last executing test programs: 7.891081559s ago: executing program 4 (id=192): prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='gtp\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x2}, 0x18) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f00000005c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="a1ab23bd7000fdffffff3200000008001701"], 0x24}, 0x1, 0x0, 0x0, 0x850}, 0x20024080) 7.78920302s ago: executing program 4 (id=194): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2060, 0x0) fcntl$setlease(r1, 0x400, 0x0) fsetxattr$trusted_overlay_redirect(r1, &(0x7f0000000040), 0x0, 0x0, 0x0) fremovexattr(r1, &(0x7f00000000c0)=@known='trusted.overlay.redirect\x00') 7.71531582s ago: executing program 4 (id=197): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8d}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$selinux_access(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a706f6c69e3795f7372635f743a7330202f7573722f7362696e2f637570732d62726f777325642034"], 0x4e) 7.65695034s ago: executing program 4 (id=198): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000001080)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x40000005, 0x4) recvmmsg(r0, &(0x7f0000003900)=[{{0x0, 0x0, 0x0}, 0x2d}], 0x1, 0x10002, 0x0) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f00000001c0)=0x7f, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x4000, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 7.5123147s ago: executing program 4 (id=206): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f00000000c0)={[{@quota}, {@bsdgroups}, {@nouid32}, {@errors_remount}, {@jqfmt_vfsv1}, {@oldalloc}, {@stripe={'stripe', 0x3d, 0x5}}]}, 0x2, 0x46b, &(0x7f0000000580)="$eJzs3M1vFOUfAPDvzLbw+/HWivgColaJsfGlpQWVgxeNJh4wmugB9VTbQgiFGloTIUSqMXgxMSR6Vo8m/gXevBj1ZGLiSe+GhCgX0FPNzM5Ad9ltt3TZrd3PJxl4nn2e7TzfPvPMPDPPbgPoWUPZP0nEtoj4LSIGqtnaCkPV/65dOTf595Vzk0ksLr72Z5LXu3rl3GRZtXzf1iIznEakHyXFTmrNnTl7YmJmZvp0kR+dP/nO6NyZs08ePzlxbPrY9KnxQ4cOHhh75unxp9oSZxbX1T3vz+7d/dIbF1+ePHLx7R+/ydq7rShfGsct2XTzS0NZ4H8t5urLHon/r2l36832Jemkr4sNYVUqEZF1V38+/geiEjc6byBe/LCrjQNuq+zatLl58cIisIEl0e0WAN1RXuiz+99y69DUY124/Fz1BiiL+1qxVUv6Ii3q9Nfd37bTUEQcWfjni2yLdjyHAABYwSeTnx+OJxrN/9K4e0m9HcUaymBE3BEROyPizojYFRF3ReR174mIe1e5//qloZvnP+mlWwqsRdn879libat2/lfO/mKwUuS25/H3J0ePz0zvL34nw9G/OcuPLbOP71745dNmZUvnf9mW7b+cCxbtuNRX94BuamJ+Ip+UtsHlDyL29DWKP7m+EpBExO6I2LO6H72jTBx/7Ou9zSqtHP8y2rDOtPhVxKPV/l+IuvhLyfLrk6P/i5np/aPlUXGzn36+8Gqz/a8p/jbI+n9L7fFflHx5pkgMvrV0vXYuVr1yeeH3j5ve09zq8b8peT0/H5XLru9NzM+fHovYlBzO8zWvj994b5kv62fxD+9rPP53Fu/J+v++iMgO4vsj4oGIeLBo+0MR8XBE7Fsm/h+eb162Hvp/quH57/rxP5jU9P/qE5UT33/bbP+t9f/BPDVcvJKf/1bQagPX8rsDAACA/4o0/wx8ko5cT6fpyEj1M/y7Yks6Mzs3//jR2XdPTVU/Kz8Y/Wn5pGtgyfPQsWSh+InV/HjxrLgsP1A8N/6sEnl+ZHJ2ZqrLsUOv29pk/Gf+qHS7dcBt12gdbbzBF9qAjad+/Ke12fOvdLIxQEf5vjb0rhXGf9qpdgCd5/oPvavR+D9fl7cWABuT6z/0LuMfepfxD72rbvxX4tdutQTooLV8r1+ilxORrotmtJRo/e9B3O7Em+ujGS0kun1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI9/AwAA//9sbvBf") bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x31, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0xffffffffffffff72) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0x3, 0x2}, {0x9, 0x56}]}, 0x18, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) 7.353613511s ago: executing program 4 (id=214): r0 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1004}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xeb48195b69e85694, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r2, 0x0, 0x5}, 0x18) write$selinux_context(r0, 0x0, 0x0) 1.491081366s ago: executing program 2 (id=387): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x10007ffffffff}, 0x18) shmget$private(0x0, 0x8000, 0x10, &(0x7f0000ff5000/0x8000)=nil) 1.410944596s ago: executing program 2 (id=389): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x4, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.313722886s ago: executing program 3 (id=393): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps\x00') mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net\x00') fchdir(r0) exit(0xffff) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) 1.257298176s ago: executing program 2 (id=396): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) fchdir(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000024c0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000080)=@abs={0x1, 0x30}, 0x6e, 0x0}}], 0x2, 0xe0) 461.607948ms ago: executing program 3 (id=414): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x9c, 0xb, 0x0, 0xffffffffffffffff, 0x327}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000000) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000af8010000120a010200000000000000000200fffe0900020073797a310000000008000440000000000900010073797a30000000000800034000000008"], 0x220}, 0x1, 0x0, 0x0, 0x890}, 0x0) 392.577709ms ago: executing program 3 (id=417): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xb, &(0x7f0000000900)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x9}, 0x18) r1 = socket$key(0xf, 0x3, 0x2) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2010008, &(0x7f00000001c0), 0xff, 0x531, &(0x7f0000000640)="$eJzs3cFvI1cZAPBvnDib7GabFDhApZZCi7IVrJ00tI04lCIhOFVClPsSEieK4sRR7LSbqILsX4CEECBxggsXJP4AJLQSF44IqRKcQSoCIdiCBAfoINvjJDjjxFuceNf5/aTZeW/GM9/3vHnjGc/TOIAr69mIeC0i3k/T9IWImMmWF7IpDttT83XvPXh7pTklkaZv/DWJJFvW2VeSzW9km01GxFe/HPGN5HTc+v7B5nK1WtnN6uXG1k65vn9we2Nreb2yXtleXFx4eemVpZeW5gfSzpsR8eoX//i9b//kS6/+4jNv/eHOn299s5nWdLb+ZDse0vhZK9tNL16b7Npg9wMGexQ121PsVKb62+beBeYDAEBvzXP8D0XEJyPihZiJsbNPZwEAAIDHUPr56fh3EpHmm+ixHAAAAHiMFFpjYJNCKRsLMB2FQqnUHsP7kbheqNbqjU+v1fa2V9tjZWejWFjbqFbms7HCs1FMmvWFVvm4/mJXfTEinoyI785MteqllVp1ddhffgAAAMAVcaPr+v8fM+3rfwAAAGDEzA47AQAAAODCuf4HAACA0ef6HwAAAEbaV15/vTmlnd+/Xn1zf2+z9ubt1Up9s7S1t1Jaqe3ulNZrtfXWM/u2zttftVbb+Wxs790tNyr1Rrm+f3Bnq7a33bizEZOX0iAAAADglCc/fv93SUQcfm6qNTVNDDsp4FKMH5WSbJ7T+3//RHv+7iUlBVyKsT5e8+61/OXOE+DxNt69oEdfB0ZPcdgJAEOXnLO+5+CdX2fzTww2HwAAYPDmPpZ///+864GIw8IlpAdcIJ0Yrq6u+//pzLASAS5d6/5/vwN5nCzASCn2NQIQGGX/9/3/c6XpQyUEAAAM3HRrSgql7Ou96SgUSqWIm62fBSgmaxvVynxEPBERv50pXmvWF1pbJn2MEQAAAAAAAAAAAAAAAAAAAAAAAAAAovVU7iRSAAAAYKRFFP6U/LL9LP+5meenu78fmEj+1fpJ4ImIeOuHb3z/7nKjsbvQXP63o+WNH2TLXxzGNxgAAABAt851emv+z2FnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCoee/B2yudqY+XTw0q7l++EBGzefHHY7I1n4xiRFz/exLjJ7ZLImJsAPEP70XER/PiJ820jkLmxR/Em3BO/JjN3oW8+DcGEB+usvvN489ref2vEM+25vn9bzzif+ofVO/jXxwd/8Z69P+bfcZ46p2flXvGvxfx1Hj+8acTP+kR/7k+43/9awcHvdalP4qY63z+tI54JyMcl8qNrZ1yff/g9sbW8nplvbK9uLjw8tIrSy8tzZfXNqqV7N/cGN95+ufvn9X+67mff0mWTe/2P5+zv7zPpP+8c/fBhzuVw9Pxbz2XE/9XP85ecTp+IYvzqazcXD/XKR+2yyc989PfPHNW+1eP2198mP//W7122u1UR3m63z8dAOAC1PcPNper1cruyBaaV+mPQBoKj2DhWwPdYZqmabNP5ay6HxH97CeJAbe0kJ/PcaHnEWDYRyYAAGDQjk/6h50JAAAAAAAAAAAAAAAAAAAAXF2X8ZS17pjHj0BOBvEIbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgfhvAAAA//89e9P5") sendmsg$key(r1, &(0x7f0000000400)={0x10000000, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="020e0080150000000000000000000000030005000000000002004e24ac1e00010000000000000000030006003c000000020000fc34000000000000000000000001001800000000000800120000000200fcffffff000000000600330000000000000000000000eafffd8000000000000000000000000000aa000000000000000000000000000000000400"], 0xa8}}, 0x2) ioperm(0x0, 0xd, 0x4000000000000020) 382.227369ms ago: executing program 1 (id=418): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x18, 0x7ffc1fff}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x21, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) rt_sigqueueinfo(0x0, 0x2b, 0x0) 369.528489ms ago: executing program 2 (id=419): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='kfree\x00', r0}, 0x18) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_read_part_table(0x5fb, &(0x7f0000000c40)="$eJzs1D+IHFUYAPBvZmdndi8X9hDFwsbiSBUNWKXIgijHdrkUKhbaCqddQCHFsuvl6qiVXfxHQK45sA7EIuSKQODAQlKk8RAs/UdYLJ7M7K5uDgXRlcvB71e8nffN+773dvneBidaHu36I43+iHSOLsnqoTV/Sr14qtvEq1Px6u5GFc9easU7p2NaaKbMUxZRRaRqmlZF5GU9bRfzNQef3X35p921soz9h72/O994esiIZs+qLl3OQsVyfgFOsr3+nV5r5/Lg2rxt38oiHsatlyJSbW0WvplHN978IZoGb3qp+HUZLbTXrxY6f3i4fnD+xr20+eP11WjvH0zeW3+h11yCbH6RHvX9yr/Ys674F7U4Bi9m44i6/670t74dDA8/eXL7/vbk4pkv3z03KuL26OcUw48j4peszCNaX6eUIt4eR7v5Q512IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDLs9e9MYmdlIfLcxjMfbKSPvvv8wui1py+8nrcjIov024fPx6kjyXm+jP17Vzvt2Wx42I7zN+69sRndWWT+5mwWnYhIo+sRg/I/b8tj5OrO5cG1K/2t2XS8Pbl45qs4d/aJ+7dHWRPqRlp7JCWL6hgOCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcCKejM39M9VDEyp8vs8WVeRPZrCLiwaflVhF53N299eCblIr99S8uVdNVN1djNaK1kFbnvdLqLFR8v6jH1v/6vfhnfg8AAP//oBttgw==") 355.303309ms ago: executing program 0 (id=420): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000007000000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x5}, 0x2004c000) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}}, 0x24004801) sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0) 317.318179ms ago: executing program 1 (id=421): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000001c0)={r1, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x1, @multicast}, 0x2b) r2 = socket$netlink(0x10, 0x3, 0x4) write(r2, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) 300.347069ms ago: executing program 0 (id=422): r0 = socket$inet_sctp(0x2, 0x5, 0x84) close(r0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e24, @private=0xa010100}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) sendmsg$inet_sctp(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000440)="d8", 0x1}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r2}}], 0x20, 0x2400e044}, 0x0) 264.447379ms ago: executing program 1 (id=423): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x6, 0x0, 0x7ffc1ff7}]}) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) 226.745639ms ago: executing program 1 (id=424): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000000404000009"], 0x50) unshare(0x22020600) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r2}, 0x10) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000640)={r0, &(0x7f0000000480), 0x0}, 0x20) 204.037069ms ago: executing program 0 (id=425): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) kexec_load(0x0, 0x0, 0x0, 0x0) 162.317399ms ago: executing program 0 (id=426): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000500)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x800000000006}, 0x18) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a1) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount_setattr(r2, &(0x7f0000000300)='./file0\x00', 0x8000, &(0x7f0000001dc0)={0x81, 0xa, 0x80000, {r2}}, 0x20) 140.828669ms ago: executing program 3 (id=427): setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)=0x3, 0x4) r0 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x7b}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x2000000000, &(0x7f0000000140)={0x77359400}}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_TIMEOUT_REMOVE) io_uring_enter(r0, 0x4866, 0x0, 0xb, 0x0, 0x0) 116.807589ms ago: executing program 1 (id=428): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4, 0x2}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xfffffffffffffffe}}}]}, {0x25}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0) 109.97488ms ago: executing program 2 (id=429): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18) memfd_create(0x0, 0x0) 106.77368ms ago: executing program 0 (id=430): pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='fd', 0x0, r0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x2) mkdirat(r2, &(0x7f0000000000)='./file0\x00', 0x10e) 68.0031ms ago: executing program 0 (id=431): r0 = syz_io_uring_setup(0x491, &(0x7f0000000f80)={0x0, 0x79af, 0x3180, 0x0, 0x400251}, &(0x7f0000000340)=0x0, &(0x7f0000000080)=0x0) r3 = eventfd(0x401) io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000040)=r3, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_TIMEOUT={0xb, 0x4c, 0x0, 0x0, 0x9, &(0x7f0000000140)={0x0, 0x989680}, 0x1, 0x4}) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0) 48.4963ms ago: executing program 3 (id=432): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @empty, 'batadv_slave_0\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'veth1_to_bridge\x00'}}, 0x1e) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e) 14.459889ms ago: executing program 2 (id=433): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) writev(r2, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1) 7.323109ms ago: executing program 3 (id=434): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=435): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000022007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1, 0x0, 0x2}, 0x18) r2 = add_key$keyring(&(0x7f0000000400), &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r3 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000540)={'syz', 0x2}, 0x0, 0x0, r2) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000240)='asymmetric\x00', &(0x7f00000001c0)=@keyring={'key_or_keyring:', r2}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.41' (ED25519) to the list of known hosts. [ 35.074212][ T29] audit: type=1400 audit(1762449760.796:62): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 35.097247][ T29] audit: type=1400 audit(1762449760.826:63): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 35.098219][ T3304] cgroup: Unknown subsys name 'net' [ 35.125012][ T29] audit: type=1400 audit(1762449760.856:64): avc: denied { unmount } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 35.246571][ T3304] cgroup: Unknown subsys name 'cpuset' [ 35.253010][ T3304] cgroup: Unknown subsys name 'rlimit' [ 35.444622][ T29] audit: type=1400 audit(1762449761.166:65): avc: denied { setattr } for pid=3304 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 35.467893][ T29] audit: type=1400 audit(1762449761.166:66): avc: denied { create } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.488375][ T29] audit: type=1400 audit(1762449761.176:67): avc: denied { write } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.508776][ T29] audit: type=1400 audit(1762449761.176:68): avc: denied { read } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.529078][ T29] audit: type=1400 audit(1762449761.186:69): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 35.537924][ T3308] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 35.554055][ T29] audit: type=1400 audit(1762449761.186:70): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 35.585910][ T29] audit: type=1400 audit(1762449761.296:71): avc: denied { relabelto } for pid=3308 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 35.640199][ T3304] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 36.780694][ T3321] chnl_net:caif_netlink_parms(): no params data found [ 36.832519][ T3314] chnl_net:caif_netlink_parms(): no params data found [ 36.850550][ T3320] chnl_net:caif_netlink_parms(): no params data found [ 36.874711][ T3322] chnl_net:caif_netlink_parms(): no params data found [ 36.929655][ T3321] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.936816][ T3321] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.943920][ T3321] bridge_slave_0: entered allmulticast mode [ 36.950515][ T3321] bridge_slave_0: entered promiscuous mode [ 36.972457][ T3321] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.979616][ T3321] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.986740][ T3321] bridge_slave_1: entered allmulticast mode [ 36.993053][ T3321] bridge_slave_1: entered promiscuous mode [ 36.999500][ T3315] chnl_net:caif_netlink_parms(): no params data found [ 37.029098][ T3320] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.036186][ T3320] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.043292][ T3320] bridge_slave_0: entered allmulticast mode [ 37.049822][ T3320] bridge_slave_0: entered promiscuous mode [ 37.077663][ T3320] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.084802][ T3320] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.091997][ T3320] bridge_slave_1: entered allmulticast mode [ 37.098544][ T3320] bridge_slave_1: entered promiscuous mode [ 37.105881][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.131962][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.150124][ T3314] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.157218][ T3314] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.164404][ T3314] bridge_slave_0: entered allmulticast mode [ 37.170968][ T3314] bridge_slave_0: entered promiscuous mode [ 37.186392][ T3320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.195519][ T3322] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.202749][ T3322] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.209937][ T3322] bridge_slave_0: entered allmulticast mode [ 37.216444][ T3322] bridge_slave_0: entered promiscuous mode [ 37.222788][ T3314] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.229895][ T3314] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.237032][ T3314] bridge_slave_1: entered allmulticast mode [ 37.243513][ T3314] bridge_slave_1: entered promiscuous mode [ 37.257721][ T3320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.266830][ T3322] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.273929][ T3322] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.281052][ T3322] bridge_slave_1: entered allmulticast mode [ 37.287503][ T3322] bridge_slave_1: entered promiscuous mode [ 37.308928][ T3321] team0: Port device team_slave_0 added [ 37.330202][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.344520][ T3321] team0: Port device team_slave_1 added [ 37.350387][ T3315] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.357476][ T3315] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.364606][ T3315] bridge_slave_0: entered allmulticast mode [ 37.371163][ T3315] bridge_slave_0: entered promiscuous mode [ 37.383781][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.399747][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.413629][ T3315] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.420813][ T3315] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.428125][ T3315] bridge_slave_1: entered allmulticast mode [ 37.434503][ T3315] bridge_slave_1: entered promiscuous mode [ 37.441285][ T3320] team0: Port device team_slave_0 added [ 37.452938][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.471982][ T3320] team0: Port device team_slave_1 added [ 37.478443][ T3322] team0: Port device team_slave_0 added [ 37.489301][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.496325][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.522251][ T3321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.543235][ T3322] team0: Port device team_slave_1 added [ 37.554252][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.561317][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.587267][ T3321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.599284][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.621104][ T3314] team0: Port device team_slave_0 added [ 37.629732][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.639793][ T3314] team0: Port device team_slave_1 added [ 37.645682][ T3320] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.652708][ T3320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.678689][ T3320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.710124][ T3320] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.717202][ T3320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.743151][ T3320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.754480][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.761440][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.787356][ T3322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.821785][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.828757][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.854674][ T3322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.867556][ T3321] hsr_slave_0: entered promiscuous mode [ 37.873573][ T3321] hsr_slave_1: entered promiscuous mode [ 37.880181][ T3315] team0: Port device team_slave_0 added [ 37.886365][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.893317][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.919246][ T3314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.930888][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.937871][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.963995][ T3314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.985334][ T3315] team0: Port device team_slave_1 added [ 38.025070][ T3320] hsr_slave_0: entered promiscuous mode [ 38.031123][ T3320] hsr_slave_1: entered promiscuous mode [ 38.037158][ T3320] debugfs: 'hsr0' already exists in 'hsr' [ 38.042974][ T3320] Cannot create hsr debugfs directory [ 38.055841][ T3322] hsr_slave_0: entered promiscuous mode [ 38.061943][ T3322] hsr_slave_1: entered promiscuous mode [ 38.067894][ T3322] debugfs: 'hsr0' already exists in 'hsr' [ 38.073627][ T3322] Cannot create hsr debugfs directory [ 38.079563][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.086551][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.112563][ T3315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.124239][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.131311][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.157312][ T3315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.187565][ T3314] hsr_slave_0: entered promiscuous mode [ 38.193679][ T3314] hsr_slave_1: entered promiscuous mode [ 38.199587][ T3314] debugfs: 'hsr0' already exists in 'hsr' [ 38.205448][ T3314] Cannot create hsr debugfs directory [ 38.285210][ T3315] hsr_slave_0: entered promiscuous mode [ 38.291483][ T3315] hsr_slave_1: entered promiscuous mode [ 38.297465][ T3315] debugfs: 'hsr0' already exists in 'hsr' [ 38.303214][ T3315] Cannot create hsr debugfs directory [ 38.434104][ T3321] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 38.445197][ T3321] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 38.461288][ T3321] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 38.472238][ T3321] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 38.495642][ T3314] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.506216][ T3314] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.515061][ T3314] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.525720][ T3314] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 38.567794][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.580501][ T3322] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 38.595186][ T3322] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 38.604255][ T3322] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 38.613368][ T3322] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 38.641834][ T3321] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.656362][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.663492][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.672069][ T3315] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 38.680662][ T3315] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 38.689681][ T3315] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 38.698506][ T3315] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 38.720550][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.727627][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.744230][ T3320] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 38.753922][ T3320] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 38.780576][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.789789][ T3320] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 38.799323][ T3320] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 38.823800][ T3314] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.849118][ T297] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.856290][ T297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.865442][ T297] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.872531][ T297] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.932359][ T3314] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 38.945491][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.954757][ T3321] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.975368][ T3315] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.998357][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.011390][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.019483][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.026559][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.045359][ T3322] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.055759][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.062871][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.085907][ T3314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.095151][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.102282][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.111824][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.118919][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.144337][ T3320] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.169227][ T3315] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 39.179690][ T3315] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.194616][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.201705][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.212451][ T3321] veth0_vlan: entered promiscuous mode [ 39.230642][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.237797][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.260631][ T3321] veth1_vlan: entered promiscuous mode [ 39.296157][ T3321] veth0_macvtap: entered promiscuous mode [ 39.306744][ T3321] veth1_macvtap: entered promiscuous mode [ 39.323723][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.350714][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.362318][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.401640][ T31] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.416261][ T3314] veth0_vlan: entered promiscuous mode [ 39.431828][ T31] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.443016][ T3314] veth1_vlan: entered promiscuous mode [ 39.453974][ T3320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.461601][ T31] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.472424][ T3322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.484308][ T31] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.484925][ T3321] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 39.501821][ T3314] veth0_macvtap: entered promiscuous mode [ 39.536725][ T3314] veth1_macvtap: entered promiscuous mode [ 39.577299][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.597191][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.617649][ T270] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.656230][ T270] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.668477][ T270] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.685128][ T3315] veth0_vlan: entered promiscuous mode [ 39.699370][ T270] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.718814][ T3315] veth1_vlan: entered promiscuous mode [ 39.730029][ T3322] veth0_vlan: entered promiscuous mode [ 39.756248][ T3320] veth0_vlan: entered promiscuous mode [ 39.763941][ T3320] veth1_vlan: entered promiscuous mode [ 39.780644][ T3322] veth1_vlan: entered promiscuous mode [ 39.806756][ T3315] veth0_macvtap: entered promiscuous mode [ 39.818959][ T3490] loop0: detected capacity change from 0 to 256 [ 39.822966][ T3320] veth0_macvtap: entered promiscuous mode [ 39.826218][ T3490] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 39.847768][ T3490] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.851020][ T3322] veth0_macvtap: entered promiscuous mode [ 39.858788][ T3488] netlink: 48 bytes leftover after parsing attributes in process `syz.1.7'. [ 39.865714][ T3315] veth1_macvtap: entered promiscuous mode [ 39.892573][ T3322] veth1_macvtap: entered promiscuous mode [ 39.916882][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.924320][ T3320] veth1_macvtap: entered promiscuous mode [ 39.943882][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.953508][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.964597][ T3320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.973901][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.987845][ T297] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.998243][ T3320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.016203][ T297] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.025189][ T297] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.073034][ T297] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.086399][ T3497] netlink: 168 bytes leftover after parsing attributes in process `+}[@'. [ 40.101758][ T297] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.136500][ T297] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.145253][ T297] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.184106][ T29] kauditd_printk_skb: 45 callbacks suppressed [ 40.184122][ T29] audit: type=1400 audit(1762449765.906:117): avc: denied { read } for pid=3504 comm="syz.1.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 40.221109][ T297] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.233611][ T297] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.263060][ T29] audit: type=1326 audit(1762449765.946:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3503 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e64a2f6c9 code=0x7ffc0000 [ 40.275839][ T270] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.286174][ T29] audit: type=1326 audit(1762449765.946:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3503 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e64a2f6c9 code=0x7ffc0000 [ 40.318063][ T29] audit: type=1326 audit(1762449765.956:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3503 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3e64a2f6c9 code=0x7ffc0000 [ 40.325310][ T270] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.341140][ T29] audit: type=1326 audit(1762449765.956:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3503 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e64a2f6c9 code=0x7ffc0000 [ 40.373036][ T29] audit: type=1326 audit(1762449765.956:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3503 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e64a2f6c9 code=0x7ffc0000 [ 40.396155][ T29] audit: type=1326 audit(1762449765.956:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3503 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3e64a2f6c9 code=0x7ffc0000 [ 40.406761][ T270] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.419243][ T29] audit: type=1326 audit(1762449765.956:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3503 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e64a2f6c9 code=0x7ffc0000 [ 40.450950][ T29] audit: type=1326 audit(1762449765.956:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3503 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e64a2f6c9 code=0x7ffc0000 [ 40.474107][ T29] audit: type=1326 audit(1762449765.956:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3503 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3e64a2f6c9 code=0x7ffc0000 [ 40.597475][ T3532] SELinux: Context system_u:object_r:systemd_passwd_agent_exec_t:s0 is not valid (left unmapped). [ 40.872785][ T3553] loop1: detected capacity change from 0 to 512 [ 40.903836][ T3553] EXT4-fs (loop1): too many log groups per flexible block group [ 40.914891][ T3553] EXT4-fs (loop1): failed to initialize mballoc (-12) [ 40.917904][ T3551] loop2: detected capacity change from 0 to 2048 [ 40.931883][ T3553] EXT4-fs (loop1): mount failed [ 40.956276][ T3551] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.012860][ T3551] EXT4-fs error (device loop2): ext4_ext_precache:632: inode #2: comm +}[@: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 41.058708][ T3566] netlink: 'syz.4.35': attribute type 19 has an invalid length. [ 41.066434][ T3566] netlink: 4 bytes leftover after parsing attributes in process `syz.4.35'. [ 41.078233][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.088331][ T270] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 41.088381][ T3566] netlink: 'syz.4.35': attribute type 19 has an invalid length. [ 41.104719][ T3566] netlink: 4 bytes leftover after parsing attributes in process `syz.4.35'. [ 41.123489][ T270] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 41.132968][ T270] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 41.142595][ T270] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 41.153975][ T3566] Zero length message leads to an empty skb [ 41.196905][ T3572] vhci_hcd: invalid port number 0 [ 41.233439][ T3576] syz.1.39 uses obsolete (PF_INET,SOCK_PACKET) [ 41.587056][ T3622] loop1: detected capacity change from 0 to 128 [ 41.607448][ T3622] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 41.619769][ T3622] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.736371][ T3321] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 41.782631][ T3634] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.851990][ T3638] netlink: 'syz.1.51': attribute type 12 has an invalid length. [ 41.886245][ T3644] SELinux: failed to load policy [ 42.016269][ T3656] xt_l2tp: wrong L2TP version: 1 [ 42.187243][ T3677] loop1: detected capacity change from 0 to 1024 [ 42.205724][ T3677] ======================================================= [ 42.205724][ T3677] WARNING: The mand mount option has been deprecated and [ 42.205724][ T3677] and is ignored by this kernel. Remove the mand [ 42.205724][ T3677] option from the mount to silence this warning. [ 42.205724][ T3677] ======================================================= [ 42.249098][ T3677] EXT4-fs: Ignoring removed nobh option [ 42.254740][ T3677] EXT4-fs: Ignoring removed bh option [ 42.267309][ T3682] syz.0.76 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 42.297257][ T3677] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.373844][ T3677] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt. [ 42.407097][ T3700] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 42.426380][ T3677] EXT4-fs (loop1): Remounting filesystem read-only [ 42.494301][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.519708][ T3710] netlink: 12 bytes leftover after parsing attributes in process `syz.1.87'. [ 42.550250][ T3711] loop9: detected capacity change from 0 to 7 [ 42.570596][ T3305] Buffer I/O error on dev loop9, logical block 0, async page read [ 42.578743][ T3305] Buffer I/O error on dev loop9, logical block 0, async page read [ 42.586662][ T3305] loop9: unable to read partition table [ 42.594707][ T3711] Buffer I/O error on dev loop9, logical block 0, async page read [ 42.606682][ T3711] Buffer I/O error on dev loop9, logical block 0, async page read [ 42.614535][ T3711] loop9: unable to read partition table [ 42.628118][ T3711] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 42.628118][ T3711] ) failed (rc=-5) [ 42.644968][ T3305] Buffer I/O error on dev loop9, logical block 0, async page read [ 42.676506][ T3305] Buffer I/O error on dev loop9, logical block 0, async page read [ 42.684433][ T3305] Buffer I/O error on dev loop9, logical block 0, async page read [ 42.698561][ T3305] Buffer I/O error on dev loop9, logical block 0, async page read [ 42.718243][ T3305] Buffer I/O error on dev loop9, logical block 0, async page read [ 42.733398][ T3721] SELinux: ebitmap: high bit 7341312 is not equal to the expected value 1536 [ 42.742965][ T3721] SELinux: failed to load policy [ 42.790576][ T3727] SELinux: Context is not valid (left unmapped). [ 43.122134][ T3741] netlink: 'syz.0.100': attribute type 10 has an invalid length. [ 43.360154][ T3634] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.455191][ T3771] loop1: detected capacity change from 0 to 164 [ 43.469960][ T3634] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.527852][ T3777] loop3: detected capacity change from 0 to 128 [ 43.551599][ T3777] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 43.559558][ T3777] FAT-fs (loop3): Filesystem has been set read-only [ 43.569865][ T3634] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.596162][ T3777] syz.3.118: attempt to access beyond end of device [ 43.596162][ T3777] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 43.612442][ T3777] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 43.620327][ T3777] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 43.641480][ T3777] syz.3.118: attempt to access beyond end of device [ 43.641480][ T3777] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 43.655300][ T3777] syz.3.118: attempt to access beyond end of device [ 43.655300][ T3777] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 43.669146][ T3777] syz.3.118: attempt to access beyond end of device [ 43.669146][ T3777] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 43.682675][ T297] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.683823][ T3777] syz.3.118: attempt to access beyond end of device [ 43.683823][ T3777] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 43.700968][ T297] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.725538][ T297] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.734028][ T3777] syz.3.118: attempt to access beyond end of device [ 43.734028][ T3777] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 43.747705][ T297] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.772472][ T3777] syz.3.118: attempt to access beyond end of device [ 43.772472][ T3777] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 43.786341][ T3777] syz.3.118: attempt to access beyond end of device [ 43.786341][ T3777] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 43.801549][ T3777] syz.3.118: attempt to access beyond end of device [ 43.801549][ T3777] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 43.816431][ T3777] syz.3.118: attempt to access beyond end of device [ 43.816431][ T3777] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 44.594668][ T3413] IPVS: starting estimator thread 0... [ 44.705920][ T3873] IPVS: using max 2448 ests per chain, 122400 per kthread [ 45.085312][ T3904] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 45.159967][ T3899] syz.3.144 (3899) used greatest stack depth: 10160 bytes left [ 45.188630][ T29] kauditd_printk_skb: 267 callbacks suppressed [ 45.188646][ T29] audit: type=1326 audit(1762449770.916:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3890 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1462b36567 code=0x7ffc0000 [ 45.218000][ T29] audit: type=1326 audit(1762449770.916:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3890 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1462adb779 code=0x7ffc0000 [ 45.241284][ T29] audit: type=1326 audit(1762449770.916:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3890 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f1462b3f6c9 code=0x7ffc0000 [ 45.285073][ T29] audit: type=1326 audit(1762449770.996:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3890 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1462b36567 code=0x7ffc0000 [ 45.308368][ T29] audit: type=1326 audit(1762449770.996:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3890 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1462adb779 code=0x7ffc0000 [ 45.331850][ T29] audit: type=1326 audit(1762449770.996:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3890 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f1462b3f6c9 code=0x7ffc0000 [ 45.355405][ T29] audit: type=1326 audit(1762449770.996:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3890 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1462b36567 code=0x7ffc0000 [ 45.378610][ T29] audit: type=1326 audit(1762449770.996:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3890 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1462adb779 code=0x7ffc0000 [ 45.401776][ T29] audit: type=1326 audit(1762449770.996:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3890 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f1462b3f6c9 code=0x7ffc0000 [ 45.425596][ T29] audit: type=1326 audit(1762449771.006:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3890 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1462b36567 code=0x7ffc0000 [ 45.551093][ T3920] unsupported nla_type 52263 [ 45.654575][ T3926] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=40 sclass=netlink_audit_socket pid=3926 comm=syz.0.156 [ 45.696817][ T3879] syz.1.135 (3879) used greatest stack depth: 6376 bytes left [ 45.778532][ T3935] loop1: detected capacity change from 0 to 512 [ 45.797990][ T3935] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 45.828705][ T3935] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 45.859048][ T3935] ext4 filesystem being mounted at /45/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.914565][ T3935] 9pnet: Could not find request transport: xen [ 45.950001][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 46.058325][ T3971] netlink: 28 bytes leftover after parsing attributes in process `syz.1.172'. [ 46.308513][ T3991] netlink: 24 bytes leftover after parsing attributes in process `syz.3.182'. [ 46.480504][ T4008] netlink: 'syz.3.189': attribute type 3 has an invalid length. [ 46.758183][ T4026] netlink: 104 bytes leftover after parsing attributes in process `syz.2.196'. [ 46.961513][ T4046] loop4: detected capacity change from 0 to 512 [ 47.005591][ T4046] EXT4-fs: Ignoring removed oldalloc option [ 47.035062][ T4046] EXT4-fs (loop4): 1 truncate cleaned up [ 47.046213][ T4046] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.091271][ T3315] EXT4-fs error (device loop4): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 47.117600][ T3315] EXT4-fs (loop4): Remounting filesystem read-only [ 47.361424][ T4074] ------------[ cut here ]------------ [ 47.366968][ T4074] verifier bug: REG INVARIANTS VIOLATION (true_reg2): range bounds violation u64=[0x0, 0x7800000000] s64=[0x0, 0xffffffffffffffff] u32=[0x80000000, 0x0] s32=[0x0, 0xffffffff] var_off=(0x0, 0x7800000000) [ 47.386878][ T4074] WARNING: CPU: 0 PID: 4074 at kernel/bpf/verifier.c:2721 reg_bounds_sanity_check+0x673/0x680 [ 47.397265][ T4074] Modules linked in: [ 47.401204][ T4074] CPU: 0 UID: 0 PID: 4074 Comm: syz.3.219 Not tainted syzkaller #0 PREEMPT(voluntary) [ 47.410921][ T4074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 47.421028][ T4074] RIP: 0010:reg_bounds_sanity_check+0x673/0x680 [ 47.427361][ T4074] Code: 7c 24 18 41 ff 74 24 20 55 41 56 4d 89 ee 53 48 8b 5c 24 30 ff 74 24 40 ff 74 24 50 ff 74 24 30 e8 c2 f7 ba ff 48 83 c4 38 90 <0f> 0b 90 90 e9 02 fb ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 [ 47.447127][ T4074] RSP: 0018:ffffc90010267408 EFLAGS: 00010282 [ 47.453257][ T4074] RAX: b3812c13f1dcce00 RBX: ffff888119f15040 RCX: 0000000000080000 [ 47.461344][ T4074] RDX: ffffc90004029000 RSI: 0000000000013ed7 RDI: 0000000000013ed8 [ 47.469357][ T4074] RBP: 0000000000000000 R08: 0001c90010267257 R09: 0000000000000000 [ 47.477421][ T4074] R10: 00000000ffffffff R11: 0000000000000002 R12: ffff888119f15000 [ 47.485425][ T4074] R13: ffff88811eb70000 R14: ffff88811eb70000 R15: ffff888119f15038 [ 47.493539][ T4074] FS: 00007f3e634976c0(0000) GS:ffff8882aee13000(0000) knlGS:0000000000000000 [ 47.502567][ T4074] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.509259][ T4074] CR2: 0000200000001740 CR3: 000000011bcfc000 CR4: 00000000003506f0 [ 47.517272][ T4074] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.525323][ T4074] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 47.533394][ T4074] Call Trace: [ 47.536702][ T4074] [ 47.539654][ T4074] reg_set_min_max+0x1eb/0x260 [ 47.544450][ T4074] check_cond_jmp_op+0x1370/0x19e0 [ 47.549642][ T4074] do_check+0x3363/0x8460 [ 47.554020][ T4074] do_check_common+0xc5e/0x12b0 [ 47.558923][ T4074] bpf_check+0xaaae/0xd9d0 [ 47.563477][ T4074] ? __alloc_frozen_pages_noprof+0x188/0x360 [ 47.569577][ T4074] ? __vmap_pages_range_noflush+0xbc4/0xcf0 [ 47.575581][ T4074] ? css_rstat_updated+0xb7/0x240 [ 47.580668][ T4074] ? try_charge_memcg+0x215/0xa10 [ 47.585726][ T4074] ? pcpu_block_refresh_hint+0x10b/0x170 [ 47.591482][ T4074] ? pcpu_block_update_hint_alloc+0x63d/0x660 [ 47.597616][ T4074] ? pcpu_block_update_hint_alloc+0x63d/0x660 [ 47.603720][ T4074] ? css_rstat_updated+0xb7/0x240 [ 47.608852][ T4074] ? __rcu_read_unlock+0x4f/0x70 [ 47.613817][ T4074] ? pcpu_memcg_post_alloc_hook+0xf1/0x150 [ 47.619852][ T4074] ? bpf_prog_alloc+0x5b/0x150 [ 47.624658][ T4074] ? pcpu_alloc_noprof+0xd29/0x1250 [ 47.629969][ T4074] ? should_fail_ex+0x30/0x280 [ 47.634779][ T4074] ? should_failslab+0x8c/0xb0 [ 47.639649][ T4074] ? __kmalloc_noprof+0x2a2/0x570 [ 47.644698][ T4074] ? security_bpf_prog_load+0x60/0x140 [ 47.650312][ T4074] ? selinux_bpf_prog_load+0xad/0xd0 [ 47.655658][ T4074] ? security_bpf_prog_load+0x9e/0x140 [ 47.661176][ T4074] bpf_prog_load+0xf6e/0x1100 [ 47.665917][ T4074] ? security_bpf+0x2b/0x90 [ 47.670491][ T4074] __sys_bpf+0x469/0x7c0 [ 47.674812][ T4074] __x64_sys_bpf+0x41/0x50 [ 47.679308][ T4074] x64_sys_call+0x2aee/0x3000 [ 47.684003][ T4074] do_syscall_64+0xd2/0x200 [ 47.688600][ T4074] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 47.694847][ T4074] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 47.700667][ T4074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.706611][ T4074] RIP: 0033:0x7f3e64a2f6c9 [ 47.711097][ T4074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 47.730782][ T4074] RSP: 002b:00007f3e63497038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 47.739231][ T4074] RAX: ffffffffffffffda RBX: 00007f3e64c85fa0 RCX: 00007f3e64a2f6c9 [ 47.747238][ T4074] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 47.755227][ T4074] RBP: 00007f3e64ab1f91 R08: 0000000000000000 R09: 0000000000000000 [ 47.763273][ T4074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 47.771274][ T4074] R13: 00007f3e64c86038 R14: 00007f3e64c85fa0 R15: 00007ffe2cd75278 [ 47.779377][ T4074] [ 47.782413][ T4074] ---[ end trace 0000000000000000 ]--- [ 47.974262][ T4097] mmap: wޣ (4097) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 48.047360][ T4104] loop1: detected capacity change from 0 to 256 [ 48.344918][ T4127] loop9: detected capacity change from 0 to 7 [ 48.368989][ T4127] Buffer I/O error on dev loop9, logical block 0, async page read [ 48.393079][ T4127] Buffer I/O error on dev loop9, logical block 0, async page read [ 48.401028][ T4127] loop9: unable to read partition table [ 48.407790][ T4127] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 48.407790][ T4127] ) failed (rc=-5) [ 48.421894][ T3633] Buffer I/O error on dev loop9, logical block 0, async page read [ 48.447047][ T3633] Buffer I/O error on dev loop9, logical block 0, async page read [ 48.470939][ T3633] Buffer I/O error on dev loop9, logical block 0, async page read [ 48.491866][ T3633] Buffer I/O error on dev loop9, logical block 0, async page read [ 48.500374][ T3633] Buffer I/O error on dev loop9, logical block 0, async page read [ 48.519184][ T4143] option changes via remount are deprecated (pid=4140 comm=syz.1.249) [ 48.530474][ T4141] loop3: detected capacity change from 0 to 512 [ 48.593438][ T4141] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.715877][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.807532][ T2967] kernel write not supported for file bpf-prog (pid: 2967 comm: kworker/0:2) [ 48.959412][ T4154] process 'syz.1.254' launched '/dev/fd/4' with NULL argv: empty string added [ 49.035096][ T4178] veth2: entered promiscuous mode [ 49.040324][ T4178] veth2: entered allmulticast mode [ 49.959486][ T4223] loop2: detected capacity change from 0 to 128 [ 50.016566][ T4225] smc: net device bond0 applied user defined pnetid SYZ0 [ 50.037311][ T4225] smc: net device bond0 erased user defined pnetid SYZ0 [ 50.102352][ T4231] loop2: detected capacity change from 0 to 512 [ 50.120974][ T4231] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.288: bg 0: block 248: padding at end of block bitmap is not set [ 50.163220][ T4231] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.288: Failed to acquire dquot type 1 [ 50.190567][ T4231] EXT4-fs (loop2): 1 truncate cleaned up [ 50.203590][ T4231] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.287929][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.306030][ T3842] __quota_error: 238 callbacks suppressed [ 50.306044][ T3842] Quota error (device loop2): do_check_range: Getting block 0 out of range 1-5 [ 50.320761][ T3842] EXT4-fs error (device loop2): ext4_release_dquot:6981: comm kworker/u8:56: Failed to release dquot type 1 [ 50.382706][ T29] audit: type=1400 audit(50.367:640): avc: denied { create } for pid=4243 comm="syz.0.294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 50.415879][ T29] audit: type=1400 audit(50.387:641): avc: denied { setopt } for pid=4243 comm="syz.0.294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 50.434607][ T29] audit: type=1400 audit(50.387:642): avc: denied { bind } for pid=4243 comm="syz.0.294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 50.536687][ T29] audit: type=1326 audit(50.467:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4247 comm="syz.2.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1462b3f6c9 code=0x7ffc0000 [ 50.559484][ T29] audit: type=1326 audit(50.467:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4247 comm="syz.2.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1462b3f6c9 code=0x7ffc0000 [ 50.582217][ T29] audit: type=1326 audit(50.477:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4247 comm="syz.2.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1462b3f6c9 code=0x7ffc0000 [ 50.604815][ T29] audit: type=1326 audit(50.477:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4247 comm="syz.2.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1462b3f6c9 code=0x7ffc0000 [ 50.627509][ T29] audit: type=1326 audit(50.477:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4247 comm="syz.2.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1462b3f6c9 code=0x7ffc0000 [ 50.650157][ T29] audit: type=1326 audit(50.477:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4247 comm="syz.2.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1462b3f6c9 code=0x7ffc0000 [ 50.761679][ T4275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 50.771394][ T4275] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 50.974922][ T4287] loop1: detected capacity change from 0 to 512 [ 50.998132][ T4287] EXT4-fs warning (device loop1): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 51.013565][ T4287] EXT4-fs (loop1): mount failed [ 51.434632][ T4318] loop3: detected capacity change from 0 to 1024 [ 51.448237][ T4318] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.697532][ T4332] netlink: 104 bytes leftover after parsing attributes in process `syz.2.332'. [ 51.790891][ T4338] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 51.800495][ T4342] netlink: 332 bytes leftover after parsing attributes in process `syz.1.337'. [ 51.815890][ T4338] vhci_hcd: invalid port number 96 [ 51.821056][ T4338] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 51.988679][ T4356] netlink: 4 bytes leftover after parsing attributes in process `syz.1.342'. [ 52.034899][ T4361] sd 0:0:1:0: device reset [ 52.076673][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.069785][ T4468] netlink: 'syz.2.389': attribute type 13 has an invalid length. [ 53.096644][ T3844] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 53.104951][ T4468] netlink: 'syz.2.389': attribute type 13 has an invalid length. [ 53.121164][ T3844] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 53.156144][ T31] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 53.175944][ T31] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 53.226535][ T4480] hub 2-0:1.0: USB hub found [ 53.231232][ T4480] hub 2-0:1.0: 8 ports detected [ 53.476502][ T4489] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 53.495951][ T4489] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 53.963138][ T4519] netlink: 176 bytes leftover after parsing attributes in process `syz.0.413'. [ 54.015145][ T4523] netlink: 444 bytes leftover after parsing attributes in process `syz.3.414'. [ 54.030974][ T4523] netlink: 4 bytes leftover after parsing attributes in process `syz.3.414'. [ 54.097341][ T4527] loop3: detected capacity change from 0 to 512 [ 54.113406][ T4531] loop2: detected capacity change from 0 to 2048 [ 54.139181][ T4535] veth0: entered promiscuous mode [ 54.147539][ T4534] veth0: left promiscuous mode [ 54.156267][ T4527] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 54.188311][ T3633] loop2: p3 p4 < > [ 54.192250][ T3633] loop2: p3 start 196608 is beyond EOD, truncated [ 54.251821][ T4531] loop2: p3 p4 < > [ 54.256070][ T4527] EXT4-fs (loop3): mount failed [ 54.261136][ T4531] loop2: p3 start 196608 is beyond EOD, truncated [ 54.348252][ T4552] netlink: 28 bytes leftover after parsing attributes in process `syz.1.428'. [ 54.357255][ T4552] netlink: 28 bytes leftover after parsing attributes in process `syz.1.428'. [ 54.417218][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 54.463372][ T3315] ================================================================== [ 54.471484][ T3315] BUG: KCSAN: data-race in avc_policy_seqno / avc_ss_reset [ 54.478700][ T3315] [ 54.481025][ T3315] write to 0xffffffff88eb3c28 of 4 bytes by task 4563 on cpu 0: [ 54.488654][ T3315] avc_ss_reset+0x20c/0x240 [ 54.493180][ T3315] security_set_bools+0x301/0x340 [ 54.498225][ T3315] sel_commit_bools_write+0x1ea/0x270 [ 54.503603][ T3315] vfs_writev+0x406/0x8b0 [ 54.507952][ T3315] do_writev+0xe7/0x210 [ 54.512121][ T3315] __x64_sys_writev+0x45/0x50 [ 54.516818][ T3315] x64_sys_call+0x1e9a/0x3000 [ 54.521510][ T3315] do_syscall_64+0xd2/0x200 [ 54.526021][ T3315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.531920][ T3315] [ 54.534240][ T3315] read to 0xffffffff88eb3c28 of 4 bytes by task 3315 on cpu 1: [ 54.541776][ T3315] avc_policy_seqno+0x15/0x30 [ 54.546459][ T3315] selinux_file_open+0x10e/0x330 [ 54.551420][ T3315] security_file_open+0x36/0x70 [ 54.556295][ T3315] do_dentry_open+0x204/0xa20 [ 54.560985][ T3315] vfs_open+0x37/0x1e0 [ 54.565057][ T3315] path_openat+0x1c5e/0x2170 [ 54.569653][ T3315] do_filp_open+0x109/0x230 [ 54.574165][ T3315] do_sys_openat2+0xa6/0x110 [ 54.578762][ T3315] __x64_sys_openat+0xf2/0x120 [ 54.583532][ T3315] x64_sys_call+0x2eab/0x3000 [ 54.588217][ T3315] do_syscall_64+0xd2/0x200 [ 54.592736][ T3315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.598635][ T3315] [ 54.600958][ T3315] value changed: 0x00000001 -> 0x00000002 [ 54.606674][ T3315] [ 54.609008][ T3315] Reported by Kernel Concurrency Sanitizer on: [ 54.615253][ T3315] CPU: 1 UID: 0 PID: 3315 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 54.626722][ T3315] Tainted: [W]=WARN [ 54.630525][ T3315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 54.640586][ T3315] ==================================================================