caif_netlink_parms(): no params data found [ 22.990348][ T3314] chnl_net:caif_netlink_parms(): no params data found [ 23.027151][ T3316] chnl_net:caif_netlink_parms(): no params data found [ 23.058872][ T3317] chnl_net:caif_netlink_parms(): no params data found [ 23.108013][ T3314] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.115093][ T3314] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.122455][ T3314] bridge_slave_0: entered allmulticast mode [ 23.128814][ T3314] bridge_slave_0: entered promiscuous mode [ 23.141401][ T3310] chnl_net:caif_netlink_parms(): no params data found [ 23.151868][ T3314] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.158946][ T3314] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.166010][ T3314] bridge_slave_1: entered allmulticast mode [ 23.172330][ T3314] bridge_slave_1: entered promiscuous mode [ 23.184680][ T3311] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.191753][ T3311] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.198839][ T3311] bridge_slave_0: entered allmulticast mode [ 23.205175][ T3311] bridge_slave_0: entered promiscuous mode [ 23.229056][ T3311] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.236102][ T3311] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.243287][ T3311] bridge_slave_1: entered allmulticast mode [ 23.249684][ T3311] bridge_slave_1: entered promiscuous mode [ 23.268062][ T3316] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.275229][ T3316] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.282322][ T3316] bridge_slave_0: entered allmulticast mode [ 23.288766][ T3316] bridge_slave_0: entered promiscuous mode [ 23.296243][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 23.316916][ T3311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 23.326044][ T3316] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.333136][ T3316] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.340281][ T3316] bridge_slave_1: entered allmulticast mode [ 23.346647][ T3316] bridge_slave_1: entered promiscuous mode [ 23.353731][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 23.373982][ T3311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 23.395768][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.402897][ T3317] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.410158][ T3317] bridge_slave_0: entered allmulticast mode [ 23.416505][ T3317] bridge_slave_0: entered promiscuous mode [ 23.434186][ T3314] team0: Port device team_slave_0 added [ 23.440599][ T3314] team0: Port device team_slave_1 added [ 23.446903][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 23.456088][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.463149][ T3317] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.470351][ T3317] bridge_slave_1: entered allmulticast mode [ 23.476515][ T3317] bridge_slave_1: entered promiscuous mode [ 23.487476][ T3311] team0: Port device team_slave_0 added [ 23.497808][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 23.519490][ T3311] team0: Port device team_slave_1 added [ 23.525189][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.532258][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.539446][ T3310] bridge_slave_0: entered allmulticast mode [ 23.545786][ T3310] bridge_slave_0: entered promiscuous mode [ 23.557185][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 23.564219][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 23.590150][ T3314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 23.605750][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 23.618929][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.626051][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.633185][ T3310] bridge_slave_1: entered allmulticast mode [ 23.639598][ T3310] bridge_slave_1: entered promiscuous mode [ 23.650341][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 23.657275][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 23.683190][ T3314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 23.694930][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 23.712918][ T3316] team0: Port device team_slave_0 added [ 23.724953][ T3311] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 23.731941][ T3311] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 23.757898][ T3311] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 23.773459][ T3316] team0: Port device team_slave_1 added [ 23.789487][ T3311] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 23.796424][ T3311] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 23.822298][ T3311] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 23.833865][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 23.844295][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 23.857832][ T3317] team0: Port device team_slave_0 added [ 23.875509][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 23.882455][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 23.908395][ T3316] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 23.919712][ T3317] team0: Port device team_slave_1 added [ 23.925561][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 23.932533][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 23.958428][ T3316] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 23.986947][ T3310] team0: Port device team_slave_0 added [ 23.995039][ T3314] hsr_slave_0: entered promiscuous mode [ 24.001058][ T3314] hsr_slave_1: entered promiscuous mode [ 24.016673][ T3310] team0: Port device team_slave_1 added [ 24.039256][ T3311] hsr_slave_0: entered promiscuous mode [ 24.045119][ T3311] hsr_slave_1: entered promiscuous mode [ 24.050987][ T3311] debugfs: 'hsr0' already exists in 'hsr' [ 24.056685][ T3311] Cannot create hsr debugfs directory [ 24.062327][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 24.069268][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 24.095160][ T3317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 24.120219][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 24.127211][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 24.153115][ T3317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 24.169838][ T3316] hsr_slave_0: entered promiscuous mode [ 24.175937][ T3316] hsr_slave_1: entered promiscuous mode [ 24.181717][ T3316] debugfs: 'hsr0' already exists in 'hsr' [ 24.187427][ T3316] Cannot create hsr debugfs directory [ 24.209865][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 24.216808][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 24.242718][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 24.253778][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 24.260745][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 24.286627][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 24.347705][ T3310] hsr_slave_0: entered promiscuous mode [ 24.353837][ T3310] hsr_slave_1: entered promiscuous mode [ 24.359685][ T3310] debugfs: 'hsr0' already exists in 'hsr' [ 24.365390][ T3310] Cannot create hsr debugfs directory [ 24.373161][ T3317] hsr_slave_0: entered promiscuous mode [ 24.379263][ T3317] hsr_slave_1: entered promiscuous mode [ 24.384999][ T3317] debugfs: 'hsr0' already exists in 'hsr' [ 24.390736][ T3317] Cannot create hsr debugfs directory [ 24.534503][ T3314] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 24.543193][ T3314] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 24.555058][ T3314] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 24.565763][ T3314] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 24.586049][ T3316] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 24.602124][ T3316] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 24.617440][ T3316] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 24.626212][ T3316] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 24.636519][ T3311] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 24.646839][ T3311] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 24.657105][ T3311] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 24.665652][ T3311] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 24.704656][ T3317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 24.720827][ T3317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 24.729466][ T3317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 24.749292][ T3317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 24.759709][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 24.773561][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 24.781572][ T3310] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 24.792791][ T3310] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 24.801518][ T3310] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 24.813911][ T3316] 8021q: adding VLAN 0 to HW filter on device team0 [ 24.822540][ T3310] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 24.846356][ T3314] 8021q: adding VLAN 0 to HW filter on device team0 [ 24.857545][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.864602][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.881898][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.888939][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.897391][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.904469][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.919325][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.926364][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.975871][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 24.992421][ T3311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.000940][ T3316] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 25.017142][ T3317] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.026706][ T3311] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.041208][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.056415][ T3311] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 25.066783][ T3311] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 25.082526][ T3338] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.089570][ T3338] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.097718][ T3338] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.104764][ T3338] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.129365][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.136461][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.157518][ T3316] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 25.169831][ T3310] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.186503][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.193557][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.209413][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.216464][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.234410][ T3311] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 25.243240][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.250316][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.270656][ T3314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 25.385416][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 25.422823][ T3314] veth0_vlan: entered promiscuous mode [ 25.429337][ T3316] veth0_vlan: entered promiscuous mode [ 25.437948][ T3316] veth1_vlan: entered promiscuous mode [ 25.457586][ T3314] veth1_vlan: entered promiscuous mode [ 25.466091][ T3317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 25.480312][ T3311] veth0_vlan: entered promiscuous mode [ 25.494094][ T3314] veth0_macvtap: entered promiscuous mode [ 25.507015][ T3311] veth1_vlan: entered promiscuous mode [ 25.521928][ T3314] veth1_macvtap: entered promiscuous mode [ 25.533486][ T3316] veth0_macvtap: entered promiscuous mode [ 25.553218][ T3316] veth1_macvtap: entered promiscuous mode [ 25.565389][ T3310] veth0_vlan: entered promiscuous mode [ 25.574349][ T3311] veth0_macvtap: entered promiscuous mode [ 25.586611][ T3310] veth1_vlan: entered promiscuous mode [ 25.595655][ T3311] veth1_macvtap: entered promiscuous mode [ 25.607810][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 25.615884][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 25.629796][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 25.639422][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 25.650575][ T3317] veth0_vlan: entered promiscuous mode [ 25.657162][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 25.670969][ T557] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.681544][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 25.695368][ T557] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.712615][ T3317] veth1_vlan: entered promiscuous mode [ 25.718918][ T557] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.730835][ T3310] veth0_macvtap: entered promiscuous mode [ 25.740364][ T557] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.749683][ T557] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.758458][ T557] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.767262][ T557] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.776497][ T557] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.786319][ T3310] veth1_macvtap: entered promiscuous mode [ 25.800516][ T557] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.823319][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 25.830709][ T557] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.842245][ T3317] veth0_macvtap: entered promiscuous mode [ 25.855067][ T3316] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 25.874986][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 25.882432][ T557] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.891247][ T557] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.900758][ T3317] veth1_macvtap: entered promiscuous mode [ 25.921715][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.931157][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 25.948550][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.957637][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 25.973626][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 25.991954][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.029504][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.038910][ T3491] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=3491 comm=syz.4.5 [ 26.068730][ T3338] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.077512][ T3491] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5'. [ 26.086452][ T3490] syzkaller1: entered promiscuous mode [ 26.092173][ T3490] syzkaller1: entered allmulticast mode [ 26.115011][ T3338] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.149620][ T3338] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.304800][ T3517] sch_tbf: burst 19360 is lower than device lo mtu (65550) ! [ 26.362052][ T3527] tipc: Enabling of bearer rejected, failed to enable media [ 26.407842][ T3529] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 26.451888][ T29] kauditd_printk_skb: 48 callbacks suppressed [ 26.451899][ T29] audit: type=1400 audit(1763635859.596:120): avc: denied { block_suspend } for pid=3531 comm="syz.2.23" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 26.514563][ T29] audit: type=1400 audit(1763635859.656:121): avc: denied { create } for pid=3533 comm="syz.2.24" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 26.546157][ T29] audit: type=1400 audit(1763635859.676:122): avc: denied { setopt } for pid=3533 comm="syz.2.24" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 26.565386][ T29] audit: type=1400 audit(1763635859.676:123): avc: denied { write } for pid=3533 comm="syz.2.24" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 26.596757][ T3536] netlink: 24 bytes leftover after parsing attributes in process `syz.2.25'. [ 26.667994][ T3543] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3543 comm=syz.0.28 [ 26.711538][ T3548] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3548 comm=syz.0.32 [ 26.749759][ T29] audit: type=1400 audit(1763635859.886:124): avc: denied { create } for pid=3551 comm="syz.2.33" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 26.769282][ T29] audit: type=1400 audit(1763635859.886:125): avc: denied { ioctl } for pid=3551 comm="syz.2.33" path="socket:[5394]" dev="sockfs" ino=5394 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 26.855063][ T29] audit: type=1400 audit(1763635859.996:126): avc: denied { open } for pid=3561 comm="syz.4.38" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 26.874120][ T29] audit: type=1400 audit(1763635859.996:127): avc: denied { kernel } for pid=3561 comm="syz.4.38" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 26.893287][ T29] audit: type=1400 audit(1763635859.996:128): avc: denied { tracepoint } for pid=3561 comm="syz.4.38" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 26.925356][ T3566] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 8 [ 26.928561][ T29] audit: type=1400 audit(1763635860.006:129): avc: denied { create } for pid=3559 comm="syz.3.36" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 26.963410][ T3564] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096 [ 27.003267][ T3570] loop3: detected capacity change from 0 to 1024 [ 27.014692][ T3570] ======================================================= [ 27.014692][ T3570] WARNING: The mand mount option has been deprecated and [ 27.014692][ T3570] and is ignored by this kernel. Remove the mand [ 27.014692][ T3570] option from the mount to silence this warning. [ 27.014692][ T3570] ======================================================= [ 27.057848][ T3570] EXT4-fs: inline encryption not supported [ 27.080761][ T3570] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 27.150847][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 27.203571][ T3587] bridge: RTM_NEWNEIGH with invalid ether address [ 27.968339][ T3626] netlink: 32 bytes leftover after parsing attributes in process `syz.3.66'. [ 28.122614][ T3645] loop3: detected capacity change from 0 to 512 [ 28.162501][ T3645] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm +}[@: inode has both inline data and extents flags [ 28.201836][ T3645] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm +}[@: couldn't read orphan inode 15 (err -117) [ 28.228206][ T3652] loop0: detected capacity change from 0 to 2048 [ 28.234996][ T3652] EXT4-fs: Ignoring removed i_version option [ 28.249516][ T3654] netlink: 96 bytes leftover after parsing attributes in process `syz.4.78'. [ 28.260628][ T3645] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 28.302508][ T3662] netlink: 96 bytes leftover after parsing attributes in process `syz.4.82'. [ 28.312917][ T3652] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 28.330017][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 28.336076][ T3652] EXT4-fs error (device loop0): ext4_find_extent:939: inode #2: comm syz.0.77: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 28.370368][ T3652] EXT4-fs (loop0): Remounting filesystem read-only [ 28.382663][ T3671] capability: warning: `syz.4.85' uses deprecated v2 capabilities in a way that may be insecure [ 28.397210][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 29.232326][ T3693] netlink: 4 bytes leftover after parsing attributes in process `syz.2.94'. [ 29.247678][ T3693] netlink: 12 bytes leftover after parsing attributes in process `syz.2.94'. [ 29.428659][ T3702] netlink: 4 bytes leftover after parsing attributes in process `syz.4.98'. [ 29.450249][ T3702] team0: Port device team_slave_1 removed [ 29.491683][ T3707] netlink: 4 bytes leftover after parsing attributes in process `syz.0.100'. [ 29.501000][ T3707] netlink: 121 bytes leftover after parsing attributes in process `syz.0.100'. [ 29.726967][ T3740] openvswitch: netlink: EtherType 0 is less than min 600 [ 29.741861][ T3741] loop2: detected capacity change from 0 to 128 [ 29.892812][ T3748] syz.2.116: attempt to access beyond end of device [ 29.892812][ T3748] loop2: rw=2049, sector=129, nr_sectors = 8 limit=128 [ 29.927300][ T3748] syz.2.116 (3748) used greatest stack depth: 10320 bytes left [ 29.977786][ T3746] syz.2.116: attempt to access beyond end of device [ 29.977786][ T3746] loop2: rw=2049, sector=137, nr_sectors = 1 limit=128 [ 29.991454][ T3741] syz.2.116: attempt to access beyond end of device [ 29.991454][ T3741] loop2: rw=2049, sector=137, nr_sectors = 1 limit=128 [ 30.005229][ T3741] syz.2.116: attempt to access beyond end of device [ 30.005229][ T3741] loop2: rw=2049, sector=137, nr_sectors = 1 limit=128 [ 30.107398][ T3758] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 30.115233][ T3758] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 30.123042][ T3758] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 30.130824][ T3758] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 30.138742][ T3758] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 30.146537][ T3758] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 30.154324][ T3758] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 30.162144][ T3758] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 30.174586][ T3450] kworker/u8:7: attempt to access beyond end of device [ 30.174586][ T3450] loop2: rw=1, sector=128, nr_sectors = 1 limit=128 [ 30.188300][ T3450] Buffer I/O error on dev loop2, logical block 128, lost async page write [ 30.461993][ T3829] syz.1.125 uses obsolete (PF_INET,SOCK_PACKET) [ 30.785612][ T3855] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0 [ 30.795127][ T3854] IPVS: stopping master sync thread 3855 ... [ 30.990698][ T3876] pimreg: entered allmulticast mode [ 31.012499][ T3876] pimreg: left allmulticast mode [ 31.111977][ T3884] netlink: 4 bytes leftover after parsing attributes in process `syz.0.149'. [ 31.383915][ T3907] netlink: 4 bytes leftover after parsing attributes in process `syz.2.157'. [ 31.394599][ T3902] loop1: detected capacity change from 0 to 8192 [ 31.461507][ T3902] loop1: p1 p2 p4 < > [ 31.465645][ T3902] loop1: partition table partially beyond EOD, truncated [ 31.482472][ T3902] loop1: p1 start 16777216 is beyond EOD, truncated [ 31.489225][ T3902] loop1: p2 size 515840 extends beyond EOD, truncated [ 31.522859][ T3902] loop1: p4 start 16777216 is beyond EOD, truncated [ 31.617668][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 31.794231][ T29] kauditd_printk_skb: 218 callbacks suppressed [ 31.794248][ T29] audit: type=1400 audit(1763635864.936:348): avc: denied { create } for pid=3923 comm="syz.1.164" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 31.827776][ T29] audit: type=1400 audit(1763635864.976:349): avc: denied { write } for pid=3923 comm="syz.1.164" name="file0" dev="tmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 31.850091][ T29] audit: type=1400 audit(1763635864.976:350): avc: denied { open } for pid=3923 comm="syz.1.164" path="/28/file0" dev="tmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 31.902009][ T29] audit: type=1400 audit(1763635864.976:351): avc: denied { ioctl } for pid=3923 comm="syz.1.164" path="/28/file0" dev="tmpfs" ino=162 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 32.275233][ T29] audit: type=1400 audit(1763635865.396:352): avc: denied { unlink } for pid=3311 comm="syz-executor" name="file0" dev="tmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 32.297897][ T29] audit: type=1400 audit(1763635865.416:353): avc: denied { write } for pid=3938 comm="syz.1.169" name="001" dev="devtmpfs" ino=147 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 32.405952][ T29] audit: type=1400 audit(1763635865.536:354): avc: denied { write } for pid=3946 comm="syz.1.173" name="tcp6" dev="proc" ino=4026532575 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 32.428441][ T29] audit: type=1400 audit(1763635865.536:355): avc: denied { create } for pid=3945 comm="syz.4.172" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 32.479056][ T29] audit: type=1400 audit(1763635865.546:356): avc: denied { bind } for pid=3945 comm="syz.4.172" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 32.486629][ T3950] netlink: 12 bytes leftover after parsing attributes in process `syz.3.174'. [ 32.542553][ T3953] bridge_slave_0: left allmulticast mode [ 32.548231][ T3953] bridge_slave_0: left promiscuous mode [ 32.554009][ T3953] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.571967][ T29] audit: type=1400 audit(1763635865.646:357): avc: denied { write } for pid=3945 comm="syz.4.172" path="socket:[5040]" dev="sockfs" ino=5040 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 32.598164][ T3953] bridge_slave_1: left allmulticast mode [ 32.603893][ T3953] bridge_slave_1: left promiscuous mode [ 32.609748][ T3953] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.629567][ T3953] bond0: (slave bond_slave_0): Releasing backup interface [ 32.646968][ T3953] bond0: (slave bond_slave_1): Releasing backup interface [ 32.683192][ T3953] team0: Port device team_slave_0 removed [ 32.707668][ T3953] team0: Port device team_slave_1 removed [ 32.714754][ T3953] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 32.722240][ T3953] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 32.732325][ T3953] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 32.740279][ T3953] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 32.755217][ T3953] net_ratelimit: 46 callbacks suppressed [ 32.755229][ T3953] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 32.789335][ T3959] team0: Mode changed to "loadbalance" [ 32.795191][ T3782] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 32.795219][ T3950] netlink: 12 bytes leftover after parsing attributes in process `syz.3.174'. [ 32.815490][ T3950] Zero length message leads to an empty skb [ 32.826533][ T3782] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 32.839153][ T3782] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 32.861588][ T3782] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 32.880769][ T3967] netlink: 8 bytes leftover after parsing attributes in process `syz.1.189'. [ 32.926248][ T3964] loop2: detected capacity change from 0 to 8192 [ 32.976873][ T3304] loop2: p1 p2 p4 < > [ 32.980998][ T3304] loop2: partition table partially beyond EOD, truncated [ 32.991519][ T3304] loop2: p1 start 16777216 is beyond EOD, truncated [ 32.998141][ T3304] loop2: p2 size 515840 extends beyond EOD, truncated [ 33.008887][ T3304] loop2: p4 start 16777216 is beyond EOD, truncated [ 33.026414][ T3964] loop2: p1 p2 p4 < > [ 33.030522][ T3964] loop2: partition table partially beyond EOD, truncated [ 33.039557][ T3964] loop2: p1 start 16777216 is beyond EOD, truncated [ 33.046194][ T3964] loop2: p2 size 515840 extends beyond EOD, truncated [ 33.056854][ T3964] loop2: p4 start 16777216 is beyond EOD, truncated [ 33.066786][ T3982] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0 [ 33.076450][ T3981] IPVS: stopping master sync thread 3982 ... [ 33.148159][ T3984] loop2: detected capacity change from 0 to 1024 [ 33.171216][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 33.191772][ T3984] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.236745][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 33.261148][ T3997] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 33.268941][ T3997] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 33.276689][ T3997] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 33.284535][ T3997] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 33.292299][ T3997] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 33.300120][ T3997] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 33.307860][ T3997] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 33.315652][ T3997] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 33.323419][ T3997] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 33.385040][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.474965][ T4005] netlink: 'syz.3.195': attribute type 29 has an invalid length. [ 33.508660][ T4005] netlink: 'syz.3.195': attribute type 29 has an invalid length. [ 33.518279][ T4005] netlink: 500 bytes leftover after parsing attributes in process `syz.3.195'. [ 33.618465][ C1] hrtimer: interrupt took 41281 ns [ 33.632498][ T4015] SELinux: Context Ü is not valid (left unmapped). [ 33.648872][ T3374] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 33.658158][ T3374] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 33.775913][ T4031] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 33.828342][ T4031] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 33.876860][ T4036] mmap: syz.3.209 (4036) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 33.903541][ T4042] netlink: 24 bytes leftover after parsing attributes in process `syz.0.212'. [ 34.237001][ T4063] netlink: 12 bytes leftover after parsing attributes in process `syz.4.219'. [ 34.245931][ T4063] netlink: 12 bytes leftover after parsing attributes in process `syz.4.219'. [ 34.434693][ T4075] pim6reg1: entered promiscuous mode [ 34.440023][ T4075] pim6reg1: entered allmulticast mode [ 34.514419][ T4084] netlink: 'syz.0.229': attribute type 3 has an invalid length. [ 34.655741][ T4088] loop0: detected capacity change from 0 to 8192 [ 34.723300][ T3304] loop0: p1 p2 p4 < > [ 34.727397][ T3304] loop0: partition table partially beyond EOD, truncated [ 34.771920][ T3304] loop0: p1 start 16777216 is beyond EOD, truncated [ 34.778568][ T3304] loop0: p2 size 515840 extends beyond EOD, truncated [ 34.848019][ T3304] loop0: p4 start 16777216 is beyond EOD, truncated [ 34.872486][ T4103] SELinux: failed to load policy [ 34.882592][ T4088] loop0: p1 p2 p4 < > [ 34.886686][ T4088] loop0: partition table partially beyond EOD, truncated [ 34.908910][ T4088] loop0: p1 start 16777216 is beyond EOD, truncated [ 34.915533][ T4088] loop0: p2 size 515840 extends beyond EOD, truncated [ 34.978763][ T4088] loop0: p4 start 16777216 is beyond EOD, truncated [ 35.071266][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 35.109675][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 35.168438][ T4126] wg2: entered promiscuous mode [ 35.173343][ T4126] wg2: entered allmulticast mode [ 35.271722][ T4140] netlink: 188 bytes leftover after parsing attributes in process `syz.4.251'. [ 35.369836][ T4146] loop4: detected capacity change from 0 to 8192 [ 35.408844][ T3304] loop4: p1 p2 p4 < > [ 35.412936][ T3304] loop4: partition table partially beyond EOD, truncated [ 35.425511][ T3304] loop4: p1 start 16777216 is beyond EOD, truncated [ 35.432235][ T3304] loop4: p2 size 515840 extends beyond EOD, truncated [ 35.442410][ T3304] loop4: p4 start 16777216 is beyond EOD, truncated [ 35.458067][ T4146] loop4: p1 p2 p4 < > [ 35.462184][ T4146] loop4: partition table partially beyond EOD, truncated [ 35.476452][ T4146] loop4: p1 start 16777216 is beyond EOD, truncated [ 35.483090][ T4146] loop4: p2 size 515840 extends beyond EOD, truncated [ 35.583266][ T4163] process 'syz.0.260' launched '/dev/fd/3' with NULL argv: empty string added [ 35.624772][ T4146] loop4: p4 start 16777216 is beyond EOD, truncated [ 35.636793][ T4169] loop1: detected capacity change from 0 to 164 [ 35.728563][ T4169] syz.1.262: attempt to access beyond end of device [ 35.728563][ T4169] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 35.773896][ T4169] syz.1.262: attempt to access beyond end of device [ 35.773896][ T4169] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 35.781255][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 35.816620][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 35.970353][ T4171] loop2: detected capacity change from 0 to 32768 [ 36.019471][ T4171] loop2: p1 p3 < > [ 36.172241][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 36.172380][ T3300] udevd[3300]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 36.458750][ T4225] loop3: detected capacity change from 0 to 512 [ 36.468245][ T4225] EXT4-fs: Ignoring removed bh option [ 36.486870][ T4225] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 36.500074][ T4225] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 36.597738][ T4225] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 36.636299][ T4225] EXT4-fs (loop3): 1 truncate cleaned up [ 36.643250][ T4225] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.678096][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.704357][ T4236] bridge_slave_0: left allmulticast mode [ 36.710065][ T4236] bridge_slave_0: left promiscuous mode [ 36.715742][ T4236] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.725118][ T4239] __nla_validate_parse: 6 callbacks suppressed [ 36.725129][ T4239] netlink: 24 bytes leftover after parsing attributes in process `syz.3.283'. [ 36.787475][ T4236] bridge_slave_1: left allmulticast mode [ 36.793304][ T4236] bridge_slave_1: left promiscuous mode [ 36.799096][ T4236] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.801598][ T4248] netlink: 'syz.1.288': attribute type 8 has an invalid length. [ 36.813852][ T4248] netlink: 4 bytes leftover after parsing attributes in process `syz.1.288'. [ 36.824355][ T4236] bond0: (slave bond_slave_0): Releasing backup interface [ 36.833195][ T4236] bond0: (slave bond_slave_1): Releasing backup interface [ 36.843694][ T4236] team0: Port device team_slave_0 removed [ 36.851585][ T4236] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 36.858987][ T4236] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 36.867644][ T4236] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 36.875058][ T4236] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 36.887247][ T29] kauditd_printk_skb: 244 callbacks suppressed [ 36.887257][ T29] audit: type=1400 audit(1763635870.026:602): avc: denied { sys_module } for pid=4249 comm="syz.2.289" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 36.954064][ T4243] team0: Mode changed to "loadbalance" [ 36.964430][ T4248] bond0: entered promiscuous mode [ 36.969507][ T4248] bond_slave_0: entered promiscuous mode [ 36.975356][ T4248] bond_slave_1: entered promiscuous mode [ 36.982919][ T4248] gretap0: entered promiscuous mode [ 36.989141][ T4248] veth0_to_batadv: entered promiscuous mode [ 36.990689][ T4260] loop4: detected capacity change from 0 to 128 [ 36.995505][ T4248] hsr1: entered promiscuous mode [ 37.025443][ T4260] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 37.079601][ T4267] loop1: detected capacity change from 0 to 128 [ 37.136059][ T4260] ext4 filesystem being mounted at /50/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 37.178635][ T4267] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 37.195228][ T4276] loop2: detected capacity change from 0 to 256 [ 37.196147][ T29] audit: type=1400 audit(1763635870.336:603): avc: denied { add_name } for pid=4259 comm="syz.4.290" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 37.221945][ T29] audit: type=1400 audit(1763635870.336:604): avc: denied { create } for pid=4259 comm="syz.4.290" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 37.242255][ T29] audit: type=1400 audit(1763635870.376:605): avc: denied { remove_name } for pid=4259 comm="syz.4.290" name="file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 37.264811][ T4267] ext4 filesystem being mounted at /57/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 37.264749][ T29] audit: type=1400 audit(1763635870.376:606): avc: denied { rmdir } for pid=4259 comm="syz.4.290" name="file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 37.296708][ T29] audit: type=1400 audit(1763635870.376:607): avc: denied { mounton } for pid=4259 comm="syz.4.290" path="/50/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 37.298557][ T4280] loop3: detected capacity change from 0 to 164 [ 37.354577][ T4276] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 37.356456][ T3316] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 37.363175][ T4276] FAT-fs (loop2): Filesystem has been set read-only [ 37.372141][ T29] audit: type=1400 audit(1763635870.496:608): avc: denied { create } for pid=4266 comm="syz.1.293" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 37.434206][ T29] audit: type=1400 audit(1763635870.576:609): avc: denied { create } for pid=4266 comm="syz.1.293" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 37.475606][ T29] audit: type=1400 audit(1763635870.576:610): avc: denied { write open } for pid=4266 comm="syz.1.293" path="/57/mnt/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop1" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 37.519595][ T29] audit: type=1400 audit(1763635870.576:611): avc: denied { read } for pid=4266 comm="syz.1.293" path="/57/mnt/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop1" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 37.590961][ T4280] syz.3.299: attempt to access beyond end of device [ 37.590961][ T4280] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 37.604834][ T4280] syz.3.299: attempt to access beyond end of device [ 37.604834][ T4280] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 37.633250][ T3311] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 37.652931][ T4287] netlink: 'syz.4.303': attribute type 3 has an invalid length. [ 38.038189][ T4334] loop3: detected capacity change from 0 to 512 [ 38.190735][ T4334] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.218614][ T4334] ext4 filesystem being mounted at /70/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 38.280119][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.418514][ T4349] netlink: 60 bytes leftover after parsing attributes in process `syz.2.325'. [ 38.441214][ T4346] netlink: 60 bytes leftover after parsing attributes in process `syz.2.325'. [ 38.495090][ T4354] bridge_slave_0: left allmulticast mode [ 38.500899][ T4354] bridge_slave_0: left promiscuous mode [ 38.506515][ T4354] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.557246][ T4354] bridge_slave_1: left allmulticast mode [ 38.562950][ T4354] bridge_slave_1: left promiscuous mode [ 38.568585][ T4354] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.607857][ T4354] bond0: (slave bond_slave_0): Releasing backup interface [ 38.625614][ T4354] bond0: (slave bond_slave_1): Releasing backup interface [ 38.644905][ T4354] team0: Port device team_slave_0 removed [ 38.656134][ T4354] team0: Port device team_slave_1 removed [ 38.665645][ T4354] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 38.673741][ T4354] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 38.685252][ T4354] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 38.692685][ T4354] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 38.703093][ T4354] net_ratelimit: 46 callbacks suppressed [ 38.703106][ T4354] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 38.728558][ T4356] team0: Mode changed to "loadbalance" [ 38.870901][ T4370] Illegal XDP return value 16128 on prog (id 22) dev lo, expect packet loss! [ 38.972336][ T4375] hub 8-0:1.0: USB hub found [ 38.977023][ T4375] hub 8-0:1.0: 8 ports detected [ 39.059536][ T4367] loop1: detected capacity change from 0 to 32768 [ 39.138926][ T3304] loop1: p1 p3 < > [ 39.144736][ T4367] loop1: p1 p3 < > [ 39.250987][ T4394] loop2: detected capacity change from 0 to 128 [ 39.266813][ T4394] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 39.314424][ T4394] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 39.327853][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 39.338977][ T3300] udevd[3300]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 39.372868][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 39.375682][ T3300] udevd[3300]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 39.400995][ T3782] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 40.004987][ T4441] sch_tbf: burst 19360 is lower than device lo mtu (65550) ! [ 40.414550][ T4463] netlink: 'syz.3.372': attribute type 1 has an invalid length. [ 40.435076][ T4463] bond1: (slave bridge1): making interface the new active one [ 40.442814][ T4463] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 40.466266][ T4466] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 40.535640][ T4472] loop1: detected capacity change from 0 to 512 [ 40.542968][ T4472] msdos: Unknown parameter 'nodlaxed' [ 40.741437][ T4484] netlink: 96 bytes leftover after parsing attributes in process `syz.1.381'. [ 40.775349][ T4488] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 40.794656][ T4488] team0: No ports can be present during mode change [ 40.845492][ T4496] loop4: detected capacity change from 0 to 164 [ 40.856220][ T4496] syz.4.387: attempt to access beyond end of device [ 40.856220][ T4496] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 40.885722][ T4496] syz.4.387: attempt to access beyond end of device [ 40.885722][ T4496] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 41.077205][ T4511] loop2: detected capacity change from 0 to 128 [ 41.095670][ T4511] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 41.117853][ T4511] ext4 filesystem being mounted at /83/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 41.183722][ T3314] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 41.196799][ T4516] sch_tbf: burst 19360 is lower than device lo mtu (65550) ! [ 41.293766][ T4508] loop4: detected capacity change from 0 to 32768 [ 41.304835][ T4532] syz.1.400 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 41.330709][ T4534] netlink: 64 bytes leftover after parsing attributes in process `syz.1.401'. [ 41.338841][ T3304] loop4: p1 p3 < > [ 41.353049][ T4508] loop4: p1 p3 < > [ 41.379501][ T4538] capability: warning: `syz.1.403' uses 32-bit capabilities (legacy support in use) [ 41.457471][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 41.457653][ T3300] udevd[3300]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 41.482889][ T3300] udevd[3300]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 41.498471][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 41.556028][ T4553] loop1: detected capacity change from 0 to 128 [ 41.578474][ T4553] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 41.590738][ T4553] ext4 filesystem being mounted at /88/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 41.643689][ T3311] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 41.691143][ T4559] sch_tbf: burst 19360 is lower than device lo mtu (65550) ! [ 42.077586][ T29] kauditd_printk_skb: 83 callbacks suppressed [ 42.077599][ T29] audit: type=1326 audit(1763635875.216:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4583 comm="syz.2.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f400e82f749 code=0x7ffc0000 [ 42.106972][ T29] audit: type=1326 audit(1763635875.216:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4583 comm="syz.2.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f400e82f749 code=0x7ffc0000 [ 42.130388][ T29] audit: type=1326 audit(1763635875.216:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4583 comm="syz.2.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f400e82f749 code=0x7ffc0000 [ 42.153581][ T29] audit: type=1326 audit(1763635875.216:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4583 comm="syz.2.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f400e82f749 code=0x7ffc0000 [ 42.176857][ T29] audit: type=1326 audit(1763635875.286:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4591 comm="syz.0.426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f858170f749 code=0x7ffc0000 [ 42.200147][ T29] audit: type=1326 audit(1763635875.286:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4591 comm="syz.0.426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f858170f749 code=0x7ffc0000 [ 42.223436][ T29] audit: type=1326 audit(1763635875.286:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4591 comm="syz.0.426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f858170f749 code=0x7ffc0000 [ 42.246681][ T29] audit: type=1326 audit(1763635875.286:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4591 comm="syz.0.426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f858170f749 code=0x7ffc0000 [ 42.269875][ T29] audit: type=1326 audit(1763635875.286:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4591 comm="syz.0.426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f858170f749 code=0x7ffc0000 [ 42.293069][ T29] audit: type=1326 audit(1763635875.286:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4591 comm="syz.0.426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f858170f749 code=0x7ffc0000 [ 42.386587][ T4603] netlink: 'syz.3.432': attribute type 1 has an invalid length. [ 42.420172][ T4606] netlink: 'syz.0.433': attribute type 4 has an invalid length. [ 42.473573][ T4603] bond2: (slave geneve2): making interface the new active one [ 42.483531][ T4606] netlink: 'syz.0.433': attribute type 4 has an invalid length. [ 42.502219][ T4603] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 42.510927][ T52] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 42.528126][ T52] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 42.536111][ T4603] syz.3.432 (4603) used greatest stack depth: 9656 bytes left [ 42.537219][ T52] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 42.553282][ T52] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 42.854456][ T4649] netlink: 'syz.1.451': attribute type 1 has an invalid length. [ 42.862139][ T4649] netlink: 224 bytes leftover after parsing attributes in process `syz.1.451'. [ 42.928945][ T4656] loop1: detected capacity change from 0 to 512 [ 42.949563][ T4656] EXT4-fs (loop1): orphan cleanup on readonly fs [ 42.967663][ T4656] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.453: bad orphan inode 13 [ 42.993123][ T4656] ext4_test_bit(bit=12, block=18) = 1 [ 42.998610][ T4656] is_bad_inode(inode)=0 [ 43.002766][ T4656] NEXT_ORPHAN(inode)=2130706432 [ 43.007622][ T4656] max_ino=32 [ 43.010872][ T4656] i_nlink=1 [ 43.014466][ T4656] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 43.051294][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.125335][ T4676] netlink: 'syz.3.463': attribute type 10 has an invalid length. [ 43.138132][ T4676] team0: Port device dummy0 added [ 43.151784][ T4676] netlink: 'syz.3.463': attribute type 10 has an invalid length. [ 43.162457][ T4676] team0: Port device dummy0 removed [ 43.170128][ T4676] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 43.247658][ T4683] netlink: 8 bytes leftover after parsing attributes in process `syz.4.466'. [ 43.256461][ T4683] netlink: 24 bytes leftover after parsing attributes in process `syz.4.466'. [ 43.265660][ T4683] netlink: 8 bytes leftover after parsing attributes in process `syz.4.466'. [ 43.274476][ T4683] netlink: 24 bytes leftover after parsing attributes in process `syz.4.466'. [ 43.629138][ T4702] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 43.983403][ T4721] gretap0: entered promiscuous mode [ 44.004966][ T4721] netlink: 8 bytes leftover after parsing attributes in process `syz.0.481'. [ 44.013798][ T4721] gretap0: left promiscuous mode [ 44.066252][ T4731] netlink: 'syz.1.485': attribute type 83 has an invalid length. [ 44.169089][ T4744] gre1: entered promiscuous mode [ 44.174685][ T4742] xt_hashlimit: max too large, truncated to 1048576 [ 44.407576][ T4761] loop3: detected capacity change from 0 to 2048 [ 44.424299][ T4761] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.440489][ T4761] EXT4-fs error (device loop3): ext4_find_extent:939: inode #2: comm syz.3.500: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 44.457220][ T4761] EXT4-fs (loop3): Remounting filesystem read-only [ 44.491570][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.612582][ T4776] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 44.685507][ T4786] netlink: 12 bytes leftover after parsing attributes in process `syz.4.511'. [ 44.696679][ T4786] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 44.721856][ T4790] netlink: 24 bytes leftover after parsing attributes in process `syz.4.513'. [ 44.762948][ T4796] block device autoloading is deprecated and will be removed. [ 44.893131][ T4810] SELinux: failed to load policy [ 45.127680][ T4834] loop4: detected capacity change from 0 to 512 [ 45.181289][ T4834] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.223685][ T4834] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.251819][ T4834] EXT4-fs (loop4): shut down requested (0) [ 45.270570][ T4843] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 45.277186][ T4843] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 45.284696][ T4843] vhci_hcd vhci_hcd.0: Device attached [ 45.293508][ T4844] vhci_hcd: cannot find the pending unlink 1023 [ 45.301725][ T4847] xt_CT: You must specify a L4 protocol and not use inversions on it [ 45.303910][ T4834] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 45.321206][ T4844] vhci_hcd: connection closed [ 45.323165][ T3818] vhci_hcd: stop threads [ 45.332116][ T3818] vhci_hcd: release socket [ 45.336533][ T3818] vhci_hcd: disconnect device [ 45.352712][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.396726][ T4857] netlink: 8 bytes leftover after parsing attributes in process `syz.3.542'. [ 45.829187][ T4901] netlink: 8 bytes leftover after parsing attributes in process `syz.4.564'. [ 45.926368][ T3374] kernel write not supported for file bpf-prog (pid: 3374 comm: kworker/1:2) [ 46.000417][ T4920] loop0: detected capacity change from 0 to 512 [ 46.028081][ T4920] EXT4-fs (loop0): too many log groups per flexible block group [ 46.035944][ T4920] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 46.055861][ T4920] EXT4-fs (loop0): mount failed [ 46.529663][ T4980] netlink: 'syz.2.601': attribute type 1 has an invalid length. [ 46.666479][ T5002] netlink: 'syz.2.612': attribute type 10 has an invalid length. [ 46.678421][ T5002] team0: Port device dummy0 added [ 46.689483][ T5002] netlink: 'syz.2.612': attribute type 10 has an invalid length. [ 46.704764][ T5002] team0: Port device dummy0 removed [ 46.713207][ T5002] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 46.770670][ T5013] loop2: detected capacity change from 0 to 512 [ 46.793268][ T5016] netlink: 'syz.1.617': attribute type 1 has an invalid length. [ 46.818790][ T5016] 8021q: adding VLAN 0 to HW filter on device bond1 [ 46.828867][ T5013] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.845395][ T5013] ext4 filesystem being mounted at /130/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.864580][ T5016] bond1: (slave gretap1): making interface the new active one [ 46.872199][ T5013] EXT4-fs (loop2): shut down requested (0) [ 46.873002][ T5016] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 46.898955][ T5016] syz.1.617 (5016) used greatest stack depth: 9392 bytes left [ 46.901392][ T5013] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 46.945089][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.991100][ T5030] SELinux: failed to load policy [ 47.154806][ T29] kauditd_printk_skb: 185 callbacks suppressed [ 47.154821][ T29] audit: type=1400 audit(1763635880.296:890): avc: denied { ioctl } for pid=5041 comm="syz.1.629" path="socket:[8822]" dev="sockfs" ino=8822 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 47.186021][ T29] audit: type=1400 audit(1763635880.296:891): avc: denied { bind } for pid=5041 comm="syz.1.629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 47.205121][ T29] audit: type=1400 audit(1763635880.296:892): avc: denied { write } for pid=5041 comm="syz.1.629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 47.409994][ T5063] loop4: detected capacity change from 0 to 128 [ 47.546652][ T5065] ================================================================== [ 47.554754][ T5065] BUG: KCSAN: data-race in __writeback_single_inode / xas_set_mark [ 47.562647][ T5065] [ 47.564969][ T5065] write to 0xffff88810c60da14 of 4 bytes by task 5063 on cpu 0: [ 47.572290][ T5067] syz.4.632: attempt to access beyond end of device [ 47.572290][ T5067] loop4: rw=2049, sector=129, nr_sectors = 8 limit=128 [ 47.572586][ T5065] xas_set_mark+0x12b/0x140 [ 47.590334][ T5065] __folio_start_writeback+0x155/0x390 [ 47.595786][ T5065] __block_write_full_folio+0x53a/0x8f0 [ 47.601322][ T5065] block_write_full_folio+0x2c2/0x2e0 [ 47.606686][ T5065] mpage_writepages+0x6cf/0x1250 [ 47.611623][ T5065] fat_writepages+0x24/0x30 [ 47.616114][ T5065] do_writepages+0x1c6/0x310 [ 47.620689][ T5065] file_write_and_wait_range+0x156/0x2c0 [ 47.626313][ T5065] __generic_file_fsync+0x46/0x140 [ 47.631410][ T5065] fat_file_fsync+0x49/0x100 [ 47.635986][ T5065] vfs_fsync_range+0x10d/0x130 [ 47.640741][ T5065] generic_file_write_iter+0x1b8/0x2f0 [ 47.646182][ T5065] iter_file_splice_write+0x666/0xa60 [ 47.651540][ T5065] direct_splice_actor+0x156/0x2a0 [ 47.656637][ T5065] splice_direct_to_actor+0x312/0x680 [ 47.661992][ T5065] do_splice_direct+0xda/0x150 [ 47.666742][ T5065] do_sendfile+0x380/0x650 [ 47.671151][ T5065] __x64_sys_sendfile64+0x105/0x150 [ 47.676342][ T5065] x64_sys_call+0x2bb4/0x3000 [ 47.681004][ T5065] do_syscall_64+0xd2/0x200 [ 47.685492][ T5065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.691368][ T5065] [ 47.693673][ T5065] read to 0xffff88810c60da14 of 4 bytes by task 5065 on cpu 1: [ 47.701196][ T5065] __writeback_single_inode+0x1f9/0x7c0 [ 47.706726][ T5065] writeback_single_inode+0x16d/0x3f0 [ 47.712087][ T5065] sync_inode_metadata+0x5b/0x90 [ 47.717017][ T5065] __generic_file_fsync+0xf8/0x140 [ 47.722115][ T5065] fat_file_fsync+0x49/0x100 [ 47.726691][ T5065] vfs_fsync_range+0x10d/0x130 [ 47.731447][ T5065] generic_file_write_iter+0x1b8/0x2f0 [ 47.736888][ T5065] iter_file_splice_write+0x666/0xa60 [ 47.742243][ T5065] direct_splice_actor+0x156/0x2a0 [ 47.747339][ T5065] splice_direct_to_actor+0x312/0x680 [ 47.752696][ T5065] do_splice_direct+0xda/0x150 [ 47.757456][ T5065] do_sendfile+0x380/0x650 [ 47.761873][ T5065] __x64_sys_sendfile64+0x105/0x150 [ 47.767062][ T5065] x64_sys_call+0x2bb4/0x3000 [ 47.771725][ T5065] do_syscall_64+0xd2/0x200 [ 47.776209][ T5065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.782085][ T5065] [ 47.784387][ T5065] value changed: 0x0a000021 -> 0x04000021 [ 47.790078][ T5065] [ 47.792382][ T5065] Reported by Kernel Concurrency Sanitizer on: [ 47.798522][ T5065] CPU: 1 UID: 0 PID: 5065 Comm: syz.4.632 Not tainted syzkaller #0 PREEMPT(voluntary) [ 47.808138][ T5065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 47.818174][ T5065] ================================================================== [ 47.851922][ T5065] syz.4.632: attempt to access beyond end of device [ 47.851922][ T5065] loop4: rw=2049, sector=137, nr_sectors = 1 limit=128 [ 47.865462][ T5063] syz.4.632: attempt to access beyond end of device [ 47.865462][ T5063] loop4: rw=2049, sector=137, nr_sectors = 1 limit=128 [ 47.883505][ T5063] syz.4.632: attempt to access beyond end of device [ 47.883505][ T5063] loop4: rw=2049, sector=137, nr_sectors = 1 limit=128