last executing test programs: 3.906808406s ago: executing program 4 (id=493): syz_usb_connect(0x3, 0x0, 0x0, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x2, 0x7, 0x0, 0x0, 0x2, 0x0, 0x70bd29}, 0x10}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x18) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) keyctl$set_reqkey_keyring(0xe, 0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000000140)='./file0\x00', 0xa4000021) close(r1) 2.655765466s ago: executing program 2 (id=512): bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000780)={0x5d, &(0x7f00000000c0)}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x44, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x1006, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6000000000142c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0600ff"], 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff6, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x7000000}, 0x48) 2.425833998s ago: executing program 3 (id=516): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x110200, 0x318, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000b00)={'#! ', '', [{0x20, ' \x15'}, {}], 0xa, "78e9"}, 0xa) mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r4, 0x0) perf_event_open(&(0x7f0000000400)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x9}, 0x0, 0x0, 0x3}, 0xffffffffffffffff, 0x0, r2, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 2.330309737s ago: executing program 2 (id=517): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x9, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x18) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x840) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, 0x0, &(0x7f0000000180)}, 0x20) r1 = syz_io_uring_setup(0xa4d, &(0x7f0000000480)={0x0, 0xf792, 0x80, 0x9, 0x201}, &(0x7f0000000680)=0x0, &(0x7f0000000440)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2c, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x9, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x23456}) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) 2.312156579s ago: executing program 3 (id=520): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x11e) renameat2(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r3}, 0x10) r4 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 2.188709781s ago: executing program 2 (id=522): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0xa3) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x18) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x0, 0x318}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 2.154516794s ago: executing program 3 (id=523): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x2}, &(0x7f0000000b80)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) pipe2(&(0x7f0000000580)={0xffffffffffffffff}, 0x0) pipe2(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r2, r3, 0xfffffffffffffc01, 0x0) tee(r2, r3, 0x60000000000, 0x0) 1.88221124s ago: executing program 2 (id=524): perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10022, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1080}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r0, 0x0) 1.742553444s ago: executing program 0 (id=526): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$tun(0xffffffffffffff9c, 0x0, 0x149640, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x627, 0x4c1, 0x43, 0x0, 0x30) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90224fc602f0000000a0c0100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 1.517854154s ago: executing program 0 (id=527): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0xb76e}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x800, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200a}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000018c0), r3) sendmsg$IPVS_CMD_NEW_DAEMON(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000004c0)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002abd7000ffdbdf25090000006400038008000100010000000800030004000000140002007665744e315f6d616376746170000000060004000200000008000500e0000000140002006970766c616e31"], 0x78}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 1.388986147s ago: executing program 0 (id=538): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet(r1, &(0x7f00000002c0)="cc", 0x1, 0x4000, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000580)={0x2, 0x0, 0x6, 0xffffffff}, 0x10) sendto$inet6(r1, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000040)={0x0, 0x0, 0x7e}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000280)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000005c0)={0x0, 0x2, 0x7e}, 0x39) 1.35766336s ago: executing program 1 (id=529): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6000000000142c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0600ff"], 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r1, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff6, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x7000000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r3}, 0x10) 1.074828167s ago: executing program 4 (id=530): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0xa00, &(0x7f0000000080)={&(0x7f0000000040)=@flushpolicy={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@policy_type={0xa, 0x10, {0x1}}]}, 0x1c}}, 0x0) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x2, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000380)={0x43, 0x4, 0x3, 0x3}, 0x10) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x9, 0x690bb, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x31, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$tipc(r1, &(0x7f0000000400)={&(0x7f00000008c0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x4008030) 1.071845127s ago: executing program 0 (id=541): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff27}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f00000002c0)='+}[@\x00G5\v\x89n\xb2\x0e\xb7\xb4\x9a\xb3\xb9\xe1\xff@`\x87\xefy\xb7\xe0\xe6c\x91\x81ND\t3\xc4\xca\xf0\xd0Zp\xadbdY\xdcz\xc6lo\xd0\xc7\'CT') r1 = msgget$private(0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x17, 0x2000000000000242, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r3}, 0x10) msgsnd(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2000, 0x0) msgctl$IPC_SET(r1, 0x1, &(0x7f00000004c0)={{0x0, 0xee00, 0x0, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0x0, 0xb, 0x6f76, 0x7, 0x0, 0x1, 0x8, 0x7f, 0x3}) 1.067437428s ago: executing program 1 (id=531): creat(0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = memfd_create(&(0x7f0000000100)='\vem\xda\x99R@m\xfc\xfe\x9b#*\xff', 0x0) write(r2, &(0x7f0000000040)="0600", 0x2) sendfile(r2, r2, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f000002eff0)={0x135, &(0x7f0000000000)=[{}]}, 0x10) 753.905938ms ago: executing program 0 (id=532): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) syz_clone(0x20000, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000740), &(0x7f0000000780)="7a7a445e9898594089c43407") sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x200c0810}, 0x44004) syz_mount_image$msdos(&(0x7f0000000340), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000400)={[{@nodots}, {@nodots}, {@fat=@errors_continue}, {@fat=@check_strict}, {@fat=@dos1xfloppy}, {@dots}, {@fat=@dmask={'dmask', 0x3d, 0x5}}, {@fat=@tz_utc}, {@nodots}, {@nodots}, {@nodots}]}, 0x0, 0x237, &(0x7f0000000480)="$eJzs3EFrM0UcB+CJaZs2paUnQU+DXvQStFc9KFKhGFCsKepB2NKthsSkZHNIPOXsyc/g0YNevAl+g34J9VaE0ouCYKTdtElaLfVt9y28fZ5L/zu/nd2Z7mYJE9jjN7/5snWQ1Q6S/u5ypRSeeyuM/vhrnAu5UXj1h49Pv95ZCnNijOvjSl6v7v64/lMlHG18dnyy+dvR80cvHP/90RfNLDaz2On2YxL3ut1+stdO434za9Vi/KCdJlkam50s7c3lB+3u4eEwJp39tephL82ymHSGsZUOY78b+71hTD5Pmp1Yq9XiWjVwF43v/hyPw8nZta6MwvSK81i4/o/bziefvvd2vb71YYzLIfw+GjQGjfxvnr+7Xd96LZ7bmPY6HQwa5cv89TyPM4cdDBqLoTrJN6/lZ/2Xwisv5/lZ9s779Sv5StgvfPYAAAAAAPBsqsVL19f3S5PN+fzX6vn6fr4x8/tAvn7/7c+T/gvhxYWnPBkAAADgX2XDr1pJu532ZotftkOYaSmHEKb7rIT5ne+/WAzttLcQ5qOLARd10kKKUsgXUaYtb4Q7HnlcCaH4wZcn/+2r0dJFy8pN908Rt8TceMrXBna3YvWyJWzcrlf5vmf6feEfq/9Z3PDQeKm45xEAAFCc6Zf+hx4JAAAAAAAAAAAAAAAAAAAAPF63eB/Yxavenvh1YtOzlR5qmgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/+mfAAAA///s9FOv") socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="88010000170a01"], 0x188}}, 0x0) 743.011169ms ago: executing program 3 (id=533): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0xc, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900), 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00'}, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc0000000000000000000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4800) 733.76205ms ago: executing program 4 (id=534): openat$selinux_create(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) write$selinux_access(0xffffffffffffffff, 0x0, 0x49) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffff001}, 0x18) r2 = socket$netlink(0x10, 0x3, 0x4) r3 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x2, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r3, &(0x7f0000000040)={0x1d, r4}, 0x10) close_range(r2, 0xffffffffffffffff, 0x0) 555.888157ms ago: executing program 0 (id=535): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@nobarrier}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r3, &(0x7f00000001c0)="f1", 0x1) sendfile(r3, r1, 0x0, 0x40001) sendfile(r3, r2, 0x0, 0x7ffff000) 541.230368ms ago: executing program 3 (id=536): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000240)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000080)={0xffffffffffffffff, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0x4, "faf900000080149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d665f985881a350000ddffffff00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "715237601a8ca5b07dcc141802c4dacf162e43ac61f7ad330000000000a04100", [0xfffffffffffffce8, 0xa]}}) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) lsm_set_self_attr(0x69, &(0x7f0000000140)={0x65, 0x56ccfd30, 0x20}, 0x20, 0x0) 473.217335ms ago: executing program 4 (id=537): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x110200, 0x318, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000b00)={'#! ', '', [{0x20, ' \x15'}, {}], 0xa, "78e9"}, 0xa) mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r4, 0x0) perf_event_open(&(0x7f0000000400)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x9}, 0x0, 0x0, 0x3}, 0xffffffffffffffff, 0x0, r2, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 470.642405ms ago: executing program 3 (id=549): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) mmap(&(0x7f00003f0000/0x2000)=nil, 0x2000, 0x4, 0x11012, 0xffffffffffffffff, 0x308000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x10021, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = gettid() add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) 301.940541ms ago: executing program 4 (id=539): openat$autofs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x200, 0x2}}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, 0xdf) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) fremovexattr(r1, &(0x7f0000000100)=@random={'trusted.', 'nfc\x00'}) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='cpu>00||!') sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="6800000000010104020000000000000002000000240001801400018008000100e000000108000200ac1414000c0002800500010000000000240002801400018008000100e000000108000200e00000010c00028005000100000000000800074000000000040006"], 0x68}}, 0x0) 274.443254ms ago: executing program 2 (id=540): syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r4}, 0x10) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 220.927499ms ago: executing program 4 (id=542): r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) sendto$inet6(r0, &(0x7f0000000100)="15", 0x1, 0x40001, &(0x7f0000000140)={0xa, 0x4e23, 0x804, @local, 0x3}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000380)={&(0x7f0000000180)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, &(0x7f0000000340)=[{&(0x7f0000000480)='y', 0x1}], 0x1}, 0x0) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, 0x0, 0x0, 0x4}, &(0x7f0000000080)=0x9c) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0xc03, 0x0, 0x0, {0x7, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0) 136.213127ms ago: executing program 2 (id=543): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) mknodat$loop(0xffffffffffffff9c, 0x0, 0x6004, 0x1) r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) close_range(r3, 0xffffffffffffffff, 0x200000000000000) 133.337347ms ago: executing program 1 (id=544): setresgid(0x0, 0xee01, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setuid(0xee01) setgroups(0x0, 0x0) r0 = fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7}) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) fchownat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xee01, 0x0, 0x1000) 110.14889ms ago: executing program 1 (id=545): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffe}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x10) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000640)=[{0x6, 0x83, 0xfc, 0xfffffffe}]}, 0x10) close(r0) 74.617953ms ago: executing program 1 (id=546): sendmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x24000052) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x3}, 0x18) socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet_sctp(0x2, 0x1, 0x84) r2 = socket$inet(0x2, 0x2, 0x1) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x44010) sendmsg$inet(r2, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0x4f21, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000180)="0800c8460f2a2a2a", 0x8}], 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20000000) 0s ago: executing program 1 (id=547): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f00000001c0)={&(0x7f0000000140), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000011}, 0x30) syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x2, 0xf4039, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x147b7e, 0x0, @perf_bp={0x0, 0x6}, 0x9092, 0x0, 0x43a1bd76, 0x9, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) syz_usb_disconnect(0xffffffffffffffff) ioprio_set$pid(0x3, 0x0, 0x4007) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.180' (ED25519) to the list of known hosts. [ 24.785474][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 24.785487][ T29] audit: type=1400 audit(1766608213.240:70): avc: denied { mounton } for pid=3305 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 24.814358][ T29] audit: type=1400 audit(1766608213.270:71): avc: denied { mount } for pid=3305 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.815042][ T3305] cgroup: Unknown subsys name 'net' [ 24.841922][ T29] audit: type=1400 audit(1766608213.300:72): avc: denied { unmount } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.978274][ T3305] cgroup: Unknown subsys name 'cpuset' [ 24.984244][ T3305] cgroup: Unknown subsys name 'rlimit' [ 25.173479][ T29] audit: type=1400 audit(1766608213.630:73): avc: denied { setattr } for pid=3305 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.196737][ T29] audit: type=1400 audit(1766608213.630:74): avc: denied { create } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 25.216459][ T3309] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 25.217194][ T29] audit: type=1400 audit(1766608213.630:75): avc: denied { write } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.246070][ T29] audit: type=1400 audit(1766608213.630:76): avc: denied { read } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.266383][ T29] audit: type=1400 audit(1766608213.640:77): avc: denied { mounton } for pid=3305 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 25.272722][ T3305] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 25.291138][ T29] audit: type=1400 audit(1766608213.640:78): avc: denied { mount } for pid=3305 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 25.323058][ T29] audit: type=1400 audit(1766608213.650:79): avc: denied { read } for pid=3045 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 26.554214][ T3321] chnl_net:caif_netlink_parms(): no params data found [ 26.571531][ T3315] chnl_net:caif_netlink_parms(): no params data found [ 26.636664][ T3316] chnl_net:caif_netlink_parms(): no params data found [ 26.661709][ T3321] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.668784][ T3321] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.675895][ T3321] bridge_slave_0: entered allmulticast mode [ 26.682217][ T3321] bridge_slave_0: entered promiscuous mode [ 26.702773][ T3321] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.709918][ T3321] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.716972][ T3321] bridge_slave_1: entered allmulticast mode [ 26.723494][ T3321] bridge_slave_1: entered promiscuous mode [ 26.746421][ T3323] chnl_net:caif_netlink_parms(): no params data found [ 26.772498][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 26.781700][ T3315] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.788787][ T3315] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.795902][ T3315] bridge_slave_0: entered allmulticast mode [ 26.802315][ T3315] bridge_slave_0: entered promiscuous mode [ 26.819456][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 26.833106][ T3315] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.840225][ T3315] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.847272][ T3315] bridge_slave_1: entered allmulticast mode [ 26.853648][ T3315] bridge_slave_1: entered promiscuous mode [ 26.884450][ T3316] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.891561][ T3316] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.898704][ T3316] bridge_slave_0: entered allmulticast mode [ 26.904870][ T3316] bridge_slave_0: entered promiscuous mode [ 26.911211][ T3319] chnl_net:caif_netlink_parms(): no params data found [ 26.919781][ T3316] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.926852][ T3316] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.934024][ T3316] bridge_slave_1: entered allmulticast mode [ 26.940368][ T3316] bridge_slave_1: entered promiscuous mode [ 26.948878][ T3321] team0: Port device team_slave_0 added [ 26.955354][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 26.973671][ T3321] team0: Port device team_slave_1 added [ 26.980110][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.013864][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.038040][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.051706][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.058659][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.084551][ T3321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.098092][ T3315] team0: Port device team_slave_0 added [ 27.107760][ T3323] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.114784][ T3323] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.121949][ T3323] bridge_slave_0: entered allmulticast mode [ 27.128296][ T3323] bridge_slave_0: entered promiscuous mode [ 27.134764][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.141716][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.167609][ T3321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.181413][ T3315] team0: Port device team_slave_1 added [ 27.195422][ T3323] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.202472][ T3323] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.209583][ T3323] bridge_slave_1: entered allmulticast mode [ 27.215902][ T3323] bridge_slave_1: entered promiscuous mode [ 27.238327][ T3316] team0: Port device team_slave_0 added [ 27.244747][ T3316] team0: Port device team_slave_1 added [ 27.255107][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.262046][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.287914][ T3315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.298664][ T3319] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.305804][ T3319] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.313160][ T3319] bridge_slave_0: entered allmulticast mode [ 27.319603][ T3319] bridge_slave_0: entered promiscuous mode [ 27.335103][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.342099][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.367978][ T3315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.378798][ T3319] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.385836][ T3319] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.392986][ T3319] bridge_slave_1: entered allmulticast mode [ 27.399481][ T3319] bridge_slave_1: entered promiscuous mode [ 27.416746][ T3323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.432917][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.439874][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.465754][ T3316] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.481662][ T3323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.495309][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.502313][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.528270][ T3316] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.540634][ T3321] hsr_slave_0: entered promiscuous mode [ 27.546654][ T3321] hsr_slave_1: entered promiscuous mode [ 27.563394][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.575552][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.605253][ T3323] team0: Port device team_slave_0 added [ 27.612686][ T3315] hsr_slave_0: entered promiscuous mode [ 27.618645][ T3315] hsr_slave_1: entered promiscuous mode [ 27.624337][ T3315] debugfs: 'hsr0' already exists in 'hsr' [ 27.630062][ T3315] Cannot create hsr debugfs directory [ 27.645220][ T3323] team0: Port device team_slave_1 added [ 27.655991][ T3319] team0: Port device team_slave_0 added [ 27.680520][ T3319] team0: Port device team_slave_1 added [ 27.692657][ T3316] hsr_slave_0: entered promiscuous mode [ 27.698541][ T3316] hsr_slave_1: entered promiscuous mode [ 27.704331][ T3316] debugfs: 'hsr0' already exists in 'hsr' [ 27.710065][ T3316] Cannot create hsr debugfs directory [ 27.726338][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.733382][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.759271][ T3323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.779035][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.786009][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.812038][ T3323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.825535][ T3319] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.832586][ T3319] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.858534][ T3319] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.880972][ T3319] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.887979][ T3319] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.913847][ T3319] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.982578][ T3323] hsr_slave_0: entered promiscuous mode [ 27.988675][ T3323] hsr_slave_1: entered promiscuous mode [ 27.994461][ T3323] debugfs: 'hsr0' already exists in 'hsr' [ 28.000196][ T3323] Cannot create hsr debugfs directory [ 28.013602][ T3319] hsr_slave_0: entered promiscuous mode [ 28.019658][ T3319] hsr_slave_1: entered promiscuous mode [ 28.025391][ T3319] debugfs: 'hsr0' already exists in 'hsr' [ 28.031152][ T3319] Cannot create hsr debugfs directory [ 28.132023][ T3315] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 28.140488][ T3315] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 28.153456][ T3315] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 28.167621][ T3315] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 28.190687][ T3316] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 28.201142][ T3316] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 28.209653][ T3316] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 28.222229][ T3316] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 28.248203][ T3321] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 28.263842][ T3321] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 28.273135][ T3321] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 28.283073][ T3321] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 28.307987][ T3319] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 28.316158][ T3319] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 28.336073][ T3319] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 28.345806][ T3319] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 28.371776][ T3323] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 28.381852][ T3323] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 28.392389][ T3323] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 28.400856][ T3323] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 28.418282][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.448746][ T3315] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.467622][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.475464][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.482513][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.500327][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.508389][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.515428][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.534488][ T3321] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.553494][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.560629][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.574554][ T3316] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.583035][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.591232][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.598279][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.609987][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.617050][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.633761][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.640816][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.669183][ T3319] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.707958][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.715002][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.732008][ T3323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.741155][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.748369][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.777754][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.785501][ T3319] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 28.795907][ T3319] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 28.816798][ T3323] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.832446][ T1922] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.839500][ T1922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.876340][ T1946] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.883448][ T1946] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.901266][ T3316] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.917135][ T3321] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.932877][ T3319] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.996405][ T3315] veth0_vlan: entered promiscuous mode [ 29.025009][ T3315] veth1_vlan: entered promiscuous mode [ 29.056511][ T3315] veth0_macvtap: entered promiscuous mode [ 29.082784][ T3315] veth1_macvtap: entered promiscuous mode [ 29.098354][ T3316] veth0_vlan: entered promiscuous mode [ 29.114446][ T3321] veth0_vlan: entered promiscuous mode [ 29.123811][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.133993][ T3319] veth0_vlan: entered promiscuous mode [ 29.140150][ T3316] veth1_vlan: entered promiscuous mode [ 29.147117][ T3321] veth1_vlan: entered promiscuous mode [ 29.159618][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.170317][ T3319] veth1_vlan: entered promiscuous mode [ 29.178377][ T3323] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.188570][ T92] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.207943][ T53] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.223727][ T53] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.237959][ T53] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.254659][ T3321] veth0_macvtap: entered promiscuous mode [ 29.261631][ T3315] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 29.264163][ T3319] veth0_macvtap: entered promiscuous mode [ 29.284501][ T3316] veth0_macvtap: entered promiscuous mode [ 29.297582][ T3316] veth1_macvtap: entered promiscuous mode [ 29.304648][ T3321] veth1_macvtap: entered promiscuous mode [ 29.313681][ T3319] veth1_macvtap: entered promiscuous mode [ 29.331219][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.345144][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.358204][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.366332][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.383791][ T53] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.401541][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.412556][ T53] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.431606][ T53] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.441512][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.450377][ T53] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.470978][ T53] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.472537][ T3489] syz.1.6 uses obsolete (PF_INET,SOCK_PACKET) [ 29.486031][ T53] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.520684][ T53] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.546343][ T53] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.575268][ T53] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.588572][ T3323] veth0_vlan: entered promiscuous mode [ 29.611994][ T53] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.625821][ T53] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.636404][ T3500] capability: warning: `syz.0.1' uses 32-bit capabilities (legacy support in use) [ 29.642379][ T53] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.655232][ T3323] veth1_vlan: entered promiscuous mode [ 29.670221][ T3323] veth0_macvtap: entered promiscuous mode [ 29.679278][ T3323] veth1_macvtap: entered promiscuous mode [ 29.698248][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.713909][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.730269][ T53] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.751997][ T3506] bridge_slave_0: left allmulticast mode [ 29.757643][ T3506] bridge_slave_0: left promiscuous mode [ 29.763378][ T3506] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.773251][ T3506] bridge_slave_1: left allmulticast mode [ 29.779100][ T3506] bridge_slave_1: left promiscuous mode [ 29.784857][ T3506] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.798940][ T3510] process 'syz.2.11' launched '/dev/fd/4' with NULL argv: empty string added [ 29.799188][ T29] kauditd_printk_skb: 48 callbacks suppressed [ 29.799200][ T29] audit: type=1400 audit(1766608218.260:128): avc: denied { execute } for pid=3509 comm="syz.2.11" dev="tmpfs" ino=1024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 29.835567][ T29] audit: type=1400 audit(1766608218.270:129): avc: denied { execute_no_trans } for pid=3509 comm="syz.2.11" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 29.865768][ T3506] bond0: (slave bond_slave_0): Releasing backup interface [ 29.875027][ T3506] bond0: (slave bond_slave_1): Releasing backup interface [ 29.886000][ T3506] team0: Port device team_slave_0 removed [ 29.893884][ T3506] team0: Port device team_slave_1 removed [ 29.900382][ T3506] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 29.907819][ T3506] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 29.915975][ T3506] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 29.923557][ T3506] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 29.932308][ T3506] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 29.949487][ T53] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.969665][ T29] audit: type=1400 audit(1766608218.430:130): avc: denied { mounton } for pid=3323 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 30.001430][ T53] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.022743][ T53] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.046042][ T29] audit: type=1400 audit(1766608218.500:131): avc: denied { create } for pid=3522 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 30.101633][ T29] audit: type=1400 audit(1766608218.530:132): avc: denied { bind } for pid=3522 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 30.120730][ T29] audit: type=1400 audit(1766608218.530:133): avc: denied { listen } for pid=3522 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 30.139878][ T29] audit: type=1400 audit(1766608218.530:134): avc: denied { write } for pid=3522 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 30.159064][ T29] audit: type=1400 audit(1766608218.530:135): avc: denied { accept } for pid=3522 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 30.178239][ T29] audit: type=1400 audit(1766608218.550:136): avc: denied { execute } for pid=3524 comm="syz.4.13" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=5346 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 30.209140][ T3532] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 30.209140][ T3532] The task syz.4.13 (3532) triggered the difference, watch for misbehavior. [ 30.267646][ T3534] loop1: detected capacity change from 0 to 1024 [ 30.293331][ T3534] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 30.311324][ T29] audit: type=1400 audit(1766608218.770:137): avc: denied { mount } for pid=3533 comm="syz.1.16" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 30.458239][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 30.553536][ T3551] syz.1.22 (3551) used greatest stack depth: 10192 bytes left [ 30.567033][ T3557] team0: No ports can be present during mode change [ 30.700382][ T3568] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 31.034319][ C1] hrtimer: interrupt took 31042 ns [ 31.503601][ T3568] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 31.890521][ T3621] netlink: 'syz.4.52': attribute type 83 has an invalid length. [ 31.952002][ T3626] Illegal XDP return value 4291383296 on prog (id 39) dev syz_tun, expect packet loss! [ 32.057026][ T3633] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 32.113692][ T3633] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 32.164280][ T3568] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 32.209452][ T3633] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 32.236308][ T3568] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 32.324366][ T3665] netlink: 8 bytes leftover after parsing attributes in process `syz.4.72'. [ 32.334041][ T3665] netlink: 8 bytes leftover after parsing attributes in process `syz.4.72'. [ 32.347417][ T3633] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 32.397430][ T1601] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.423657][ T1601] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.462564][ T1601] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.488331][ T1601] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.496669][ T1601] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.517835][ T1601] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.527881][ T1601] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.553755][ T1601] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.743632][ T3687] ======================================================= [ 32.743632][ T3687] WARNING: The mand mount option has been deprecated and [ 32.743632][ T3687] and is ignored by this kernel. Remove the mand [ 32.743632][ T3687] option from the mount to silence this warning. [ 32.743632][ T3687] ======================================================= [ 32.829008][ T3689] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 32.874036][ T3693] netlink: 87 bytes leftover after parsing attributes in process `syz.4.84'. [ 32.911971][ T3697] loop3: detected capacity change from 0 to 1024 [ 32.919020][ T3697] EXT4-fs: Ignoring removed bh option [ 32.931334][ T3697] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.946189][ T3689] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.010661][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.039743][ T3689] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.054530][ T3705] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3705 comm=syz.4.89 [ 33.121507][ T3689] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.189792][ T3718] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 33.196315][ T3718] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 33.203913][ T3718] vhci_hcd vhci_hcd.0: Device attached [ 33.240449][ T3719] vhci_hcd: connection closed [ 33.241220][ T958] vhci_hcd vhci_hcd.1: stop threads [ 33.251189][ T958] vhci_hcd vhci_hcd.1: release socket [ 33.256548][ T958] vhci_hcd vhci_hcd.1: disconnect device [ 33.341918][ T3734] loop3: detected capacity change from 0 to 512 [ 33.359066][ T3734] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 33.374177][ T3734] EXT4-fs (loop3): mount failed [ 33.558410][ T3753] netlink: 'syz.3.107': attribute type 39 has an invalid length. [ 33.773438][ T3765] ip6t_rpfilter: unknown options [ 33.812116][ T3769] loop1: detected capacity change from 0 to 1024 [ 33.819514][ T3769] EXT4-fs: Ignoring removed nobh option [ 33.825428][ T3769] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 33.834363][ T3769] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 33.844160][ T3769] EXT4-fs error (device loop1): ext4_get_journal_inode:5849: comm syz.1.114: inode #4294967295: comm syz.1.114: iget: illegal inode # [ 33.858232][ T3769] EXT4-fs (loop1): no journal found [ 33.863445][ T3769] EXT4-fs (loop1): can't get journal size [ 33.872412][ T3769] EXT4-fs (loop1): failed to initialize system zone (-22) [ 33.879609][ T3769] EXT4-fs (loop1): mount failed [ 33.890705][ T3769] netlink: 'syz.1.114': attribute type 13 has an invalid length. [ 33.932956][ T3769] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.940302][ T3769] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.976758][ T3769] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 33.986557][ T3769] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 34.035964][ T1601] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.044979][ T1601] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.054614][ T1601] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.078159][ T1601] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.113145][ T3776] netlink: 8 bytes leftover after parsing attributes in process `syz.4.117'. [ 34.121975][ T3776] netlink: 28 bytes leftover after parsing attributes in process `syz.4.117'. [ 34.152898][ T3782] loop4: detected capacity change from 0 to 512 [ 34.192292][ T3782] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.208551][ T3782] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 34.252441][ T3323] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.421333][ T3845] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 34.872049][ T3856] mmap: syz.3.129 (3856) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 34.990000][ T29] kauditd_printk_skb: 177 callbacks suppressed [ 34.990060][ T29] audit: type=1400 audit(1766608223.450:314): avc: denied { create } for pid=3854 comm="syz.3.129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 35.249567][ T3877] netlink: 12 bytes leftover after parsing attributes in process `syz.2.134'. [ 35.317000][ T29] audit: type=1400 audit(1766608223.770:315): avc: denied { name_bind } for pid=3878 comm="syz.3.135" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 35.393666][ T3881] netlink: 12 bytes leftover after parsing attributes in process `syz.2.136'. [ 35.418786][ T29] audit: type=1400 audit(1766608223.880:316): avc: denied { create } for pid=3882 comm="syz.3.137" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 35.477688][ T29] audit: type=1400 audit(1766608223.900:317): avc: denied { ioctl } for pid=3882 comm="syz.3.137" path="socket:[5948]" dev="sockfs" ino=5948 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 35.509566][ T3886] netlink: 16 bytes leftover after parsing attributes in process `syz.3.139'. [ 35.559436][ T3891] vlan2: entered allmulticast mode [ 35.579055][ T3893] netlink: 'syz.2.142': attribute type 1 has an invalid length. [ 35.587124][ T3893] netlink: 4 bytes leftover after parsing attributes in process `syz.2.142'. [ 35.627600][ T29] audit: type=1400 audit(1766608224.080:318): avc: denied { bpf } for pid=3896 comm="syz.1.144" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 35.652215][ T29] audit: type=1400 audit(1766608224.080:319): avc: denied { perfmon } for pid=3896 comm="syz.1.144" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 35.691996][ T3899] bridge: RTM_NEWNEIGH with invalid ether address [ 35.693234][ T29] audit: type=1400 audit(1766608224.150:320): avc: denied { load_policy } for pid=3896 comm="syz.1.144" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 35.719306][ T3897] SELinux: failed to load policy [ 35.764329][ T3905] netlink: 4 bytes leftover after parsing attributes in process `syz.3.149'. [ 35.774367][ T29] audit: type=1400 audit(1766608224.230:321): avc: denied { read } for pid=3904 comm="syz.3.149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 35.934131][ T29] audit: type=1400 audit(1766608224.390:322): avc: denied { create } for pid=3912 comm="syz.1.151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 35.954092][ T29] audit: type=1400 audit(1766608224.390:323): avc: denied { getopt } for pid=3912 comm="syz.1.151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 35.999617][ T3915] loop1: detected capacity change from 0 to 512 [ 36.010809][ T3915] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.152: invalid indirect mapped block 4294967295 (level 1) [ 36.024841][ T3915] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.152: invalid indirect mapped block 4294967295 (level 1) [ 36.039430][ T3915] EXT4-fs (loop1): 2 truncates cleaned up [ 36.045523][ T3915] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.058888][ T3915] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.204269][ T3931] netlink: 'syz.1.158': attribute type 1 has an invalid length. [ 36.216037][ T3931] 8021q: adding VLAN 0 to HW filter on device bond1 [ 36.232040][ T3931] veth3: entered promiscuous mode [ 36.239232][ T3931] bond1: (slave veth3): Enslaving as an active interface with a down link [ 36.253193][ T3931] bond1: entered allmulticast mode [ 36.341579][ T3941] loop2: detected capacity change from 0 to 8192 [ 36.388294][ T3721] loop2: p1 p2 p3 p4 [ 36.395881][ T3947] bridge_slave_0: left allmulticast mode [ 36.401614][ T3947] bridge_slave_0: left promiscuous mode [ 36.407243][ T3947] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.409609][ T3721] loop2: p3 start 331777 is beyond EOD, truncated [ 36.420804][ T3721] loop2: p4 size 262144 extends beyond EOD, truncated [ 36.430025][ T3941] loop2: p1 p2 p3 p4 [ 36.433257][ T3947] bridge_slave_1: left allmulticast mode [ 36.434969][ T3941] loop2: p3 start 331777 is beyond EOD, truncated [ 36.439670][ T3947] bridge_slave_1: left promiscuous mode [ 36.439753][ T3947] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.446086][ T3941] loop2: p4 size 262144 extends beyond EOD, truncated [ 36.498298][ T3947] bond0: (slave bond_slave_0): Releasing backup interface [ 36.518747][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 36.529723][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 36.539848][ T3947] bond0: (slave bond_slave_1): Releasing backup interface [ 36.540772][ T3721] udevd[3721]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 36.562917][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 36.564462][ T3947] team0: Port device team_slave_0 removed [ 36.573724][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 36.589758][ T3721] udevd[3721]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 36.591620][ T3947] team0: Port device team_slave_1 removed [ 36.608263][ T3947] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 36.615660][ T3947] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 36.624555][ T3947] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 36.632118][ T3947] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 36.655736][ T3947] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 36.687146][ T3948] team0: Mode changed to "broadcast" [ 36.704561][ T3801] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.720179][ T3801] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.755346][ T3801] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.774483][ T3801] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.848739][ T3968] loop1: detected capacity change from 0 to 1024 [ 36.885366][ T3968] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 36.950465][ T3985] Zero length message leads to an empty skb [ 36.966180][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.028595][ T3996] sch_tbf: burst 1821 is lower than device lo mtu (65550) ! [ 37.435189][ T4077] netlink: 'syz.3.193': attribute type 1 has an invalid length. [ 37.466163][ T4077] bond_slave_0: entered promiscuous mode [ 37.471844][ T4077] bond_slave_1: entered promiscuous mode [ 37.478367][ T4077] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 37.486474][ T4077] bond1: (slave macvlan2): making interface the new active one [ 37.495063][ T4077] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 38.474997][ T4170] sch_tbf: burst 22 is lower than device lo mtu (82) ! [ 38.945620][ T4203] loop3: detected capacity change from 0 to 512 [ 38.957375][ T4203] ext4: Unknown parameter 'fowner' [ 39.124956][ T4213] loop2: detected capacity change from 0 to 1024 [ 39.125417][ T4216] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 39.131531][ T4213] EXT4-fs: Ignoring removed nobh option [ 39.143541][ T4215] IPVS: stopping master sync thread 4216 ... [ 39.229331][ T4213] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 39.257919][ T4213] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 39.278784][ T4213] EXT4-fs error (device loop2): ext4_get_journal_inode:5849: comm syz.2.215: inode #4294967295: comm syz.2.215: iget: illegal inode # [ 39.294724][ T4213] EXT4-fs (loop2): no journal found [ 39.299954][ T4213] EXT4-fs (loop2): can't get journal size [ 39.310030][ T4213] EXT4-fs (loop2): failed to initialize system zone (-22) [ 39.317159][ T4213] EXT4-fs (loop2): mount failed [ 39.379997][ T4213] netlink: 'syz.2.215': attribute type 13 has an invalid length. [ 39.465178][ T4213] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.472415][ T4213] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.533318][ T4213] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 39.551379][ T4213] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 39.675759][ T4214] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.024768][ T29] kauditd_printk_skb: 137 callbacks suppressed [ 40.024784][ T29] audit: type=1400 audit(1766608228.480:461): avc: denied { ioctl } for pid=4225 comm="gtp" path="socket:[6676]" dev="sockfs" ino=6676 ioctlcmd=0x48d4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 40.094500][ T4214] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.132015][ T4235] netlink: 'syz.4.222': attribute type 4 has an invalid length. [ 40.147773][ T4214] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.156637][ T4237] loop2: detected capacity change from 0 to 512 [ 40.158510][ T29] audit: type=1400 audit(1766608228.590:462): avc: denied { read write } for pid=4234 comm="syz.4.222" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 40.186351][ T29] audit: type=1400 audit(1766608228.590:463): avc: denied { open } for pid=4234 comm="syz.4.222" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 40.210003][ T29] audit: type=1326 audit(1766608228.590:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4236 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f996d05f749 code=0x7ffc0000 [ 40.233238][ T29] audit: type=1326 audit(1766608228.590:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4236 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f996d05f749 code=0x7ffc0000 [ 40.256493][ T29] audit: type=1326 audit(1766608228.590:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4236 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f996d05f749 code=0x7ffc0000 [ 40.268612][ T4237] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 40.279721][ T29] audit: type=1326 audit(1766608228.590:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4236 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f996d05df90 code=0x7ffc0000 [ 40.279747][ T29] audit: type=1326 audit(1766608228.600:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4236 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f996d05f749 code=0x7ffc0000 [ 40.279772][ T29] audit: type=1326 audit(1766608228.600:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4236 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f996d05f749 code=0x7ffc0000 [ 40.279838][ T29] audit: type=1326 audit(1766608228.600:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4236 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f996d05f749 code=0x7ffc0000 [ 40.340406][ T3841] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.364235][ T4237] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 40.410279][ T4233] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.432444][ T4237] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 40.446001][ T4237] EXT4-fs (loop2): 1 truncate cleaned up [ 40.454253][ T4233] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.464473][ T4237] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.525776][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.593633][ T4233] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.706871][ T4233] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.851459][ T4261] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.911647][ T4261] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.971428][ T4261] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.033144][ T4261] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.115615][ T4274] netlink: 'syz.2.239': attribute type 7 has an invalid length. [ 41.123963][ T4274] __nla_validate_parse: 4 callbacks suppressed [ 41.123975][ T4274] netlink: 8 bytes leftover after parsing attributes in process `syz.2.239'. [ 41.156914][ T4275] netlink: 'syz.1.238': attribute type 1 has an invalid length. [ 41.193407][ T3828] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.205105][ T3828] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.226520][ T3828] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.240114][ T3828] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.496943][ T3841] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.519218][ T3841] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.527414][ T3841] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.573804][ T3841] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.837751][ T4315] loop0: detected capacity change from 0 to 1024 [ 41.854748][ T4315] EXT4-fs: inline encryption not supported [ 41.870305][ T4315] EXT4-fs: Ignoring removed nobh option [ 41.940046][ T4315] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.990563][ T4315] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4215: comm wg1: Allocating blocks 385-513 which overlap fs metadata [ 42.025397][ T4315] EXT4-fs (loop0): pa ffff88810759c070: logic 16, phys. 129, len 24 [ 42.033529][ T4315] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5466: group 0, free 0, pa_free 8 [ 42.046849][ T4328] loop2: detected capacity change from 0 to 512 [ 42.048732][ T4315] EXT4-fs error (device loop0): mb_free_blocks:2037: group 0, inode 15: block 337:freeing already freed block (bit 21); block bitmap corrupt. [ 42.061875][ T4328] ext4: Unknown parameter 'fowner' [ 42.098342][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.309709][ T4356] netlink: 4 bytes leftover after parsing attributes in process `syz.4.267'. [ 42.327583][ T4356] netlink: 4 bytes leftover after parsing attributes in process `syz.4.267'. [ 42.699115][ T4393] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 43.097338][ T4431] netlink: 'syz.2.271': attribute type 1 has an invalid length. [ 43.156046][ T4442] netlink: 4 bytes leftover after parsing attributes in process `syz.2.271'. [ 43.193309][ T4431] 8021q: adding VLAN 0 to HW filter on device bond1 [ 43.211002][ T4442] bond1 (unregistering): Released all slaves [ 43.304993][ T4458] loop1: detected capacity change from 0 to 2048 [ 43.333665][ T4458] EXT4-fs (loop1): failed to initialize system zone (-117) [ 43.348461][ T4458] EXT4-fs (loop1): mount failed [ 43.363490][ T4350] syz.3.266 (4350) used greatest stack depth: 7080 bytes left [ 43.769218][ T4526] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 ! [ 43.818010][ T4532] netlink: 'syz.3.292': attribute type 1 has an invalid length. [ 43.830117][ T4532] 8021q: adding VLAN 0 to HW filter on device bond2 [ 43.846381][ T4532] veth3: entered promiscuous mode [ 43.853421][ T4532] bond2: (slave veth3): Enslaving as an active interface with a down link [ 43.867144][ T4532] bond2: entered allmulticast mode [ 44.513550][ T4558] netlink: 12 bytes leftover after parsing attributes in process `syz.4.302'. [ 44.760496][ T4572] netlink: 4 bytes leftover after parsing attributes in process `syz.1.308'. [ 45.660214][ T4694] loop4: detected capacity change from 0 to 2048 [ 45.688829][ T4694] EXT4-fs (loop4): failed to initialize system zone (-117) [ 45.708023][ T4694] EXT4-fs (loop4): mount failed [ 46.188857][ T29] kauditd_printk_skb: 389 callbacks suppressed [ 46.188871][ T29] audit: type=1400 audit(1766608234.650:860): avc: denied { bind } for pid=4737 comm="syz.4.323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 46.477806][ T29] audit: type=1400 audit(1766608234.710:861): avc: denied { block_suspend } for pid=4735 comm="syz.2.322" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 46.824304][ T29] audit: type=1400 audit(1766608235.280:862): avc: denied { create } for pid=4749 comm="syz.1.326" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 46.825403][ T4750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.326'. [ 46.861029][ T29] audit: type=1400 audit(1766608235.280:863): avc: denied { ioctl } for pid=4749 comm="syz.1.326" path="socket:[8284]" dev="sockfs" ino=8284 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 46.886099][ T29] audit: type=1400 audit(1766608235.280:864): avc: denied { connect } for pid=4749 comm="syz.1.326" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 46.905405][ T29] audit: type=1400 audit(1766608235.280:865): avc: denied { write } for pid=4749 comm="syz.1.326" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 47.097408][ T4758] loop1: detected capacity change from 0 to 2048 [ 47.155397][ T3308] loop1: p1 p3 p4 [ 47.166210][ T3308] loop1: p4 size 589824 extends beyond EOD, truncated [ 47.195989][ T29] audit: type=1326 audit(1766608235.650:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4766 comm="syz.4.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1038c4f749 code=0x7ffc0000 [ 47.225463][ T4758] loop1: p1 p3 p4 [ 47.230641][ T4758] loop1: p4 size 589824 extends beyond EOD, truncated [ 47.234445][ T29] audit: type=1326 audit(1766608235.680:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4766 comm="syz.4.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1038c4f749 code=0x7ffc0000 [ 47.252016][ T4755] pim6reg: entered allmulticast mode [ 47.261250][ T29] audit: type=1326 audit(1766608235.680:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4766 comm="syz.4.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1038c4f749 code=0x7ffc0000 [ 47.289836][ T29] audit: type=1326 audit(1766608235.680:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4766 comm="syz.4.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1038c4f749 code=0x7ffc0000 [ 47.307500][ T4755] pim6reg: left allmulticast mode [ 47.336845][ T4769] loop3: detected capacity change from 0 to 512 [ 47.352306][ T4769] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 47.399770][ T4769] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.423617][ T4769] ext4 filesystem being mounted at /87/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 47.461972][ T4772] loop0: detected capacity change from 0 to 2048 [ 47.497580][ T4772] EXT4-fs (loop0): failed to initialize system zone (-117) [ 47.506111][ T4772] EXT4-fs (loop0): mount failed [ 47.517202][ T4786] loop2: detected capacity change from 0 to 512 [ 47.528921][ T4786] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 47.538056][ T4786] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 47.556277][ T4788] netlink: 24 bytes leftover after parsing attributes in process `syz.4.337'. [ 47.566155][ T4786] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 47.582928][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.601675][ T4786] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 47.610647][ T4786] System zones: 0-2, 18-18, 34-35 [ 47.616235][ T4786] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.649473][ T4788] netlink: 4 bytes leftover after parsing attributes in process `syz.4.337'. [ 47.675625][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.771708][ T3424] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 47.780695][ T3424] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 47.860582][ T4808] fido_id[4808]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 47.915715][ T4818] bridge0: entered promiscuous mode [ 47.921591][ T4818] bridge0: port 1(macvtap1) entered blocking state [ 47.928174][ T4818] bridge0: port 1(macvtap1) entered disabled state [ 47.934850][ T4818] macvtap1: entered allmulticast mode [ 47.940929][ T4818] bridge0: entered allmulticast mode [ 47.948135][ T4818] macvtap1: left allmulticast mode [ 47.953299][ T4818] bridge0: left allmulticast mode [ 47.962791][ T4818] bridge0: left promiscuous mode [ 48.021784][ T4823] loop4: detected capacity change from 0 to 1024 [ 48.032701][ T4823] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 48.046029][ T4823] EXT4-fs error (device loop4): ext4_map_blocks:825: inode #3: block 1: comm syz.4.353: lblock 1 mapped to illegal pblock 1 (length 1) [ 48.060139][ T4823] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.353: Failed to acquire dquot type 0 [ 48.072302][ T4823] EXT4-fs error (device loop4): ext4_free_blocks:6728: comm syz.4.353: Freeing blocks not in datazone - block = 0, count = 4096 [ 48.085911][ T4823] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.353: Invalid inode bitmap blk 0 in block_group 0 [ 48.098942][ T4361] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:69: lblock 1 mapped to illegal pblock 1 (length 1) [ 48.099077][ T4823] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 48.122565][ T4823] EXT4-fs (loop4): 1 orphan inode deleted [ 48.128843][ T4823] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.134122][ T4361] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:69: Failed to release dquot type 0 [ 48.167232][ T3323] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.701086][ T4871] loop2: detected capacity change from 0 to 512 [ 48.709004][ T4871] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 48.731637][ T4871] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.744405][ T4871] ext4 filesystem being mounted at /65/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 48.774152][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.267350][ T4905] netlink: 'syz.1.387': attribute type 10 has an invalid length. [ 49.267399][ T3517] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 49.279146][ T4905] team0: Failed to send options change via netlink (err -105) [ 49.290027][ T4905] team0: Port device dummy0 added [ 49.299367][ T3517] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 49.324647][ T4906] fido_id[4906]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 49.428584][ T4919] netlink: 4 bytes leftover after parsing attributes in process `syz.4.393'. [ 49.463139][ T4921] bridge: RTM_NEWNEIGH with invalid ether address [ 49.477440][ T4922] bond1: left allmulticast mode [ 49.482885][ T4922] veth3: left promiscuous mode [ 49.500385][ T4924] @: renamed from vlan0 (while UP) [ 49.543969][ T4932] netlink: 'syz.4.399': attribute type 7 has an invalid length. [ 49.551695][ T4932] netlink: 8 bytes leftover after parsing attributes in process `syz.4.399'. [ 50.081500][ T4942] syz.4.404 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 50.095597][ T4942] CPU: 0 UID: 0 PID: 4942 Comm: syz.4.404 Not tainted syzkaller #0 PREEMPT(voluntary) [ 50.095613][ T4942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 50.095620][ T4942] Call Trace: [ 50.095628][ T4942] [ 50.095633][ T4942] __dump_stack+0x1d/0x30 [ 50.095651][ T4942] dump_stack_lvl+0x95/0xd0 [ 50.095663][ T4942] dump_stack+0x15/0x1b [ 50.095715][ T4942] dump_header+0x81/0x240 [ 50.095727][ T4942] oom_kill_process+0x295/0x350 [ 50.095740][ T4942] out_of_memory+0x97b/0xb80 [ 50.095753][ T4942] try_charge_memcg+0x610/0xa10 [ 50.095847][ T4942] obj_cgroup_charge_pages+0xa6/0x150 [ 50.095863][ T4942] __memcg_kmem_charge_page+0x9f/0x170 [ 50.095936][ T4942] __alloc_frozen_pages_noprof+0x18f/0x360 [ 50.096031][ T4942] alloc_pages_mpol+0xb3/0x260 [ 50.096048][ T4942] alloc_pages_noprof+0x90/0x130 [ 50.096064][ T4942] __vmalloc_node_range_noprof+0xa7b/0x1310 [ 50.096205][ T4942] __kvmalloc_node_noprof+0x492/0x6b0 [ 50.096220][ T4942] ? ip_set_alloc+0x24/0x30 [ 50.096236][ T4942] ? ip_set_alloc+0x24/0x30 [ 50.096314][ T4942] ip_set_alloc+0x24/0x30 [ 50.096329][ T4942] hash_netiface_create+0x282/0x740 [ 50.096399][ T4942] ? __pfx_hash_netiface_create+0x10/0x10 [ 50.096416][ T4942] ip_set_create+0x3cc/0x970 [ 50.096488][ T4942] ? __nla_parse+0x40/0x60 [ 50.096503][ T4942] nfnetlink_rcv_msg+0x4c6/0x590 [ 50.096607][ T4942] netlink_rcv_skb+0x123/0x220 [ 50.096623][ T4942] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 50.096721][ T4942] nfnetlink_rcv+0x167/0x16c0 [ 50.096735][ T4942] ? kmem_cache_free+0xe3/0x3a0 [ 50.096749][ T4942] ? __kfree_skb+0x109/0x150 [ 50.096762][ T4942] ? nlmon_xmit+0x4f/0x60 [ 50.096823][ T4942] ? consume_skb+0x49/0x150 [ 50.096836][ T4942] ? nlmon_xmit+0x4f/0x60 [ 50.096846][ T4942] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 50.096863][ T4942] ? __dev_queue_xmit+0x138d/0x1ec0 [ 50.096885][ T4942] ? __dev_queue_xmit+0x148/0x1ec0 [ 50.096901][ T4942] ? ref_tracker_free+0x37d/0x3e0 [ 50.096916][ T4942] ? __netlink_deliver_tap+0x4dc/0x500 [ 50.096965][ T4942] netlink_unicast+0x5c0/0x690 [ 50.096981][ T4942] netlink_sendmsg+0x58b/0x6b0 [ 50.096999][ T4942] ? __pfx_netlink_sendmsg+0x10/0x10 [ 50.097024][ T4942] __sock_sendmsg+0x145/0x180 [ 50.097062][ T4942] ____sys_sendmsg+0x31e/0x4a0 [ 50.097078][ T4942] ___sys_sendmsg+0x17b/0x1d0 [ 50.097100][ T4942] __x64_sys_sendmsg+0xd4/0x160 [ 50.097195][ T4942] x64_sys_call+0x17ba/0x3000 [ 50.097272][ T4942] do_syscall_64+0xca/0x2b0 [ 50.097291][ T4942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.097303][ T4942] RIP: 0033:0x7f1038c4f749 [ 50.097318][ T4942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.097328][ T4942] RSP: 002b:00007f10376af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 50.097393][ T4942] RAX: ffffffffffffffda RBX: 00007f1038ea5fa0 RCX: 00007f1038c4f749 [ 50.097401][ T4942] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003 [ 50.097408][ T4942] RBP: 00007f1038cd3f91 R08: 0000000000000000 R09: 0000000000000000 [ 50.097415][ T4942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.097422][ T4942] R13: 00007f1038ea6038 R14: 00007f1038ea5fa0 R15: 00007ffd0c0f1478 [ 50.097432][ T4942] [ 50.097436][ T4942] memory: usage 307200kB, limit 307200kB, failcnt 251 [ 50.425269][ T4942] memory+swap: usage 307396kB, limit 9007199254740988kB, failcnt 0 [ 50.433282][ T4942] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 50.440718][ T4942] Memory cgroup stats for /syz4: [ 50.441397][ T4942] cache 0 [ 50.449384][ T4942] rss 0 [ 50.452137][ T4942] shmem 0 [ 50.455045][ T4942] mapped_file 0 [ 50.459186][ T4942] dirty 0 [ 50.462119][ T4942] writeback 0 [ 50.465384][ T4942] workingset_refault_anon 22 [ 50.470056][ T4942] workingset_refault_file 129 [ 50.474724][ T4942] swap 200704 [ 50.478045][ T4942] swapcached 0 [ 50.481471][ T4942] pgpgin 16783 [ 50.484821][ T4942] pgpgout 16783 [ 50.488962][ T4942] pgfault 29047 [ 50.492415][ T4942] pgmajfault 16 [ 50.492655][ T4957] netlink: 8 bytes leftover after parsing attributes in process `syz.3.409'. [ 50.495892][ T4942] inactive_anon 0 [ 50.504657][ T4957] netlink: 'syz.3.409': attribute type 30 has an invalid length. [ 50.508296][ T4942] active_anon 0 [ 50.520026][ T4942] inactive_file 0 [ 50.523724][ T4942] active_file 0 [ 50.527244][ T4942] unevictable 0 [ 50.530717][ T4942] hierarchical_memory_limit 314572800 [ 50.536083][ T4942] hierarchical_memsw_limit 9223372036854771712 [ 50.542251][ T4942] total_cache 0 [ 50.545755][ T4942] total_rss 0 [ 50.549793][ T4942] total_shmem 0 [ 50.553238][ T4942] total_mapped_file 0 [ 50.557188][ T4942] total_dirty 0 [ 50.559046][ T3812] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 50.560672][ T4942] total_writeback 0 [ 50.572593][ T4942] total_workingset_refault_anon 22 [ 50.577688][ T4942] total_workingset_refault_file 129 [ 50.579553][ T3812] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 50.583536][ T4942] total_swap 200704 [ 50.592458][ T3812] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 50.595553][ T4942] total_swapcached 0 [ 50.603758][ T3812] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 50.607521][ T4942] total_pgpgin 16783 [ 50.619999][ T4942] total_pgpgout 16783 [ 50.623966][ T4942] total_pgfault 29047 [ 50.627987][ T4942] total_pgmajfault 16 [ 50.632038][ T4942] total_inactive_anon 0 [ 50.636217][ T4942] total_active_anon 0 [ 50.640838][ T4942] total_inactive_file 0 [ 50.644979][ T4942] total_active_file 0 [ 50.648969][ T4942] total_unevictable 0 [ 50.652934][ T4942] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.404,pid=4941,uid=0 [ 50.667527][ T4942] Memory cgroup out of memory: Killed process 4941 (syz.4.404) total-vm:96016kB, anon-rss:1216kB, file-rss:22184kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 51.208432][ T29] kauditd_printk_skb: 305 callbacks suppressed [ 51.208444][ T29] audit: type=1400 audit(1766608239.670:1172): avc: denied { unlink } for pid=5015 comm="rm" name="resolv.conf.cfptm0.link" dev="tmpfs" ino=2601 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 51.298666][ T29] audit: type=1400 audit(1766608239.730:1173): avc: denied { name_bind } for pid=5027 comm="syz.0.427" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 51.440106][ T29] audit: type=1326 audit(1766608239.900:1174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5042 comm="syz.1.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547baaf749 code=0x7ffc0000 [ 51.493676][ T29] audit: type=1326 audit(1766608239.930:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5042 comm="syz.1.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547baaf749 code=0x7ffc0000 [ 51.517166][ T29] audit: type=1326 audit(1766608239.930:1176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5042 comm="syz.1.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f547baaf749 code=0x7ffc0000 [ 51.541029][ T29] audit: type=1326 audit(1766608239.930:1177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5042 comm="syz.1.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547baaf749 code=0x7ffc0000 [ 51.564341][ T29] audit: type=1326 audit(1766608239.930:1178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5042 comm="syz.1.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547baaf749 code=0x7ffc0000 [ 51.588300][ T29] audit: type=1326 audit(1766608239.930:1179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5042 comm="syz.1.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f547baaf749 code=0x7ffc0000 [ 51.611664][ T29] audit: type=1326 audit(1766608239.930:1180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5042 comm="syz.1.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547baaf749 code=0x7ffc0000 [ 51.635627][ T29] audit: type=1326 audit(1766608239.930:1181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5042 comm="syz.1.431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547baaf749 code=0x7ffc0000 [ 51.636278][ T5047] loop3: detected capacity change from 0 to 2048 [ 51.708171][ T5047] loop3: p1 p3 p4 [ 51.716737][ T5047] loop3: p4 size 589824 extends beyond EOD, truncated [ 51.741094][ T5047] pim6reg: entered allmulticast mode [ 51.753684][ T5047] pim6reg: left allmulticast mode [ 51.918176][ T5076] netlink: 'syz.3.439': attribute type 1 has an invalid length. [ 51.955270][ T5076] 8021q: adding VLAN 0 to HW filter on device bond3 [ 51.962357][ T5049] loop0: detected capacity change from 0 to 512 [ 51.977553][ T5049] EXT4-fs (loop0): failed to initialize system zone (-117) [ 51.985370][ T5049] EXT4-fs (loop0): mount failed [ 51.992426][ T5082] team0: entered promiscuous mode [ 51.997467][ T5082] team_slave_0: entered promiscuous mode [ 52.003188][ T5082] team_slave_1: entered promiscuous mode [ 52.098121][ T5082] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.108973][ T5082] bond3: (slave team0): making interface the new active one [ 52.118615][ T5082] bond3: (slave team0): Enslaving as an active interface with an up link [ 52.222232][ T5093] netlink: 96 bytes leftover after parsing attributes in process `syz.0.444'. [ 52.435646][ T5099] loop0: detected capacity change from 0 to 2048 [ 52.528642][ T3721] loop0: p1 p3 p4 [ 52.537178][ T3721] loop0: p4 size 589824 extends beyond EOD, truncated [ 52.552883][ T5099] loop0: p1 p3 p4 [ 52.563293][ T5099] loop0: p4 size 589824 extends beyond EOD, truncated [ 52.570996][ T5106] loop3: detected capacity change from 0 to 1024 [ 52.605155][ T5106] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 52.608982][ T5099] pim6reg: entered allmulticast mode [ 52.624904][ T5099] pim6reg: left allmulticast mode [ 52.638645][ T5106] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.693524][ T3721] udevd[3721]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 52.709151][ T4770] udevd[4770]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 52.735563][ T5106] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. [ 52.737227][ T4770] udevd[4770]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 52.788114][ T5121] netlink: 'syz.1.453': attribute type 15 has an invalid length. [ 52.792779][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.795859][ T5121] netlink: 24 bytes leftover after parsing attributes in process `syz.1.453'. [ 52.909189][ T5137] netlink: 4 bytes leftover after parsing attributes in process `syz.1.455'. [ 52.937767][ T5137] bridge_slave_1: left allmulticast mode [ 52.943415][ T5137] bridge_slave_1: left promiscuous mode [ 52.949914][ T5137] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.958328][ T5137] bridge_slave_0: left allmulticast mode [ 52.964046][ T5137] bridge_slave_0: left promiscuous mode [ 52.969727][ T5137] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.972483][ T5143] netlink: 'syz.2.456': attribute type 1 has an invalid length. [ 53.162038][ T5143] 8021q: adding VLAN 0 to HW filter on device bond1 [ 53.174830][ T5159] team0: entered promiscuous mode [ 53.180016][ T5159] team_slave_0: entered promiscuous mode [ 53.185947][ T5159] team_slave_1: entered promiscuous mode [ 53.212071][ T5159] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.227529][ T5159] bond1: (slave team0): Enslaving as an active interface with a down link [ 53.328386][ T5206] cgroup: noprefix used incorrectly [ 53.820906][ T5300] netlink: 'syz.1.472': attribute type 1 has an invalid length. [ 53.834280][ T5300] 8021q: adding VLAN 0 to HW filter on device bond2 [ 53.848457][ T5300] team0: entered promiscuous mode [ 53.853505][ T5300] team_slave_0: entered promiscuous mode [ 53.859262][ T5300] team_slave_1: entered promiscuous mode [ 53.865391][ T5300] dummy0: entered promiscuous mode [ 53.871861][ T5300] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.882480][ T5300] bond2: (slave team0): Enslaving as an active interface with a down link [ 54.001357][ T5306] netlink: 28 bytes leftover after parsing attributes in process `syz.1.483'. [ 54.189585][ T5321] netlink: 68 bytes leftover after parsing attributes in process `syz.3.480'. [ 55.088596][ T5406] loop0: detected capacity change from 0 to 128 [ 55.101246][ T5400] loop1: detected capacity change from 0 to 1024 [ 55.109937][ T5406] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 55.156379][ T5406] ext4 filesystem being mounted at /83/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 55.174037][ T5400] EXT4-fs: inline encryption not supported [ 55.179965][ T5400] EXT4-fs: Ignoring removed i_version option [ 55.215182][ T5400] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 55.263327][ T5400] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 2: comm syz.1.500: lblock 2 mapped to illegal pblock 2 (length 1) [ 55.278675][ T3319] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 55.298593][ T5400] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 48: comm syz.1.500: lblock 0 mapped to illegal pblock 48 (length 1) [ 55.355587][ T5400] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.500: Failed to acquire dquot type 0 [ 55.406174][ T5400] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6298: Corrupt filesystem [ 55.432590][ T5400] EXT4-fs error (device loop1): ext4_evict_inode:253: inode #11: comm syz.1.500: mark_inode_dirty error [ 55.445546][ T5400] EXT4-fs warning (device loop1): ext4_evict_inode:256: couldn't mark inode dirty (err -117) [ 55.455821][ T5400] EXT4-fs (loop1): 1 orphan inode deleted [ 55.461933][ T5400] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.474099][ T3819] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:51: lblock 1 mapped to illegal pblock 1 (length 1) [ 55.474194][ T3819] EXT4-fs error (device loop1): ext4_release_dquot:7022: comm kworker/u8:51: Failed to release dquot type 0 [ 55.514917][ T5400] netlink: 32 bytes leftover after parsing attributes in process `syz.1.500'. [ 55.523895][ T5400] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 55.641866][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.672079][ T3315] EXT4-fs error (device loop1): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 55.684948][ T3315] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6298: Corrupt filesystem [ 55.694524][ T3315] EXT4-fs error (device loop1): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error [ 55.754442][ T5403] Set syz1 is full, maxelem 65536 reached [ 55.947074][ T3423] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 55.970202][ T3423] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 55.992934][ T5465] loop1: detected capacity change from 0 to 2048 [ 56.040193][ T5478] netlink: 24 bytes leftover after parsing attributes in process `syz.0.515'. [ 56.055471][ T5465] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.145002][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.222358][ T5502] loop0: detected capacity change from 0 to 1024 [ 56.301558][ T5502] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 56.315120][ T5502] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.545949][ T5502] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. [ 56.670800][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.829157][ T5562] netlink: 131740 bytes leftover after parsing attributes in process `syz.0.526'. [ 56.847506][ T5562] netlink: zone id is out of range [ 56.853481][ T5562] netlink: zone id is out of range [ 56.863692][ T5562] netlink: zone id is out of range [ 56.868909][ T5562] netlink: zone id is out of range [ 56.885585][ T5562] netlink: zone id is out of range [ 56.898157][ T5562] netlink: zone id is out of range [ 56.912423][ T5562] netlink: del zone limit has 8 unknown bytes [ 56.994530][ T5567] netlink: 24 bytes leftover after parsing attributes in process `syz.0.527'. [ 57.003640][ T5567] IPVS: Error connecting to the multicast addr [ 57.162331][ T29] kauditd_printk_skb: 68 callbacks suppressed [ 57.162344][ T29] audit: type=1400 audit(1766608245.620:1247): avc: denied { listen } for pid=5568 comm="syz.0.538" lport=43311 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 57.287938][ T29] audit: type=1400 audit(1766608245.650:1248): avc: denied { accept } for pid=5568 comm="syz.0.538" lport=43311 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 57.453801][ T29] audit: type=1326 audit(1766608245.910:1249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5576 comm="syz.0.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0fe9b0f749 code=0x7ffc0000 [ 57.481495][ T5577] loop4: detected capacity change from 0 to 128 [ 57.508954][ T5577] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 57.520985][ T29] audit: type=1326 audit(1766608245.910:1250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5576 comm="syz.0.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0fe9b0f749 code=0x7ffc0000 [ 57.544992][ T29] audit: type=1326 audit(1766608245.910:1251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5576 comm="syz.0.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0fe9b0f749 code=0x7ffc0000 [ 57.568994][ T29] audit: type=1326 audit(1766608245.940:1252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5576 comm="syz.0.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0fe9b0f749 code=0x7ffc0000 [ 57.592399][ T29] audit: type=1326 audit(1766608245.940:1253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5576 comm="syz.0.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0fe9b0f749 code=0x7ffc0000 [ 57.616399][ T29] audit: type=1326 audit(1766608245.940:1254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5576 comm="syz.0.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0fe9b0f749 code=0x7ffc0000 [ 57.640395][ T29] audit: type=1326 audit(1766608245.940:1255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5576 comm="syz.0.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0fe9b0f749 code=0x7ffc0000 [ 57.649819][ T5577] ext4 filesystem being mounted at /98/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 57.663739][ T29] audit: type=1326 audit(1766608245.940:1256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5576 comm="syz.0.541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0fe9b0f749 code=0x7ffc0000 [ 57.787591][ T3323] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 57.790823][ T5585] loop0: detected capacity change from 0 to 128 [ 57.866861][ T5585] FAT-fs (loop0): bogus logical sector size 2134 [ 57.873363][ T5585] FAT-fs (loop0): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 57.882702][ T5585] FAT-fs (loop0): Can't find a valid FAT filesystem [ 57.914450][ T5585] netlink: 372 bytes leftover after parsing attributes in process `syz.0.532'. [ 58.013932][ T5595] loop0: detected capacity change from 0 to 1024 [ 58.076498][ T5595] EXT4-fs: Ignoring removed oldalloc option [ 58.082595][ T5595] EXT4-fs: Ignoring removed bh option [ 58.149306][ T5595] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.488582][ T5604] ================================================================== [ 58.496687][ T5604] BUG: KCSAN: data-race in __xa_set_mark / xas_find_marked [ 58.503903][ T5604] [ 58.506224][ T5604] write to 0xffff88811b19a164 of 4 bytes by task 5595 on cpu 0: [ 58.513840][ T5604] __xa_set_mark+0x172/0x1a0 [ 58.518426][ T5604] __folio_mark_dirty+0x384/0x4a0 [ 58.523468][ T5604] mark_buffer_dirty+0x11e/0x210 [ 58.528409][ T5604] block_write_end+0x12d/0x210 [ 58.533176][ T5604] ext4_write_end+0x134/0x730 [ 58.537855][ T5604] ext4_da_write_end+0x65/0x800 [ 58.542710][ T5604] generic_perform_write+0x312/0x490 [ 58.547997][ T5604] ext4_buffered_write_iter+0x1ee/0x3c0 [ 58.553548][ T5604] ext4_file_write_iter+0x387/0xf60 [ 58.558746][ T5604] iter_file_splice_write+0x66b/0xa20 [ 58.564109][ T5604] direct_splice_actor+0x156/0x2a0 [ 58.569214][ T5604] splice_direct_to_actor+0x312/0x680 [ 58.574584][ T5604] do_splice_direct+0xda/0x150 [ 58.579343][ T5604] do_sendfile+0x380/0x650 [ 58.583764][ T5604] __x64_sys_sendfile64+0x105/0x150 [ 58.588960][ T5604] x64_sys_call+0x2db1/0x3000 [ 58.593641][ T5604] do_syscall_64+0xca/0x2b0 [ 58.598153][ T5604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.604036][ T5604] [ 58.606357][ T5604] read to 0xffff88811b19a164 of 4 bytes by task 5604 on cpu 1: [ 58.613895][ T5604] xas_find_marked+0x5dc/0x620 [ 58.618674][ T5604] find_get_entry+0x5d/0x380 [ 58.623266][ T5604] filemap_get_folios_tag+0x92/0x210 [ 58.628545][ T5604] file_write_and_wait_range+0x1ea/0x2c0 [ 58.634176][ T5604] generic_buffers_fsync_noflush+0x45/0x130 [ 58.640069][ T5604] ext4_sync_file+0x1ab/0x690 [ 58.644738][ T5604] vfs_fsync_range+0x10d/0x130 [ 58.649515][ T5604] ext4_buffered_write_iter+0x34f/0x3c0 [ 58.655075][ T5604] ext4_file_write_iter+0x387/0xf60 [ 58.660285][ T5604] iter_file_splice_write+0x66b/0xa20 [ 58.665654][ T5604] direct_splice_actor+0x156/0x2a0 [ 58.670766][ T5604] splice_direct_to_actor+0x312/0x680 [ 58.676139][ T5604] do_splice_direct+0xda/0x150 [ 58.680902][ T5604] do_sendfile+0x380/0x650 [ 58.685326][ T5604] __x64_sys_sendfile64+0x105/0x150 [ 58.690520][ T5604] x64_sys_call+0x2db1/0x3000 [ 58.695202][ T5604] do_syscall_64+0xca/0x2b0 [ 58.699713][ T5604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.705601][ T5604] [ 58.707917][ T5604] value changed: 0x04000021 -> 0x0e000021 [ 58.713626][ T5604] [ 58.715937][ T5604] Reported by Kernel Concurrency Sanitizer on: [ 58.722074][ T5604] CPU: 1 UID: 0 PID: 5604 Comm: syz.0.535 Not tainted syzkaller #0 PREEMPT(voluntary) [ 58.731708][ T5604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 58.741751][ T5604] ================================================================== [ 58.848963][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.