last executing test programs: 3m50.280892704s ago: executing program 1 (id=4133): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) close_range(r1, 0xffffffffffffffff, 0x200000000000000) (fail_nth: 1) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) 3m49.96333722s ago: executing program 1 (id=4137): socket$packet(0x11, 0x2, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x6, 0x0) r3 = syz_io_uring_setup(0x7d9b, &(0x7f00000008c0)={0x0, 0x92b2, 0x10100, 0xfffffffe, 0x21a}, &(0x7f0000000980)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000240)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[], 0x14a8}}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) 3m49.861391222s ago: executing program 1 (id=4144): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="18030000000000000000000000000000851000000600000018100000", @ANYRES32=r2, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000940300000000000695"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2a0, 0x160, 0x4c, 0x2500, 0x290, 0x73, 0x290, 0x258, 0x258, 0x290, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x73}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}, {{@ipv6={@local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'vxcan1\x00', 'team0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x300) r3 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) 3m49.817541062s ago: executing program 1 (id=4146): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000011340)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'}) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000115c0)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000118c0)=@bpf_tracing={0x1a, 0xc, &(0x7f0000011680)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000004000000950000000000000085000000a90000008510000002000000852000000100000085200000010000001838000005"], &(0x7f0000011700)='syzkaller\x00', 0x1, 0x0, &(0x7f0000011740), 0x0, 0x4, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, &(0x7f0000011780)={0x2, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x1d13, 0xffffffffffffffff, 0x7, 0x0, &(0x7f0000011840)=[{0x1, 0x2, 0xb, 0x6}, {0x4, 0x5, 0xc}, {0x2, 0x4, 0x4, 0x5}, {0x1, 0x5, 0x0, 0xa}, {0x1, 0x1, 0x2, 0xa}, {0x5, 0x2, 0x80b, 0x4}, {0x0, 0x5, 0x3, 0x2}], 0x10, 0x8000, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[], 0x48) syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000980)='./file1\x00', 0x280809a, &(0x7f0000000f40)=ANY=[], 0xd, 0x2b2, &(0x7f00000006c0)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3E0XlSfvX/7ga402VXR+v9Xh3nfuPXm3TbLJeZ+/Mh3ffZDE2dMnkaZJdI7iKM6T2I9ONL6JbgAA/x/neR6/5mWY5JUNM7udGy0MALgx1ef/X/rgBwD+4z78+JP3B8fHdz7IsjRe6j+eDZOImD6eDav5wf34MiZxL25HPy4i8oUqfve94zvRzQr78fp0PhsWmdPPfqzXH/wSUeYfRj/22/MPs8pK/nw23I3nI4vB/d2m1H682J7/Zkt+DHvxxmsr9R9EP376Ih7EJO5GkbvM//owy97Jv3361afFNkV+0onhXnldKfcFCQAAAAAAAAAAAAAAAAAAAACA7TrIsqRq31P27ymG6v47Oxfl/EHW2F/vz1PlJ81CVX+gvOmWM8/ju6a/zu0sy/L6wmV+N17uerAAAAAAAAAAAAAAAAAAAAAAFE4ePbk1mkzuPTx5dDq+dtB0A2h+1v931zlaGXk1TsejncsX3Nt8r9VuA0WtV14c3W5s6ba0B2eLkeeKera+xV4sRj6KKmgOZqt7vfB2tejpeJTVU81NHo+SP9srbQ7u+9WpXly3sLz8k7jI1880XZS6ntXb0t3o3Wqd+i3P883Weevn6ozqkaRssbHZ7rt10PoCiyAtziJd/OMXUz9cvuClbxk7137TAQAAAAAAAAAAAAAAAAAAWi1/9NsyeXZlaufGigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9jy+f9NkEbE+sgfgnmdfNU1ddCLhyf/8ksEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgGfB7AAAA//8rlFqg") 3m49.777881343s ago: executing program 1 (id=4148): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x40, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000140)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0) execveat(r0, &(0x7f0000000440)='./file1\x00', &(0x7f0000001080)={[&(0x7f0000000480)='{}\x00', &(0x7f00000004c0)=',^+\x00', &(0x7f0000000500)=']-:\x00', &(0x7f0000000ac0)='L\xd1\x00', &(0x7f0000000bc0)='(/X#^}((\x00', &(0x7f0000000c00)='#}%\x00', &(0x7f0000000c80)='\xaa\xaa\xaa\xaa\xaa', &(0x7f0000000cc0)='-){ \x00']}, &(0x7f0000001000)={[&(0x7f0000000d80)='J', &(0x7f0000000dc0)='@[\f\x00', &(0x7f0000000e00)='\x00', &(0x7f0000000e40)='wyrkaller\x00', &(0x7f0000000e80)='ext4\x00', &(0x7f0000000ec0)='#\x1a!#[+&{$&\x00', &(0x7f0000000f00)='}\x00', &(0x7f0000000f40)='[\x00', &(0x7f0000000f80)='\x00', &(0x7f0000000fc0)='\x00']}, 0x800) setrlimit(0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x21081e, &(0x7f0000000280)={[{@grpquota}, {@abort}, {@errors_remount}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") syz_usb_connect(0x0, 0x3f, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x0) listen(0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_io_uring_setup(0x87b, &(0x7f0000000d00)={0x0, 0xa49e, 0x20, 0x2, 0x21c}, &(0x7f0000001100)=0x0, &(0x7f0000001140)) r5 = syz_io_uring_complete(r4) connect$802154_dgram(0xffffffffffffffff, &(0x7f00000002c0)={0x24, @short={0x2, 0xb8b1936ae08deaa6, 0xffff}}, 0x14) fsetxattr$security_selinux(r5, &(0x7f0000000400), 0x0, 0x0, 0x2) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) process_mrelease(0xffffffffffffffff, 0x0) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x0) r7 = socket$unix(0x1, 0x2, 0x0) connect$unix(r7, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e24}, 0x28) pipe2$9p(&(0x7f0000000080), 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000001180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000008300000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b700000000000000950000000000000000000000006459bf2eea9d1b1b1c703f3c03d4976ea30c498ecae412c7687875b7673c95f7976cb64c3a4ad2f3e455152fda619df1a0c555605d5f9041eaba32cc48d41788dc48bdf666f9f077102459e4c001cd3c4fe6e3aa82617a0ad160041db637d82411d008e22afc764f5f5ff40cdd1aae03e4994c3373c0b36383bf61124cbbf9f51e000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_emit_ethernet(0x4a, &(0x7f0000000540)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000008004510003c000000000006907864010101ac1414aa20004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ac02040000008af800007cdba33b33ceb023f10006131220e002c65d"], 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') socket(0x10, 0x80002, 0x0) 3m49.013713786s ago: executing program 1 (id=4169): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="18030000000000000000000000000000851000000600000018100000", @ANYRES32=r1, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000940300000000000695"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) 3m33.986292417s ago: executing program 32 (id=4169): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="18030000000000000000000000000000851000000600000018100000", @ANYRES32=r1, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000940300000000000695"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) 2.437310359s ago: executing program 3 (id=10189): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='sys_enter\x00', r1}, 0x10) iopl(0x9) 2.38354639s ago: executing program 3 (id=10190): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = msgget$private(0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x3, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000003000083850000002d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x2}, 0x18) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) 1.920476528s ago: executing program 4 (id=10204): bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0900000003000000080000000400000002000000f67a77e81fd7c5157fc52377cbab4347bb0ab2f84bbcd1dc4ad85880bae13019bb61", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000009c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@noinit_itable}, {@noquota}, {@abort}, {@noload}, {@noload}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV") r2 = dup(r1) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) r4 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800) ioctl$SG_GET_VERSION_NUM(r4, 0x2284, &(0x7f0000000080)) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000740)=ANY=[@ANYRES64=r4, @ANYRESHEX=r0, @ANYBLOB="2c7766646e3b9f2baf4b3322fb33131d5064c6714f929d962d8f64468d2c41f090d2438af4be64cbd89fd6c095fd7c00e0deaf46bda96615bedf358e48e663ab636c06f6fcf0e51e83ce596d049e7be77cf0b22285aa4726caad441652c4afc847b174799aacc3455d62cbbfc2eacd7c0472821ba2ec4b4fff0733d2cf6e2bc737f26286ee0870b8bf3b72f537af7dd82066a8fac5f60c731a0c05e831ae85a7141bafd364a4d57ac6ee5a8151989d739e8217eac56daa09b69015d3c30e6fbcc7b1ba9fc27889804e0e8c93", @ANYRESHEX=r2, @ANYBLOB=',k']) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xe, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x6b}, @ringbuf_query, @map_idx={0x18, 0x2, 0x5, 0x0, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x8}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x8}, @func={0x85, 0x0, 0x1, 0x0, 0x8}], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r7, &(0x7f0000003280)={0x0, 0x0, 0x0}, 0x0) sendmsg$tipc(r7, &(0x7f0000000e40)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r3, 0x0, 0x6}, 0x18) r8 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0xffffffff}, 0x48, 0xffffffffffffffff) r9 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) r10 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc1}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x4, r10, r9, r9, 0x0) keyctl$KEYCTL_MOVE(0x4, r8, r8, 0x0, 0x0) sendmsg$inet(r7, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0x1}], 0x1}, 0x0) sendmsg$tipc(r7, &(0x7f0000002700)={0x0, 0x0, 0x0}, 0x0) setsockopt$sock_attach_bpf(r6, 0x1, 0x21, &(0x7f00000001c0), 0x4) sendmsg$tipc(r7, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) recvmsg(r6, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0) 1.77803911s ago: executing program 4 (id=10208): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) r1 = socket$inet6(0x10, 0x3, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r4}, 0x10) sendto$inet6(r1, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="10030600e0ff020004004788aa96a13bb100001100007fca1a00", 0x10608, 0x0, &(0x7f0000000140)={0x11, 0x0, r5}, 0x14) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'}) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0xa, 0x300) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r7, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00'}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 1.567251674s ago: executing program 4 (id=10210): creat(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[]) 1.566881864s ago: executing program 3 (id=10211): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a200000000065fdc41900000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d100012800c00018008000100647584000800034000000110140000001000010000000000000000000084000a"], 0x9c}}, 0x20050800) 1.566536284s ago: executing program 4 (id=10212): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) request_key(&(0x7f00000003c0)='ceph\x00', &(0x7f0000000400)={'syz', 0x1}, &(0x7f00000004c0)='kfree\x00', 0xffffffffffffffff) 1.546593845s ago: executing program 4 (id=10213): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 1.512749375s ago: executing program 4 (id=10214): perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$inet_sctp(0x2, 0x1, 0x84) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff51, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2}, 0x10) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)) bpf$PROG_LOAD(0x5, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x1, 0x8) 1.508718755s ago: executing program 3 (id=10215): perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$inet_sctp(0x2, 0x1, 0x84) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff51, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2}, 0x10) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) 1.372210317s ago: executing program 5 (id=10217): creat(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX]) 1.279354629s ago: executing program 5 (id=10218): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x68, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x800000, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r1 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10) r4 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r4, 0x65, 0x1, 0x0, 0xf00) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r6}, 0x10) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r8}, 0x10) io_setup(0x3, &(0x7f0000000340)) r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182) ioctl$USBDEVFS_ALLOW_SUSPEND(r9, 0x5522) ioctl$USBDEVFS_BULK(r9, 0x5523, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x9, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c9}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.166953051s ago: executing program 2 (id=10219): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='sys_enter\x00', r1}, 0x10) iopl(0x9) 1.122459281s ago: executing program 2 (id=10221): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x2}, 0x18) setrlimit(0x9, &(0x7f0000000000)) io_setup(0x2004, &(0x7f0000000680)) 1.122285002s ago: executing program 0 (id=10222): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = msgget$private(0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x3, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000003000083850000002d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x2}, 0x18) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) 1.103655322s ago: executing program 5 (id=10223): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) 1.088805492s ago: executing program 2 (id=10224): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="180000000000000000001800008000000000040094dc0f9cefea15b1f30320f37b715d8a6c3b78345f03e59a248300428b1fd3ae1cb4beb315e60d5e5d75e77297cf2deb0500000000000000b92fbdad6e38ae16c859511edf08e428d0fe5bc9440d755ad3af19df02bad5ee10fbbfcd09e968a3f8dcba933ca5de30b3de3c99b9d690778b5e08db3afbefdfd370e052a73a21f4c871b396f705e1392a7d7758365b9ac16ef45195c119639878ffbadabd1d8aa7e843d3ac5813e947fb6e61740fe1dbb200"/211, @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x372, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) sched_setscheduler(r0, 0x2, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket(0x2, 0x5, 0x0) sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{&(0x7f0000002e40)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000200)="f9", 0x1}], 0x1, 0x0, 0x0, 0x80020}], 0x1, 0x40c0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='mm_page_alloc\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f0000000200)={[{@max_batch_time={'max_batch_time', 0x3d, 0x358}}, {@resuid}, {@stripe={'stripe', 0x3d, 0x9}}]}, 0x3, 0x44b, &(0x7f00000004c0)="$eJzs282PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rClJYO9PdLLpxz77lzztN7T3vOPW0AI2sq+yeJ2BoRf0bERD3bXGCq/t/Vy2cXrl0+u5BEtfruP0mt3JXLZxeKosV5W/LMdBqRfpHE7jb1rpw+c3y+Ulk6lednV098NLty+swLx07MH106unRy/6FDBw/MvfzS/hf7EmfWpiu7Pl3es/OtD755+/BXTfG3xNEnU90OPl2t9rm64drWkE7GhtgQ1qUUEdnlKtf6/0SUYu3iTcSbnw+1ccBAVavV6pbOh89VgXtYEs15XR5GRfFBn81/i611EPDq4IYfQ3fptfoEKIv7ar7Vj4xFmpcpt8xv+2kqIt4/9+932RaDeQ4BANDkp2z883y78V8aDzWUuy9fG5qMiPsjYntEPBAROyLiwYha2Ycj4pF11t+6SHLj+Ce92FNgtygb/72Sr201j/+K0V9MlvLctlr85eTIscrSvvw1mY7ypiw/16WOn9/44+tOxxrHf9mW1V+MBfN2XBzb1HzO4vzq/O3E3OjS+YhdY+3iT66vBCQRsTMidvVYx7Fnf9jT6djN4++iD+tM1e8jnqlf/3PREn8h6b4+Ofu/qCztmy3uihv99vuFdzrVf1vx90F2/f/f9v6/Hv9k0rheu7L+Oi789WXHOU2v9/948l4tPZ7v+2R+dfXUXMR4crje6Mb9+9fOLfJF+Sz+6b3t+//2WHsldkdEdhM/GhGPRcTjedufiIgnI2Jvl/h/ff2pD3uPf7Cy+BfXdf3XEuPRuqd9onT8lx+bKp28If5r3a//wVpqOt9zK+9/t9Ku3u5mAAAAuPukEbE1knTmejpNZ2bq35ffEZFWlldWnzuy/PHJxfpvBCYj0uJJ10TD89C5fFpfz5+PiPpXC4rjB/Lnxt+WNtfyMwvLlcVhBw8jbkuH/p/5uzTs1gED5/daMLr0fxhd+j+MLv0fRleb/r95GO0A7rx2n/+fDaEdwJ3X0v8t+8EIMf+H0aX/w+jS/2EkrWyOm/9Ivmui+Es9nn7PJqK8IZoxsESkG6IZGzZRvsv7xfDekwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPrpvwAAAP//9gndaw==") r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) getdents(r3, 0x0, 0x58) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r4, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02"], 0xfe44, 0x0) socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = open(0x0, 0x14927e, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) ftruncate(r5, 0x8012007ffb) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3000) sendmmsg$inet_sctp(r1, &(0x7f0000000bc0)=[{0x0, 0x0, &(0x7f00000001c0)=[{0x0}], 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES32=0x0], 0x30}], 0x1, 0x0) 1.032336153s ago: executing program 2 (id=10225): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a200000000065fdc41900000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d100012800c00018008000100647584000800034000000110140000001000010000000000000000000084000a"], 0x9c}}, 0x20050800) 1.029841923s ago: executing program 5 (id=10226): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) semctl$IPC_RMID(0x0, 0x0, 0x0) 1.007128624s ago: executing program 2 (id=10227): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r4 = dup(r3) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 993.207243ms ago: executing program 5 (id=10228): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="180000000000000000001800008000000000040094dc0f9cefea15b1f30320f37b715d8a6c3b78345f03e59a248300428b1fd3ae1cb4beb315e60d5e5d75e77297cf2deb0500000000000000b92fbdad6e38ae16c859511edf08e428d0fe5bc9440d755ad3af19df02bad5ee10fbbfcd09e968a3f8dcba933ca5de30b3de3c99b9d690778b5e08db3afbefdfd370e052a73a21f4c871b396f705e1392a7d7758365b9ac16ef45195c119639878ffbadabd1d8aa7e843d3ac5813e947fb6e61740fe1dbb200"/211, @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x372, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) sched_setscheduler(r0, 0x2, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket(0x2, 0x5, 0x0) sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{&(0x7f0000002e40)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000200)="f9", 0x1}], 0x1, 0x0, 0x0, 0x80020}], 0x1, 0x40c0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='mm_page_alloc\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f0000000200)={[{@max_batch_time={'max_batch_time', 0x3d, 0x358}}, {@resuid}, {@stripe={'stripe', 0x3d, 0x9}}]}, 0x3, 0x44b, &(0x7f00000004c0)="$eJzs282PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rClJYO9PdLLpxz77lzztN7T3vOPW0AI2sq+yeJ2BoRf0bERD3bXGCq/t/Vy2cXrl0+u5BEtfruP0mt3JXLZxeKosV5W/LMdBqRfpHE7jb1rpw+c3y+Ulk6lednV098NLty+swLx07MH106unRy/6FDBw/MvfzS/hf7EmfWpiu7Pl3es/OtD755+/BXTfG3xNEnU90OPl2t9rm64drWkE7GhtgQ1qUUEdnlKtf6/0SUYu3iTcSbnw+1ccBAVavV6pbOh89VgXtYEs15XR5GRfFBn81/i611EPDq4IYfQ3fptfoEKIv7ar7Vj4xFmpcpt8xv+2kqIt4/9+932RaDeQ4BANDkp2z883y78V8aDzWUuy9fG5qMiPsjYntEPBAROyLiwYha2Ycj4pF11t+6SHLj+Ce92FNgtygb/72Sr201j/+K0V9MlvLctlr85eTIscrSvvw1mY7ypiw/16WOn9/44+tOxxrHf9mW1V+MBfN2XBzb1HzO4vzq/O3E3OjS+YhdY+3iT66vBCQRsTMidvVYx7Fnf9jT6djN4++iD+tM1e8jnqlf/3PREn8h6b4+Ofu/qCztmy3uihv99vuFdzrVf1vx90F2/f/f9v6/Hv9k0rheu7L+Oi789WXHOU2v9/948l4tPZ7v+2R+dfXUXMR4crje6Mb9+9fOLfJF+Sz+6b3t+//2WHsldkdEdhM/GhGPRcTjedufiIgnI2Jvl/h/ff2pD3uPf7Cy+BfXdf3XEuPRuqd9onT8lx+bKp28If5r3a//wVpqOt9zK+9/t9Ku3u5mAAAAuPukEbE1knTmejpNZ2bq35ffEZFWlldWnzuy/PHJxfpvBCYj0uJJ10TD89C5fFpfz5+PiPpXC4rjB/Lnxt+WNtfyMwvLlcVhBw8jbkuH/p/5uzTs1gED5/daMLr0fxhd+j+MLv0fRleb/r95GO0A7rx2n/+fDaEdwJ3X0v8t+8EIMf+H0aX/w+jS/2EkrWyOm/9Ivmui+Es9nn7PJqK8IZoxsESkG6IZGzZRvsv7xfDekwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPrpvwAAAP//9gndaw==") r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) getdents(r3, 0x0, 0x58) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r4, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02"], 0xfe44, 0x0) socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = open(0x0, 0x14927e, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) ftruncate(r5, 0x8012007ffb) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3000) sendmmsg$inet_sctp(r1, &(0x7f0000000bc0)=[{0x0, 0x0, &(0x7f00000001c0)=[{0x0}], 0x1, &(0x7f0000000140)=ANY=[@ANYRES32=0x0], 0x30}], 0x1, 0x0) 987.010373ms ago: executing program 2 (id=10229): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lblc\x00', 0x8, 0x5, 0x77}, {@local, 0x4e21, 0x2, 0x400000cd, 0x12d5f, 0xd}}, 0x44) r4 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r4, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) setsockopt$IP_VS_SO_SET_FLUSH(r4, 0x0, 0x485, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r6 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x84, 0x0, &(0x7f0000000500)) syz_usb_connect$hid(0x4, 0x36, 0x0, 0x0) ioctl$SNAPSHOT_FREE(r5, 0x3305) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r7) 921.211165ms ago: executing program 5 (id=10230): r0 = io_uring_setup(0x46f2, &(0x7f0000000a40)={0x0, 0x4, 0x80, 0xfffffffe, 0x3bd}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000500)='kfree\x00', r1, 0x0, 0x2}, 0x18) socket$rxrpc(0x21, 0x2, 0x2) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000010"], 0x1e4}}, 0x0) write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc) socket$inet_sctp(0x2, 0x3, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRES64=r0], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) socket$nl_route(0x10, 0x3, 0x0) syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0) 269.161416ms ago: executing program 0 (id=10231): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='sys_enter\x00', r1}, 0x10) iopl(0x9) 233.231517ms ago: executing program 0 (id=10232): creat(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[]) 231.136336ms ago: executing program 0 (id=10233): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) request_key(&(0x7f00000003c0)='ceph\x00', &(0x7f0000000400)={'syz', 0x1}, &(0x7f00000004c0)='kfree\x00', 0xffffffffffffffff) 91.160198ms ago: executing program 3 (id=10234): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000446ae66d3ba0885e41ee3b10a01cfb2c14008a12c5a6983704edd7d8620981ce0ac8af39ce7b456bdee3a756bf2baf6349e44b9357fb13baee4007459cd4b25fbf9b794265d9d535c19187222f4db7ba340f239c4c8327a473bf194f6e051f850f987faceccd3b6f2e87886e2067e1755b3932b05332c2837f61b6f3c049a154a181fa619e5e669b5f32a681a6e098378f6a87cc0e37ab6d647faf6a60e15d9d7576a5a3d89793af68350d8b07c0d682399fb6", @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) faccessat2(0xffffffffffffffff, 0x0, 0x0, 0x1100) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff) r3 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000200)='kfree_skb\x00', r5}, 0x18) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree_skb\x00', r6}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r7, &(0x7f0000004440)={0x0, 0x0, 0x0}, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000e40)={0xd0, r3, 0x405, 0x70bd27, 0x25dfdbfc, {}, [{{0x8, 0x1, r4}, {0xb4, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8003}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7ff}}}]}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) r8 = socket$netlink(0x10, 0x3, 0x10) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r10}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r9}, &(0x7f0000000000), &(0x7f00000005c0)=r10}, 0x20) r11 = getpid() syz_pidfd_open(r11, 0x0) bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) 88.485569ms ago: executing program 0 (id=10244): r0 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0xe533, 0x80, 0x4, 0x1ab}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_SYMLINKAT={0x26, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x47f8, 0x0, 0x0, 0x0, 0x0) 2.11744ms ago: executing program 3 (id=10235): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa1000000000000070100b7030000000000008500000006000000181100"/84, @ANYRES32=r0, @ANYRES16=r0], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010328bd7000fedbdf251c0000000c00018008000100", @ANYRES32=r5], 0x20}}, 0x10) r9 = fsmount(r2, 0x1, 0x8) fchdir(r9) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r10 = socket(0x0, 0x3, 0x0) getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r11) mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x1f0, 0x0) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000080000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000100000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sys_enter\x00', r12}, 0x18) mq_unlink(&(0x7f0000000000)='eth0\x00') getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000340)={[{@resgid={'resgid', 0x3d, r13}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@norecovery}, {@user_xattr}]}, 0xfd, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") fchown(r9, r11, r13) renameat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00') 0s ago: executing program 0 (id=10236): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) (async) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) (async) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) bind$bt_hci(r5, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) (async) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x6, 0x4, 0x7, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000040000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) quotactl$Q_SYNC(0xffffffff80000102, 0x20, 0x0, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)=@generic={&(0x7f00000001c0)='./bus\x00', 0x0, 0x18}, 0x18) (async) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r8}, 0x10) readlinkat(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) bpf$TOKEN_CREATE(0x24, &(0x7f0000000280)={0x0, r2}, 0x8) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x33, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1c, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x20, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, r3, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) (async) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) (async, rerun: 64) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (rerun: 64) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r10}, 0x10) kernel console output (not intermixed with test programs): 0001 [ 407.681351][T30186] R13: 0000000000000000 R14: 00007f87877f5fa0 R15: 00007ffdc6ca8438 [ 407.681370][T30186] [ 407.895885][T30190] 9pnet_fd: Insufficient options for proto=fd [ 407.907397][T30190] 9pnet_fd: Insufficient options for proto=fd [ 408.113499][T30213] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.161223][T30216] netlink: 'syz.0.8872': attribute type 10 has an invalid length. [ 408.169146][T30216] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8872'. [ 408.178709][T30216] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.187213][T30216] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.195717][T30216] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.206031][T30216] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 408.224084][T30216] netlink: 'syz.0.8872': attribute type 4 has an invalid length. [ 408.516081][T30238] syzkaller0: entered promiscuous mode [ 408.521603][T30238] syzkaller0: entered allmulticast mode [ 408.659612][T30241] netlink: 96 bytes leftover after parsing attributes in process `syz.5.8883'. [ 408.723578][T30245] serio: Serial port ptm0 [ 408.761516][T30248] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.810034][T30254] netlink: 'syz.4.8886': attribute type 10 has an invalid length. [ 408.817943][T30254] netlink: 40 bytes leftover after parsing attributes in process `syz.4.8886'. [ 408.839804][T30256] bridge_slave_0: left allmulticast mode [ 408.845498][T30256] bridge_slave_0: left promiscuous mode [ 408.851222][T30256] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.860400][T30256] bridge_slave_1: left allmulticast mode [ 408.866210][T30256] bridge_slave_1: left promiscuous mode [ 408.871891][T30256] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.888090][T30256] bond0: (slave bond_slave_0): Releasing backup interface [ 408.900476][T30256] bond0: (slave bond_slave_1): Releasing backup interface [ 408.916928][T30256] team0: Port device team_slave_0 removed [ 408.926678][T30256] team0: Port device team_slave_1 removed [ 408.933446][T30256] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 408.940911][T30256] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 408.951934][T30256] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 408.959696][T30256] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 408.992776][T30248] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.006817][T30254] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.016028][T30254] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.027469][T30254] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 409.048877][T30259] team0: Mode changed to "loadbalance" [ 409.086928][T30268] geneve0: entered allmulticast mode [ 409.119173][T30274] netlink: 96 bytes leftover after parsing attributes in process `syz.5.8896'. [ 409.202281][T30284] loop3: detected capacity change from 0 to 512 [ 409.209798][T30284] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 409.227764][T30284] EXT4-fs (loop3): 1 truncate cleaned up [ 409.233857][T30284] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 409.260156][T29824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 409.326736][T30291] serio: Serial port ptm0 [ 409.382422][T30291] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8902'. [ 409.418915][T30293] team0: Unable to change to the same mode the team is in [ 409.457384][T30306] 9pnet_fd: Insufficient options for proto=fd [ 409.802490][T30331] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=30331 comm=syz.2.8920 [ 409.815227][T30331] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=30331 comm=syz.2.8920 [ 409.976781][T30340] 9pnet_fd: Insufficient options for proto=fd [ 410.388538][T30350] 9pnet_fd: Insufficient options for proto=fd [ 410.620099][ T29] kauditd_printk_skb: 975 callbacks suppressed [ 410.620113][ T29] audit: type=1326 audit(2000000265.040:56560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30372 comm="syz.3.8939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 410.663483][T30373] serio: Serial port ptm0 [ 410.671116][ T29] audit: type=1326 audit(2000000265.080:56561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30372 comm="syz.3.8939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 410.694838][ T29] audit: type=1326 audit(2000000265.080:56562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30372 comm="syz.3.8939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 410.718519][ T29] audit: type=1326 audit(2000000265.080:56563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30372 comm="syz.3.8939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 410.742139][ T29] audit: type=1326 audit(2000000265.080:56564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30372 comm="syz.3.8939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 410.766018][ T29] audit: type=1326 audit(2000000265.080:56565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30372 comm="syz.3.8939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 410.789656][ T29] audit: type=1326 audit(2000000265.080:56566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30372 comm="syz.3.8939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 410.813334][ T29] audit: type=1326 audit(2000000265.080:56567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30372 comm="syz.3.8939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 410.836867][ T29] audit: type=1326 audit(2000000265.080:56568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30372 comm="syz.3.8939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 410.860545][ T29] audit: type=1326 audit(2000000265.080:56569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30372 comm="syz.3.8939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 410.910187][T30382] loop3: detected capacity change from 0 to 512 [ 410.917043][T30382] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 410.928447][T30382] EXT4-fs (loop3): 1 truncate cleaned up [ 410.935786][T30382] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 410.938060][T30388] 9pnet_fd: Insufficient options for proto=fd [ 410.956597][T30388] 9pnet_fd: Insufficient options for proto=fd [ 410.976487][T29824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 411.135014][T30406] 9pnet_fd: Insufficient options for proto=fd [ 411.142061][T30406] 9pnet_fd: Insufficient options for proto=fd [ 411.254492][T30416] loop3: detected capacity change from 0 to 512 [ 411.261290][T30416] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 411.272362][T30416] EXT4-fs (loop3): 1 truncate cleaned up [ 411.278530][T30416] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 411.303659][T29824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 411.320968][T30420] 9pnet_fd: Insufficient options for proto=fd [ 411.327784][T30420] 9pnet_fd: Insufficient options for proto=fd [ 411.355189][T30424] team0: Unable to change to the same mode the team is in [ 411.389700][T30430] serio: Serial port ptm0 [ 412.138334][T30465] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.183571][T30465] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.196841][T30468] netlink: 'syz.5.8978': attribute type 10 has an invalid length. [ 412.204717][T30468] __nla_validate_parse: 3 callbacks suppressed [ 412.204730][T30468] netlink: 40 bytes leftover after parsing attributes in process `syz.5.8978'. [ 412.221259][T30468] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.230196][T30468] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.245255][T30468] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.254083][T30468] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.269066][T30468] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 412.278499][T30468] team0: Failed to send options change via netlink (err -105) [ 412.286076][T30468] team0: Port device geneve1 added [ 412.298337][T30465] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.333311][T30475] netlink: 96 bytes leftover after parsing attributes in process `syz.2.8982'. [ 412.372199][T30465] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.483593][T30465] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.497218][T30465] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.510539][T30465] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.528017][T30465] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.643945][T30504] netlink: 96 bytes leftover after parsing attributes in process `syz.3.8996'. [ 412.759708][T30510] netlink: 96 bytes leftover after parsing attributes in process `syz.5.8999'. [ 413.287652][T30527] netlink: 'syz.4.9004': attribute type 10 has an invalid length. [ 413.295661][T30527] netlink: 40 bytes leftover after parsing attributes in process `syz.4.9004'. [ 413.307724][T30527] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 413.330568][T30529] 9pnet_fd: Insufficient options for proto=fd [ 413.352832][T30525] netdevsim netdevsim5 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.361322][T30525] netdevsim netdevsim5 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.369728][T30525] netdevsim netdevsim5 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.378116][T30525] netdevsim netdevsim5 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.393501][T30525] team0 (unregistering): Port device geneve1 removed [ 413.485038][T30535] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9008'. [ 413.552550][T30535] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 413.713726][T30547] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9013'. [ 413.912350][T30553] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9015'. [ 414.128968][T30560] 9pnet_fd: Insufficient options for proto=fd [ 414.334862][T30579] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9023'. [ 414.421673][T30582] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9025'. [ 414.433113][T30572] team0: Unable to change to the same mode the team is in [ 414.473309][T30592] netlink: 'syz.4.9027': attribute type 10 has an invalid length. [ 414.481254][T30592] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 414.538620][T30591] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 414.562196][T30596] 9pnet_fd: Insufficient options for proto=fd [ 414.613800][T30601] loop3: detected capacity change from 0 to 512 [ 414.661483][T30601] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 414.678908][T30601] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 414.719714][T30601] syzkaller0: entered promiscuous mode [ 414.725347][T30601] syzkaller0: entered allmulticast mode [ 414.815414][T29824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 415.094272][ T3492] IPVS: starting estimator thread 0... [ 415.125281][T30631] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 415.184276][T30634] IPVS: using max 2592 ests per chain, 129600 per kthread [ 415.203222][T30637] 9pnet: Could not find request transport: fd0x0000000000000004 [ 415.639388][T30662] bridge0: port 1(batadv1) entered blocking state [ 415.646111][T30662] bridge0: port 1(batadv1) entered disabled state [ 415.652721][T30662] batadv1: entered allmulticast mode [ 415.658644][T30662] batadv1: entered promiscuous mode [ 415.667767][T30663] bridge0: port 2(batadv2) entered blocking state [ 415.674342][T30663] bridge0: port 2(batadv2) entered disabled state [ 415.680995][T30663] batadv2: entered allmulticast mode [ 415.688648][ T29] kauditd_printk_skb: 469 callbacks suppressed [ 415.688720][ T29] audit: type=1326 audit(2000000270.110:57039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30661 comm="syz.2.9055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 415.693658][T30663] batadv2: entered promiscuous mode [ 415.704315][ T29] audit: type=1326 audit(2000000270.110:57040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30661 comm="syz.2.9055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 415.747392][ T29] audit: type=1326 audit(2000000270.110:57041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30661 comm="syz.2.9055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 415.771104][ T29] audit: type=1326 audit(2000000270.110:57042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30661 comm="syz.2.9055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 415.780154][T30665] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 415.794710][ T29] audit: type=1326 audit(2000000270.110:57043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30661 comm="syz.2.9055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 415.827929][ T29] audit: type=1326 audit(2000000270.110:57044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30661 comm="syz.2.9055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 415.851529][ T29] audit: type=1326 audit(2000000270.110:57045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30661 comm="syz.2.9055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 415.875260][ T29] audit: type=1326 audit(2000000270.110:57046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30661 comm="syz.2.9055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 415.898972][ T29] audit: type=1326 audit(2000000270.110:57047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30661 comm="syz.2.9055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 415.922580][ T29] audit: type=1326 audit(2000000270.110:57048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30661 comm="syz.2.9055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 416.148165][ T58] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 416.157458][ T58] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 416.169781][T30682] team0: Unable to change to the same mode the team is in [ 416.181881][ T58] batman_adv: batadv2: No IGMP Querier present - multicast optimizations disabled [ 416.191189][ T58] batman_adv: batadv2: No MLD Querier present - multicast optimizations disabled [ 416.225485][T30685] loop3: detected capacity change from 0 to 512 [ 416.233268][T30685] EXT4-fs (loop3): failed to initialize system zone (-117) [ 416.240677][T30685] EXT4-fs (loop3): mount failed [ 417.053776][T30718] bridge_slave_0: left allmulticast mode [ 417.059523][T30718] bridge_slave_0: left promiscuous mode [ 417.065273][T30718] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.084981][T30718] bridge_slave_1: left allmulticast mode [ 417.090680][T30718] bridge_slave_1: left promiscuous mode [ 417.096558][T30718] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.115210][T30718] bond0: (slave bond_slave_0): Releasing backup interface [ 417.129934][T30718] bond0: (slave bond_slave_1): Releasing backup interface [ 417.151527][T30718] team0: Port device team_slave_0 removed [ 417.163555][T30723] FAULT_INJECTION: forcing a failure. [ 417.163555][T30723] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 417.176711][T30723] CPU: 0 UID: 0 PID: 30723 Comm: syz.3.9081 Not tainted 6.14.0-syzkaller-12886-ga1b5bd45d4ee #0 PREEMPT(voluntary) [ 417.176752][T30723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 417.176767][T30723] Call Trace: [ 417.176775][T30723] [ 417.176783][T30723] dump_stack_lvl+0xf6/0x150 [ 417.176812][T30723] dump_stack+0x15/0x1a [ 417.176833][T30723] should_fail_ex+0x261/0x270 [ 417.176905][T30723] should_fail+0xb/0x10 [ 417.176934][T30723] should_fail_usercopy+0x1a/0x20 [ 417.176969][T30723] _copy_from_user+0x1c/0xa0 [ 417.177029][T30723] copy_msghdr_from_user+0x54/0x2b0 [ 417.177072][T30723] ? __fget_files+0x186/0x1c0 [ 417.177100][T30723] __sys_sendmsg+0x141/0x240 [ 417.177153][T30723] __x64_sys_sendmsg+0x46/0x50 [ 417.177187][T30723] x64_sys_call+0x26f3/0x2e10 [ 417.177211][T30723] do_syscall_64+0xc9/0x1c0 [ 417.177306][T30723] ? clear_bhb_loop+0x25/0x80 [ 417.177393][T30723] ? clear_bhb_loop+0x25/0x80 [ 417.177419][T30723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.177446][T30723] RIP: 0033:0x7f87875dd169 [ 417.177464][T30723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 417.177486][T30723] RSP: 002b:00007f8785c3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 417.177509][T30723] RAX: ffffffffffffffda RBX: 00007f87877f5fa0 RCX: 00007f87875dd169 [ 417.177525][T30723] RDX: 0000000000000000 RSI: 0000200000007040 RDI: 0000000000000003 [ 417.177615][T30723] RBP: 00007f8785c3f090 R08: 0000000000000000 R09: 0000000000000000 [ 417.177688][T30723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 417.177702][T30723] R13: 0000000000000000 R14: 00007f87877f5fa0 R15: 00007ffdc6ca8438 [ 417.177727][T30723] [ 417.180053][T30718] team0: Port device team_slave_1 removed [ 417.363377][T30718] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 417.370946][T30718] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 417.381341][T30718] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 417.388929][T30718] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 417.414449][T30718] team0: Port device geneve1 removed [ 417.417961][T30739] 9pnet: Could not find request transport: fd0x0000000000000004 [ 417.436640][T30719] team0: Mode changed to "loadbalance" [ 417.487719][T30746] 9pnet_fd: Insufficient options for proto=fd [ 417.501314][T30748] 9pnet_fd: Insufficient options for proto=fd [ 417.520579][T30744] serio: Serial port ptm0 [ 417.577789][T30744] __nla_validate_parse: 8 callbacks suppressed [ 417.577805][T30744] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9090'. [ 417.781622][T30765] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9100'. [ 417.784690][T30775] 9pnet_fd: Insufficient options for proto=fd [ 417.797588][T30765] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 418.385796][T30803] 9pnet_fd: Insufficient options for proto=fd [ 418.407618][T30803] 9pnet: Could not find request transport: fd0x0000000000000004 [ 418.461625][T30812] netlink: 96 bytes leftover after parsing attributes in process `syz.2.9117'. [ 418.760383][T30847] netlink: 'syz.3.9134': attribute type 4 has an invalid length. [ 418.822096][T30853] netlink: 'syz.0.9132': attribute type 10 has an invalid length. [ 418.830715][T30853] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9132'. [ 418.851917][T30853] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.860368][T30853] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.876799][T30853] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 418.934721][T30853] team0: Failed to send options change via netlink (err -105) [ 418.942423][T30853] team0: Port device geneve1 added [ 418.975884][T30845] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 419.046362][T30845] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 419.174052][T30869] 9pnet_fd: Insufficient options for proto=fd [ 419.233962][T30845] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.324293][T30845] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.428254][T30845] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.492813][T30845] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.542835][T30879] netlink: 96 bytes leftover after parsing attributes in process `syz.4.9146'. [ 419.622208][T30891] 9pnet: Could not find request transport: fd0x0000000000000004 [ 419.904106][T30923] loop3: detected capacity change from 0 to 512 [ 419.977787][T30923] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 420.003485][T30939] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9169'. [ 420.019114][T30941] netlink: 'syz.5.9170': attribute type 29 has an invalid length. [ 420.019595][T30923] ext4 filesystem being mounted at /82/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 420.039487][T30941] netlink: 'syz.5.9170': attribute type 29 has an invalid length. [ 420.050097][T30941] netlink: 'syz.5.9170': attribute type 29 has an invalid length. [ 420.072615][T30923] syzkaller0: entered promiscuous mode [ 420.078205][T30923] syzkaller0: entered allmulticast mode [ 420.166973][T29824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 420.190388][T30943] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9171'. [ 420.203867][T30943] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 420.833371][T30987] loop3: detected capacity change from 0 to 512 [ 420.843195][ T29] kauditd_printk_skb: 724 callbacks suppressed [ 420.843211][ T29] audit: type=1326 audit(2000000275.260:57773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30988 comm="syz.2.9191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 420.875002][T30987] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 420.893451][ T29] audit: type=1326 audit(2000000275.260:57774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30988 comm="syz.2.9191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f33782abad0 code=0x7ffc0000 [ 420.917242][ T29] audit: type=1326 audit(2000000275.260:57775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30988 comm="syz.2.9191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 420.926157][T30983] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9187'. [ 420.940910][ T29] audit: type=1326 audit(2000000275.260:57776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30988 comm="syz.2.9191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 420.940947][ T29] audit: type=1326 audit(2000000275.260:57777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30988 comm="syz.2.9191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 420.954664][T30983] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 420.973288][ T29] audit: type=1326 audit(2000000275.260:57778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30988 comm="syz.2.9191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 420.973324][ T29] audit: type=1326 audit(2000000275.260:57779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30988 comm="syz.2.9191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 420.973352][ T29] audit: type=1326 audit(2000000275.270:57780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30988 comm="syz.2.9191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 421.077119][ T29] audit: type=1326 audit(2000000275.270:57781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30988 comm="syz.2.9191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 421.100779][ T29] audit: type=1326 audit(2000000275.270:57782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30988 comm="syz.2.9191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 421.211550][T30993] 9pnet: Could not find request transport: fd0x0000000000000004 [ 421.233229][T30998] loop3: detected capacity change from 0 to 512 [ 421.269836][T30998] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 421.329990][T30998] EXT4-fs (loop3): 1 truncate cleaned up [ 421.340082][T30998] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 421.389345][T31007] 9pnet: Could not find request transport: fd0x0000000000000004 [ 421.518088][T29824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 421.579283][T31032] 9pnet: Could not find request transport: fd0x0000000000000004 [ 421.841938][T31010] chnl_net:caif_netlink_parms(): no params data found [ 421.853720][T31043] 9pnet_fd: Insufficient options for proto=fd [ 421.995214][T31010] bridge0: port 1(bridge_slave_0) entered blocking state [ 422.002425][T31010] bridge0: port 1(bridge_slave_0) entered disabled state [ 422.019354][T31010] bridge_slave_0: entered allmulticast mode [ 422.029922][T31010] bridge_slave_0: entered promiscuous mode [ 422.046849][T31010] bridge0: port 2(bridge_slave_1) entered blocking state [ 422.054020][T31010] bridge0: port 2(bridge_slave_1) entered disabled state [ 422.061426][T31010] bridge_slave_1: entered allmulticast mode [ 422.070344][T31010] bridge_slave_1: entered promiscuous mode [ 422.090144][T31010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 422.099706][T31053] loop3: detected capacity change from 0 to 4096 [ 422.118154][T31053] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 422.144796][T31010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 422.178204][T29824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 422.191423][T31062] ipt_ECN: cannot use operation on non-tcp rule [ 422.232122][T31010] team0: Port device team_slave_0 added [ 422.243785][T31010] team0: Port device team_slave_1 added [ 422.258960][T31066] loop3: detected capacity change from 0 to 512 [ 422.266910][T31066] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 422.313734][T31066] EXT4-fs (loop3): 1 truncate cleaned up [ 422.320306][T31066] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 422.348225][T31010] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 422.355296][T31010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.381478][T31010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 422.399628][T31010] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 422.406658][T31010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.432659][T31010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 422.451025][T31071] 9pnet_fd: Insufficient options for proto=fd [ 422.460188][T29824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 422.470047][T31071] 9pnet_fd: Insufficient options for proto=fd [ 422.529004][T31010] hsr_slave_0: entered promiscuous mode [ 422.538211][T31010] hsr_slave_1: entered promiscuous mode [ 422.550314][T31010] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 422.561742][T31010] Cannot create hsr debugfs directory [ 422.836164][T31097] 9pnet_fd: Insufficient options for proto=fd [ 422.871781][T31099] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.918164][T31100] netlink: 'syz.0.9225': attribute type 10 has an invalid length. [ 422.926075][T31100] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9225'. [ 422.959514][T31100] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.968041][T31100] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.976446][T31100] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.992982][T31100] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 423.689646][T31114] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9229'. [ 423.700847][T31114] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 423.819331][T31126] 9pnet_fd: Insufficient options for proto=fd [ 423.946520][T31010] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 424.037929][T31010] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 424.150849][T31010] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 424.161885][T31010] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 424.245211][T31010] 8021q: adding VLAN 0 to HW filter on device bond0 [ 424.264146][T31010] 8021q: adding VLAN 0 to HW filter on device team0 [ 424.287732][ T3600] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.294918][ T3600] bridge0: port 1(bridge_slave_0) entered forwarding state [ 424.309050][T31145] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9241'. [ 424.321985][T31145] vlan2: entered promiscuous mode [ 424.327123][T31145] bond0: entered promiscuous mode [ 424.341136][ T3600] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.346593][T31149] loop3: detected capacity change from 0 to 512 [ 424.348238][ T3600] bridge0: port 2(bridge_slave_1) entered forwarding state [ 424.379308][T31149] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 424.383617][T31010] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 424.402297][T31010] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 424.407439][T31149] ext4 filesystem being mounted at /103/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 424.429172][T31149] syzkaller0: entered promiscuous mode [ 424.434803][T31149] syzkaller0: entered allmulticast mode [ 424.514347][T29824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 424.520588][T31010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 424.800570][T31010] veth0_vlan: entered promiscuous mode [ 424.809386][T31010] veth1_vlan: entered promiscuous mode [ 424.993669][T31010] veth0_macvtap: entered promiscuous mode [ 425.003358][T31010] veth1_macvtap: entered promiscuous mode [ 425.017847][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.028412][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.038276][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.048725][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.058592][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.069197][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.079038][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.089556][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.099440][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.109916][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.119753][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.130234][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.140051][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.150588][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.160540][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.170990][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.180838][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.191268][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.201136][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.211645][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.230934][T31010] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 425.250383][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.260960][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.270853][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.281400][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.291289][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.301809][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.311717][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.322240][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.332168][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.342632][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.352562][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.363150][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.372993][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.383503][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.393542][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.404011][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.413872][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.424352][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.434280][T31010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.444778][T31010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.459396][T31010] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 425.471751][T31010] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.480604][T31010] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.489400][T31010] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.498157][T31010] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.176031][T31219] loop3: detected capacity change from 0 to 512 [ 426.209254][T31219] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 426.228222][T31219] ext4 filesystem being mounted at /108/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 426.254113][T31219] syzkaller0: entered promiscuous mode [ 426.259653][T31219] syzkaller0: entered allmulticast mode [ 426.626170][T29824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 426.721734][ T29] kauditd_printk_skb: 169 callbacks suppressed [ 426.721751][ T29] audit: type=1326 audit(2000000281.140:57952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31237 comm="syz.4.9269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 426.723286][T31239] netlink: 96 bytes leftover after parsing attributes in process `syz.3.9267'. [ 426.728126][ T29] audit: type=1326 audit(2000000281.140:57953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31237 comm="syz.4.9269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 426.784380][ T29] audit: type=1326 audit(2000000281.140:57954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31237 comm="syz.4.9269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 426.808170][ T29] audit: type=1326 audit(2000000281.140:57955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31237 comm="syz.4.9269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 426.831899][ T29] audit: type=1326 audit(2000000281.140:57956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31237 comm="syz.4.9269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 426.855555][ T29] audit: type=1326 audit(2000000281.140:57957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31237 comm="syz.4.9269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 426.880330][ T29] audit: type=1326 audit(2000000281.170:57958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31237 comm="syz.4.9269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 426.903999][ T29] audit: type=1326 audit(2000000281.170:57959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31237 comm="syz.4.9269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 426.927658][ T29] audit: type=1326 audit(2000000281.170:57960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31237 comm="syz.4.9269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 426.951259][ T29] audit: type=1326 audit(2000000281.170:57961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31237 comm="syz.4.9269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 426.979112][T31240] serio: Serial port ptm0 [ 427.173443][T31263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9279'. [ 427.194464][T31266] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9280'. [ 427.275533][T31259] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9277'. [ 427.281786][T31273] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9283'. [ 427.284886][T31259] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 427.326451][T31278] netlink: 96 bytes leftover after parsing attributes in process `syz.3.9285'. [ 427.421229][T31280] infiniband syz!: set down [ 427.425849][T31280] infiniband syz!: added team_slave_0 [ 427.436644][T31283] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 427.447168][T31280] RDS/IB: syz!: added [ 427.451311][T31280] smc: adding ib device syz! with port count 1 [ 427.457787][T31280] smc: ib device syz! port 1 has pnetid [ 427.499601][T31290] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9288'. [ 427.527689][T31290] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 427.539163][T31290] bridge0: entered promiscuous mode [ 427.545085][T31290] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 427.553099][T31290] Cannot create hsr debugfs directory [ 427.619701][T31297] FAULT_INJECTION: forcing a failure. [ 427.619701][T31297] name failslab, interval 1, probability 0, space 0, times 0 [ 427.632448][T31297] CPU: 0 UID: 0 PID: 31297 Comm: +}[@ Not tainted 6.14.0-syzkaller-12886-ga1b5bd45d4ee #0 PREEMPT(voluntary) [ 427.632475][T31297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 427.632518][T31297] Call Trace: [ 427.632525][T31297] [ 427.632533][T31297] dump_stack_lvl+0xf6/0x150 [ 427.632559][T31297] dump_stack+0x15/0x1a [ 427.632576][T31297] should_fail_ex+0x261/0x270 [ 427.632666][T31297] should_failslab+0x8f/0xb0 [ 427.632704][T31297] __kvmalloc_node_noprof+0x12c/0x520 [ 427.632754][T31297] ? xt_alloc_table_info+0x3d/0x80 [ 427.632773][T31297] ? should_fail_ex+0xd7/0x270 [ 427.632803][T31297] xt_alloc_table_info+0x3d/0x80 [ 427.632827][T31297] do_ip6t_set_ctl+0x667/0x8c0 [ 427.632948][T31297] ? kstrtouint+0x7b/0xc0 [ 427.632982][T31297] nf_setsockopt+0x195/0x1b0 [ 427.633013][T31297] ipv6_setsockopt+0x10f/0x130 [ 427.633045][T31297] tcp_setsockopt+0x93/0xb0 [ 427.633065][T31297] sock_common_setsockopt+0x64/0x80 [ 427.633083][T31297] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 427.633110][T31297] __sys_setsockopt+0x187/0x200 [ 427.633221][T31297] __x64_sys_setsockopt+0x66/0x80 [ 427.633297][T31297] x64_sys_call+0x2a09/0x2e10 [ 427.633324][T31297] do_syscall_64+0xc9/0x1c0 [ 427.633358][T31297] ? clear_bhb_loop+0x25/0x80 [ 427.633384][T31297] ? clear_bhb_loop+0x25/0x80 [ 427.633410][T31297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.633460][T31297] RIP: 0033:0x7ff7f481d169 [ 427.633533][T31297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 427.633554][T31297] RSP: 002b:00007ff7f2e7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 427.633576][T31297] RAX: ffffffffffffffda RBX: 00007ff7f4a35fa0 RCX: 00007ff7f481d169 [ 427.633628][T31297] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000005 [ 427.633639][T31297] RBP: 00007ff7f2e7f090 R08: 0000000000000565 R09: 0000000000000000 [ 427.633650][T31297] R10: 0000200000000c80 R11: 0000000000000246 R12: 0000000000000001 [ 427.633663][T31297] R13: 0000000000000000 R14: 00007ff7f4a35fa0 R15: 00007ffd6d8f73b8 [ 427.633685][T31297] [ 427.986927][T31312] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 428.000719][T31315] loop3: detected capacity change from 0 to 512 [ 428.016386][T31315] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 428.033817][T31315] ext4 filesystem being mounted at /121/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 428.055728][T31315] syzkaller0: entered promiscuous mode [ 428.061222][T31315] syzkaller0: entered allmulticast mode [ 428.085445][ T4144] IPVS: starting estimator thread 0... [ 428.134722][T29824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 428.174369][T31321] IPVS: using max 2400 ests per chain, 120000 per kthread [ 428.991164][T31336] loop3: detected capacity change from 0 to 8192 [ 429.054722][T31336] loop3: p1 p3 p4 [ 429.059616][T31336] loop3: p3 size 4294967040 extends beyond EOD, truncated [ 429.070436][T31336] loop3: p4 start 261888 is beyond EOD, truncated [ 429.148250][T31348] bridge_slave_0: left allmulticast mode [ 429.153931][T31348] bridge_slave_0: left promiscuous mode [ 429.159584][T31348] bridge0: port 1(bridge_slave_0) entered disabled state [ 429.168604][T31348] bridge_slave_1: left allmulticast mode [ 429.174390][T31348] bridge_slave_1: left promiscuous mode [ 429.180111][T31348] bridge0: port 2(bridge_slave_1) entered disabled state [ 429.189666][T31348] bond0: (slave bond_slave_0): Releasing backup interface [ 429.200760][T31348] bond0: (slave bond_slave_1): Releasing backup interface [ 429.214062][T31348] team0: Port device team_slave_0 removed [ 429.224306][T31348] team0: Port device team_slave_1 removed [ 429.231460][T31348] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 429.239043][T31348] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 429.253749][T31348] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 429.261510][T31348] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 429.361352][T31349] team0: Mode changed to "loadbalance" [ 429.420756][T31353] __nla_validate_parse: 2 callbacks suppressed [ 429.420774][T31353] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9313'. [ 429.500431][T31363] loop3: detected capacity change from 0 to 512 [ 429.532323][T31363] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 429.654650][T31377] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.699158][T31380] netlink: 'syz.2.9322': attribute type 10 has an invalid length. [ 429.707457][T31380] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9322'. [ 429.733238][T31377] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.755530][T31380] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.764506][T31380] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.787219][T31380] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.796063][T31380] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.811814][T31380] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 429.821853][T31380] team0: Failed to send options change via netlink (err -105) [ 429.829831][T31380] team0: Port device geneve1 added [ 429.891727][T31377] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.940581][T31377] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.048047][T31377] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.060988][T31377] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.073446][T31377] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.094370][T31377] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.912276][T31411] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9334'. [ 430.922662][T31411] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 430.948340][T31416] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 431.016818][T31423] loop3: detected capacity change from 0 to 1024 [ 431.024458][T31421] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9338'. [ 431.034380][T31423] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 431.103064][T31423] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 431.134634][T31423] FAULT_INJECTION: forcing a failure. [ 431.134634][T31423] name failslab, interval 1, probability 0, space 0, times 0 [ 431.147472][T31423] CPU: 1 UID: 0 PID: 31423 Comm: syz.3.9339 Not tainted 6.14.0-syzkaller-12886-ga1b5bd45d4ee #0 PREEMPT(voluntary) [ 431.147505][T31423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 431.147520][T31423] Call Trace: [ 431.147527][T31423] [ 431.147535][T31423] dump_stack_lvl+0xf6/0x150 [ 431.147564][T31423] dump_stack+0x15/0x1a [ 431.147591][T31423] should_fail_ex+0x261/0x270 [ 431.147692][T31423] should_failslab+0x8f/0xb0 [ 431.147728][T31423] __kmalloc_cache_noprof+0x55/0x320 [ 431.147756][T31423] ? ext4_expand_extra_isize_ea+0x7d2/0x11b0 [ 431.147806][T31423] ext4_expand_extra_isize_ea+0x7d2/0x11b0 [ 431.147910][T31423] __ext4_expand_extra_isize+0x256/0x290 [ 431.147946][T31423] __ext4_mark_inode_dirty+0x2cd/0x440 [ 431.147988][T31423] ext4_dirty_inode+0x91/0xb0 [ 431.148011][T31423] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 431.148114][T31423] __mark_inode_dirty+0x166/0x7e0 [ 431.148139][T31423] file_modified_flags+0x2ec/0x320 [ 431.148185][T31423] file_modified+0x17/0x20 [ 431.148285][T31423] ext4_buffered_write_iter+0x1cf/0x3c0 [ 431.148316][T31423] ext4_file_write_iter+0x3b2/0xf80 [ 431.148339][T31423] ? 0xffffffff81000000 [ 431.148351][T31423] ? __rcu_read_unlock+0x4e/0x70 [ 431.148383][T31423] ? avc_policy_seqno+0x15/0x20 [ 431.148471][T31423] ? selinux_file_permission+0x22d/0x360 [ 431.148500][T31423] vfs_write+0x79b/0x950 [ 431.148533][T31423] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 431.148601][T31423] __x64_sys_pwrite64+0xfb/0x150 [ 431.148681][T31423] x64_sys_call+0xab9/0x2e10 [ 431.148707][T31423] do_syscall_64+0xc9/0x1c0 [ 431.148739][T31423] ? clear_bhb_loop+0x25/0x80 [ 431.148760][T31423] ? clear_bhb_loop+0x25/0x80 [ 431.148798][T31423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.148823][T31423] RIP: 0033:0x7f87875dd169 [ 431.148840][T31423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.148862][T31423] RSP: 002b:00007f8785c3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 431.148885][T31423] RAX: ffffffffffffffda RBX: 00007f87877f5fa0 RCX: 00007f87875dd169 [ 431.148900][T31423] RDX: 0000000000000001 RSI: 00002000000005c0 RDI: 0000000000000007 [ 431.148915][T31423] RBP: 00007f8785c3f090 R08: 0000000000000000 R09: 0000000000000000 [ 431.149000][T31423] R10: 000000000004fed0 R11: 0000000000000246 R12: 0000000000000001 [ 431.149012][T31423] R13: 0000000000000000 R14: 00007f87877f5fa0 R15: 00007ffdc6ca8438 [ 431.149032][T31423] [ 431.450586][T29824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 431.482404][T31444] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 431.637354][T31469] netlink: 104 bytes leftover after parsing attributes in process `syz.3.9356'. [ 431.646467][T31469] tc_dump_action: action bad kind [ 431.798541][T31482] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 431.842668][ T29] kauditd_printk_skb: 229 callbacks suppressed [ 431.842685][ T29] audit: type=1326 audit(2000000286.260:58191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31486 comm="syz.2.9363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 431.872614][ T29] audit: type=1326 audit(2000000286.260:58192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31486 comm="syz.2.9363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 431.903793][ T29] audit: type=1326 audit(2000000286.320:58193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31486 comm="syz.2.9363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 431.927443][ T29] audit: type=1326 audit(2000000286.320:58194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31486 comm="syz.2.9363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 431.951161][ T29] audit: type=1326 audit(2000000286.320:58195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31486 comm="syz.2.9363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 431.974761][ T29] audit: type=1326 audit(2000000286.320:58196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31486 comm="syz.2.9363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 431.998543][ T29] audit: type=1326 audit(2000000286.320:58197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31486 comm="syz.2.9363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 432.022149][ T29] audit: type=1326 audit(2000000286.320:58198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31486 comm="syz.2.9363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 432.046068][ T29] audit: type=1326 audit(2000000286.320:58199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31486 comm="syz.2.9363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 432.069694][ T29] audit: type=1326 audit(2000000286.320:58200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31486 comm="syz.2.9363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33782ad169 code=0x7ffc0000 [ 432.087301][T31491] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9364'. [ 432.316356][T31516] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9375'. [ 432.530114][T31543] serio: Serial port ptm0 [ 432.630359][T31559] syzkaller0: entered promiscuous mode [ 432.636025][T31559] syzkaller0: entered allmulticast mode [ 432.659208][T31563] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9396'. [ 432.803105][T31578] loop3: detected capacity change from 0 to 512 [ 432.810276][T31578] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 432.827713][T31580] netlink: 'syz.2.9402': attribute type 13 has an invalid length. [ 432.845024][T31578] EXT4-fs (loop3): 1 truncate cleaned up [ 432.857633][T31578] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 432.924120][T29824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 432.974995][T31595] loop3: detected capacity change from 0 to 512 [ 432.981878][T31595] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 433.002074][T31595] EXT4-fs (loop3): 1 truncate cleaned up [ 433.010441][T31595] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 433.034015][T31580] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.042585][T31580] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.051072][T31580] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.059882][T31580] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.089928][T31596] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9409'. [ 433.099116][T31596] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 433.099744][T29824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 433.151837][T31601] loop3: detected capacity change from 0 to 512 [ 433.178746][T31603] FAULT_INJECTION: forcing a failure. [ 433.178746][T31603] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 433.179864][T31601] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 433.191837][T31603] CPU: 0 UID: 0 PID: 31603 Comm: syz.4.9413 Not tainted 6.14.0-syzkaller-12886-ga1b5bd45d4ee #0 PREEMPT(voluntary) [ 433.191870][T31603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 433.191885][T31603] Call Trace: [ 433.191893][T31603] [ 433.191902][T31603] dump_stack_lvl+0xf6/0x150 [ 433.191933][T31603] dump_stack+0x15/0x1a [ 433.191992][T31603] should_fail_ex+0x261/0x270 [ 433.192027][T31603] should_fail+0xb/0x10 [ 433.192056][T31603] should_fail_usercopy+0x1a/0x20 [ 433.192116][T31603] _copy_to_user+0x20/0xa0 [ 433.192157][T31603] sk_getsockopt+0x100e/0x1730 [ 433.192187][T31603] ? avc_has_perm+0xd6/0x150 [ 433.192223][T31603] ? selinux_socket_getsockopt+0x18a/0x1c0 [ 433.192289][T31603] ? should_fail_ex+0xd7/0x270 [ 433.192323][T31603] do_sock_getsockopt+0x159/0x290 [ 433.192434][T31603] __x64_sys_getsockopt+0x191/0x210 [ 433.192489][T31603] x64_sys_call+0x128f/0x2e10 [ 433.192517][T31603] do_syscall_64+0xc9/0x1c0 [ 433.192553][T31603] ? clear_bhb_loop+0x25/0x80 [ 433.192587][T31603] ? clear_bhb_loop+0x25/0x80 [ 433.192615][T31603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.192643][T31603] RIP: 0033:0x7ff7f481d169 [ 433.192661][T31603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 433.192684][T31603] RSP: 002b:00007ff7f2e7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 433.192768][T31603] RAX: ffffffffffffffda RBX: 00007ff7f4a35fa0 RCX: 00007ff7f481d169 [ 433.192804][T31603] RDX: 0000000000000023 RSI: 0000000000000001 RDI: 0000000000000003 [ 433.192893][T31603] RBP: 00007ff7f2e7f090 R08: 00002000000001c0 R09: 0000000000000000 [ 433.192924][T31603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 433.192939][T31603] R13: 0000000000000000 R14: 00007ff7f4a35fa0 R15: 00007ffd6d8f73b8 [ 433.192972][T31603] [ 433.312897][T31611] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9416'. [ 433.340009][T31601] ext4 filesystem being mounted at /153/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 433.429739][T31601] syzkaller0: entered promiscuous mode [ 433.435396][T31601] syzkaller0: entered allmulticast mode [ 433.540413][T29824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 433.769126][T31631] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 433.922674][T31656] serio: Serial port ptm0 [ 433.994153][T31663] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.030510][T31670] netlink: 'syz.3.9438': attribute type 10 has an invalid length. [ 434.043709][T31670] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.052826][T31670] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.061915][T31670] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.098887][T31670] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.107852][T31670] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.116576][T31670] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.158319][T31670] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 434.172009][T31670] team0: Failed to send options change via netlink (err -105) [ 434.179622][T31670] team0: Port device geneve1 added [ 434.226174][T31663] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.292481][T31663] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.338023][T31663] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.400909][T31688] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 434.413316][T31663] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.426552][T31663] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.446546][T31663] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.469058][T31663] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 434.644042][T31701] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.652663][T31701] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.661247][T31701] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.669744][T31701] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.690540][T31701] team0: Port device geneve1 removed [ 434.704081][T31710] team0: Unable to change to the same mode the team is in [ 434.922905][T31735] netlink: 'syz.5.9462': attribute type 10 has an invalid length. [ 434.930857][T31735] __nla_validate_parse: 8 callbacks suppressed [ 434.930897][T31735] netlink: 40 bytes leftover after parsing attributes in process `syz.5.9462'. [ 435.176855][T31735] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 435.684761][T31752] netlink: 'syz.5.9467': attribute type 10 has an invalid length. [ 435.692755][T31752] netlink: 40 bytes leftover after parsing attributes in process `syz.5.9467'. [ 435.713181][T31752] batman_adv: batadv0: Adding interface: hsr_slave_1 [ 435.719967][T31752] batman_adv: batadv0: The MTU of interface hsr_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 435.763558][T31752] batman_adv: batadv0: Interface activated: hsr_slave_1 [ 435.773522][T31762] veth0_vlan: entered allmulticast mode [ 435.808266][T31762] veth0_vlan: left promiscuous mode [ 435.832157][T31762] veth0_vlan: entered promiscuous mode [ 435.972341][T31772] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9476'. [ 435.990893][T31774] netlink: 763 bytes leftover after parsing attributes in process `syz.2.9477'. [ 436.009277][T31770] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9475'. [ 436.018653][T31770] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 436.238062][T31805] team0: Port device geneve1 removed [ 436.243612][T31805] batadv1: left allmulticast mode [ 436.248801][T31805] batadv1: left promiscuous mode [ 436.253845][T31805] bridge0: port 1(batadv1) entered disabled state [ 436.280861][T31805] batadv2: left allmulticast mode [ 436.285993][T31805] batadv2: left promiscuous mode [ 436.291125][T31805] bridge0: port 2(batadv2) entered disabled state [ 436.309305][T31808] team0: Unable to change to the same mode the team is in [ 436.546421][T31827] vlan2: entered promiscuous mode [ 436.551502][T31827] bond0: entered promiscuous mode [ 436.762523][T31838] batman_adv: batadv0: Interface deactivated: hsr_slave_1 [ 436.769982][T31838] batman_adv: batadv0: Removing interface: hsr_slave_1 [ 436.880015][ T29] kauditd_printk_skb: 602 callbacks suppressed [ 436.880033][ T29] audit: type=1326 audit(2000000291.300:58799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31848 comm="syz.5.9507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 436.955134][ T29] audit: type=1326 audit(2000000291.330:58800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31848 comm="syz.5.9507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 436.978704][ T29] audit: type=1326 audit(2000000291.330:58801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31848 comm="syz.5.9507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 437.002649][ T29] audit: type=1326 audit(2000000291.330:58802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31848 comm="syz.5.9507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 437.026233][ T29] audit: type=1326 audit(2000000291.330:58803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31848 comm="syz.5.9507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 437.049887][ T29] audit: type=1326 audit(2000000291.330:58804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31848 comm="syz.5.9507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 437.073482][ T29] audit: type=1326 audit(2000000291.330:58805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31848 comm="syz.5.9507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 437.097133][ T29] audit: type=1326 audit(2000000291.330:58806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31848 comm="syz.5.9507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 437.120665][ T29] audit: type=1326 audit(2000000291.330:58807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31848 comm="syz.5.9507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 437.144401][ T29] audit: type=1326 audit(2000000291.330:58808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31848 comm="syz.5.9507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 437.259714][ T36] IPVS: starting estimator thread 0... [ 437.354365][T31858] IPVS: using max 2496 ests per chain, 124800 per kthread [ 437.391656][T31839] chnl_net:caif_netlink_parms(): no params data found [ 437.509794][T31839] bridge0: port 1(bridge_slave_0) entered blocking state [ 437.516957][T31839] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.554971][T31839] bridge_slave_0: entered allmulticast mode [ 437.582151][T31839] bridge_slave_0: entered promiscuous mode [ 437.604747][T31839] bridge0: port 2(bridge_slave_1) entered blocking state [ 437.611967][T31839] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.639734][T31839] bridge_slave_1: entered allmulticast mode [ 437.649999][T31839] bridge_slave_1: entered promiscuous mode [ 437.692318][T31839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 437.716803][T31839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 437.728340][T31871] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 437.750088][T31839] team0: Port device team_slave_0 added [ 437.780340][T31839] team0: Port device team_slave_1 added [ 437.822583][T31879] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9514'. [ 437.833007][T31839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 437.840093][T31839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 437.866102][T31839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 437.908801][T31839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 437.915915][T31839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 437.941875][T31839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 437.981977][T31887] netlink: 'syz.4.9515': attribute type 10 has an invalid length. [ 437.989890][T31887] netlink: 40 bytes leftover after parsing attributes in process `syz.4.9515'. [ 438.048124][T31883] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.072570][T31886] team0: Unable to change to the same mode the team is in [ 438.087097][T31887] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 438.128564][T31883] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.140684][T31894] netlink: 104 bytes leftover after parsing attributes in process `syz.5.9518'. [ 438.149995][T31894] tc_dump_action: action bad kind [ 438.154971][T31901] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 438.188570][T31839] hsr_slave_0: entered promiscuous mode [ 438.195058][T31839] hsr_slave_1: entered promiscuous mode [ 438.210039][T31839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 438.219286][T31839] Cannot create hsr debugfs directory [ 438.229372][T31883] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.710902][T31883] netdevsim netdevsim4 netdevsim0 (unregistering): left promiscuous mode [ 438.725919][T31883] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.737656][T31914] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9526'. [ 438.819588][T31883] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.838755][T31883] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.850886][T31883] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.863226][T31883] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 439.072523][T31839] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 439.088734][T31839] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 439.098272][T31933] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 439.110383][T31839] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 439.122485][T31839] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 439.185132][T31839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 439.292261][T31839] 8021q: adding VLAN 0 to HW filter on device team0 [ 439.307613][ T3600] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.314765][ T3600] bridge0: port 1(bridge_slave_0) entered forwarding state [ 439.331602][ T3600] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.338732][ T3600] bridge0: port 2(bridge_slave_1) entered forwarding state [ 439.633756][T31839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 439.830492][T31839] veth0_vlan: entered promiscuous mode [ 439.843017][T31839] veth1_vlan: entered promiscuous mode [ 439.866796][T31839] veth0_macvtap: entered promiscuous mode [ 439.880652][T31839] veth1_macvtap: entered promiscuous mode [ 439.892783][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 439.903364][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 439.913302][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 439.923818][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 439.933676][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 439.944409][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 439.954363][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 439.964815][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 439.974701][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 439.985201][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 439.995072][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 440.005581][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.015427][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 440.025893][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.035893][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 440.046368][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.056223][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 440.066675][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.076536][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 440.087072][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.099183][T31839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 440.112427][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 440.123031][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.132870][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 440.143378][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.153221][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 440.163654][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.173543][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 440.183990][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.193927][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 440.204379][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.214243][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 440.224806][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.234631][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 440.245063][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.254889][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 440.265366][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.275192][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 440.285649][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.295906][T31839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 440.306574][T31839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.318208][T31839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 440.345552][T31839] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.354505][T31839] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.363245][T31839] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.371986][T31839] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.498396][T31973] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 440.579455][T31982] team0: Port device geneve1 removed [ 440.599062][T31982] team0: Unable to change to the same mode the team is in [ 440.733204][T32008] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9558'. [ 440.828283][T32011] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9559'. [ 441.088938][T32026] team0: Unable to change to the same mode the team is in [ 441.215486][T32037] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9571'. [ 441.580423][T32064] team0: Unable to change to the same mode the team is in [ 441.603908][T32070] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9586'. [ 441.926361][ T29] kauditd_printk_skb: 368 callbacks suppressed [ 441.926380][ T29] audit: type=1326 audit(2000000296.350:59177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32089 comm="syz.4.9595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 442.226161][ T29] audit: type=1326 audit(2000000296.390:59178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32089 comm="syz.4.9595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 442.249973][ T29] audit: type=1326 audit(2000000296.390:59179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32089 comm="syz.4.9595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 442.274956][ T29] audit: type=1326 audit(2000000296.390:59180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32089 comm="syz.4.9595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 442.299355][ T29] audit: type=1326 audit(2000000296.390:59181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32089 comm="syz.4.9595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 442.323017][ T29] audit: type=1326 audit(2000000296.390:59182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32089 comm="syz.4.9595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 442.346831][ T29] audit: type=1326 audit(2000000296.400:59183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32089 comm="syz.4.9595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 442.370470][ T29] audit: type=1326 audit(2000000296.400:59184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32089 comm="syz.4.9595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 442.394249][ T29] audit: type=1326 audit(2000000296.400:59185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32089 comm="syz.4.9595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 442.417892][ T29] audit: type=1326 audit(2000000296.400:59186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32089 comm="syz.4.9595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 442.478423][T32111] netlink: 96 bytes leftover after parsing attributes in process `syz.5.9603'. [ 442.504062][T32114] netlink: 104 bytes leftover after parsing attributes in process `syz.0.9605'. [ 442.513364][T32114] tc_dump_action: action bad kind [ 442.981055][T32150] netlink: 104 bytes leftover after parsing attributes in process `syz.0.9620'. [ 442.990135][T32150] tc_dump_action: action bad kind [ 443.913105][T32200] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.964392][T32202] netlink: 'syz.2.9639': attribute type 10 has an invalid length. [ 443.972263][T32202] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9639'. [ 444.013124][T32200] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.035399][T32202] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 444.045128][T32202] team0: Failed to send options change via netlink (err -105) [ 444.052670][T32202] team0: Port device geneve1 added [ 444.064122][T32200] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.139516][T32200] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.225666][T32200] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.237423][T32200] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.249741][T32200] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.266954][T32200] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.291264][T32207] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 444.363106][T32213] bridge_slave_0: left allmulticast mode [ 444.368944][T32213] bridge_slave_0: left promiscuous mode [ 444.374779][T32213] bridge0: port 1(bridge_slave_0) entered disabled state [ 444.385104][T32213] bridge_slave_1: left allmulticast mode [ 444.390844][T32213] bridge_slave_1: left promiscuous mode [ 444.396659][T32213] bridge0: port 2(bridge_slave_1) entered disabled state [ 444.410392][T32213] bond0: (slave bond_slave_0): Releasing backup interface [ 444.430643][T32213] bond0: (slave bond_slave_1): Releasing backup interface [ 444.451017][T32213] team0: Port device team_slave_0 removed [ 444.467029][T32213] team0: Port device team_slave_1 removed [ 444.475557][T32213] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 444.483077][T32213] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 444.494095][T32213] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 444.501601][T32213] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 444.523575][T32213] team0: Port device geneve1 removed [ 444.960618][T32234] netlink: 96 bytes leftover after parsing attributes in process `syz.3.9648'. [ 445.143374][T32218] team0: Mode changed to "loadbalance" [ 445.218041][T32242] netlink: 96 bytes leftover after parsing attributes in process `syz.4.9652'. [ 445.286724][ T9] IPVS: starting estimator thread 0... [ 445.374323][T32247] IPVS: using max 2592 ests per chain, 129600 per kthread [ 445.385951][T32239] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 445.549175][T32263] tc_dump_action: action bad kind [ 445.669820][T32272] tc_dump_action: action bad kind [ 445.809904][T32283] netlink: 'syz.3.9668': attribute type 1 has an invalid length. [ 445.892768][T32283] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 445.916394][T32289] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 445.999499][T32297] __nla_validate_parse: 5 callbacks suppressed [ 445.999518][T32297] netlink: 104 bytes leftover after parsing attributes in process `syz.3.9673'. [ 446.014925][T32297] tc_dump_action: action bad kind [ 446.170778][T32304] 9pnet_fd: Insufficient options for proto=fd [ 446.232873][T32312] netlink: 'syz.3.9676': attribute type 10 has an invalid length. [ 446.240851][T32312] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9676'. [ 446.254805][T32312] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.263094][T32312] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.273944][T32314] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 446.295220][T32312] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 446.305507][T32312] team0: Failed to send options change via netlink (err -105) [ 446.313053][T32312] team0: Port device geneve1 added [ 446.320131][T32316] netlink: 96 bytes leftover after parsing attributes in process `syz.2.9680'. [ 446.335198][T32303] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.386440][T32303] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.437708][T32303] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.458168][T32303] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.478078][T32303] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.501245][T32333] netlink: 104 bytes leftover after parsing attributes in process `syz.2.9687'. [ 446.510424][T32333] tc_dump_action: action bad kind [ 446.521990][T32303] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.585568][T32336] FAULT_INJECTION: forcing a failure. [ 446.585568][T32336] name failslab, interval 1, probability 0, space 0, times 0 [ 446.598238][T32336] CPU: 1 UID: 0 PID: 32336 Comm: syz.2.9688 Not tainted 6.14.0-syzkaller-12886-ga1b5bd45d4ee #0 PREEMPT(voluntary) [ 446.598339][T32336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 446.598351][T32336] Call Trace: [ 446.598358][T32336] [ 446.598366][T32336] dump_stack_lvl+0xf6/0x150 [ 446.598497][T32336] dump_stack+0x15/0x1a [ 446.598518][T32336] should_fail_ex+0x261/0x270 [ 446.598553][T32336] should_failslab+0x8f/0xb0 [ 446.598591][T32336] __kmalloc_node_noprof+0xaf/0x420 [ 446.598647][T32336] ? __vmalloc_node_range_noprof+0x3e1/0xe80 [ 446.598686][T32336] __vmalloc_node_range_noprof+0x3e1/0xe80 [ 446.598734][T32336] ? selinux_capable+0x1f9/0x260 [ 446.598806][T32336] ? bpf_prog_alloc_no_stats+0x49/0x390 [ 446.598828][T32336] __vmalloc_noprof+0x5e/0x70 [ 446.598857][T32336] ? bpf_prog_alloc_no_stats+0x49/0x390 [ 446.598883][T32336] bpf_prog_alloc_no_stats+0x49/0x390 [ 446.598906][T32336] ? bpf_prog_alloc+0x28/0x150 [ 446.598935][T32336] bpf_prog_alloc+0x3a/0x150 [ 446.598955][T32336] bpf_prog_load+0x532/0x10e0 [ 446.599007][T32336] __sys_bpf+0x533/0x800 [ 446.599036][T32336] __x64_sys_bpf+0x43/0x50 [ 446.599059][T32336] x64_sys_call+0x23da/0x2e10 [ 446.599127][T32336] do_syscall_64+0xc9/0x1c0 [ 446.599161][T32336] ? clear_bhb_loop+0x25/0x80 [ 446.599188][T32336] ? clear_bhb_loop+0x25/0x80 [ 446.599281][T32336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.599306][T32336] RIP: 0033:0x7f2d630dd169 [ 446.599324][T32336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 446.599345][T32336] RSP: 002b:00007f2d6173f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 446.599409][T32336] RAX: ffffffffffffffda RBX: 00007f2d632f5fa0 RCX: 00007f2d630dd169 [ 446.599421][T32336] RDX: 0000000000000094 RSI: 0000200000000100 RDI: 0000000000000005 [ 446.599433][T32336] RBP: 00007f2d6173f090 R08: 0000000000000000 R09: 0000000000000000 [ 446.599446][T32336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 446.599460][T32336] R13: 0000000000000000 R14: 00007f2d632f5fa0 R15: 00007ffea2c06568 [ 446.599484][T32336] [ 446.599493][T32336] warn_alloc: 2 callbacks suppressed [ 446.599504][T32336] syz.2.9688: vmalloc error: size 4096, failed to allocated page array size 8, mode:0x500dc2(GFP_HIGHUSER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null) [ 446.770707][T32341] 9pnet_fd: Insufficient options for proto=fd [ 446.840764][T32336] ,cpuset=/,mems_allowed=0 [ 446.845249][T32336] CPU: 1 UID: 0 PID: 32336 Comm: syz.2.9688 Not tainted 6.14.0-syzkaller-12886-ga1b5bd45d4ee #0 PREEMPT(voluntary) [ 446.845278][T32336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 446.845290][T32336] Call Trace: [ 446.845296][T32336] [ 446.845304][T32336] dump_stack_lvl+0xf6/0x150 [ 446.845383][T32336] dump_stack+0x15/0x1a [ 446.845427][T32336] warn_alloc+0x145/0x1b0 [ 446.845548][T32336] __vmalloc_node_range_noprof+0x478/0xe80 [ 446.845592][T32336] ? selinux_capable+0x1f9/0x260 [ 446.845684][T32336] ? bpf_prog_alloc_no_stats+0x49/0x390 [ 446.845703][T32336] __vmalloc_noprof+0x5e/0x70 [ 446.845726][T32336] ? bpf_prog_alloc_no_stats+0x49/0x390 [ 446.845779][T32336] bpf_prog_alloc_no_stats+0x49/0x390 [ 446.845805][T32336] ? bpf_prog_alloc+0x28/0x150 [ 446.845822][T32336] bpf_prog_alloc+0x3a/0x150 [ 446.845841][T32336] bpf_prog_load+0x532/0x10e0 [ 446.845958][T32336] __sys_bpf+0x533/0x800 [ 446.845986][T32336] __x64_sys_bpf+0x43/0x50 [ 446.846003][T32336] x64_sys_call+0x23da/0x2e10 [ 446.846021][T32336] do_syscall_64+0xc9/0x1c0 [ 446.846047][T32336] ? clear_bhb_loop+0x25/0x80 [ 446.846107][T32336] ? clear_bhb_loop+0x25/0x80 [ 446.846131][T32336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.846195][T32336] RIP: 0033:0x7f2d630dd169 [ 446.846210][T32336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 446.846316][T32336] RSP: 002b:00007f2d6173f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 446.846331][T32336] RAX: ffffffffffffffda RBX: 00007f2d632f5fa0 RCX: 00007f2d630dd169 [ 446.846343][T32336] RDX: 0000000000000094 RSI: 0000200000000100 RDI: 0000000000000005 [ 446.846356][T32336] RBP: 00007f2d6173f090 R08: 0000000000000000 R09: 0000000000000000 [ 446.846366][T32336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 446.846378][T32336] R13: 0000000000000000 R14: 00007f2d632f5fa0 R15: 00007ffea2c06568 [ 446.846398][T32336] [ 446.846405][T32336] Mem-Info: [ 447.045989][T32336] active_anon:12999 inactive_anon:18 isolated_anon:0 [ 447.045989][T32336] active_file:19180 inactive_file:2239 isolated_file:0 [ 447.045989][T32336] unevictable:0 dirty:252 writeback:0 [ 447.045989][T32336] slab_reclaimable:4256 slab_unreclaimable:77293 [ 447.045989][T32336] mapped:32410 shmem:3193 pagetables:1015 [ 447.045989][T32336] sec_pagetables:0 bounce:0 [ 447.045989][T32336] kernel_misc_reclaimable:0 [ 447.045989][T32336] free:1807361 free_pcp:9466 free_cma:0 [ 447.091086][T32336] Node 0 active_anon:51996kB inactive_anon:72kB active_file:76720kB inactive_file:8956kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:129640kB dirty:1008kB writeback:0kB shmem:12772kB writeback_tmp:0kB kernel_stack:4816kB pagetables:4060kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 447.120074][T32336] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 447.146981][T32336] lowmem_reserve[]: 0 2882 7860 7860 [ 447.152365][T32336] Node 0 DMA32 free:2947812kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2951340kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:0kB free_cma:0kB [ 447.180746][T32336] lowmem_reserve[]: 0 0 4978 4978 [ 447.185891][T32336] Node 0 Normal free:4266272kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB active_anon:51996kB inactive_anon:72kB active_file:76720kB inactive_file:8956kB unevictable:0kB writepending:1008kB present:5242880kB managed:5098244kB mlocked:0kB bounce:0kB free_pcp:34336kB local_pcp:14624kB free_cma:0kB [ 447.216306][T32336] lowmem_reserve[]: 0 0 0 0 [ 447.220868][T32336] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 447.233809][T32336] Node 0 DMA32: 5*4kB (M) 0*8kB 1*16kB (M) 4*32kB (M) 5*64kB (M) 4*128kB (M) 3*256kB (M) 4*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2947812kB [ 447.249679][T32336] Node 0 Normal: 10*4kB (UME) 2*8kB (ME) 2*16kB (ME) 275*32kB (ME) 224*64kB (UME) 44*128kB (UME) 36*256kB (UM) 8*512kB (UME) 7*1024kB (UM) 13*2048kB (UME) 1023*4096kB (UM) = 4266168kB [ 447.268118][T32336] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 447.277727][T32336] 24630 total pagecache pages [ 447.282428][T32336] 24 pages in swap cache [ 447.286692][T32336] Free swap = 124900kB [ 447.290902][T32336] Total swap = 124996kB [ 447.295128][T32336] 2097051 pages RAM [ 447.298932][T32336] 0 pages HighMem/MovableOnly [ 447.303844][T32336] 80815 pages reserved [ 447.348547][ T29] kauditd_printk_skb: 223 callbacks suppressed [ 447.348565][ T29] audit: type=1326 audit(2000000301.770:59410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32352 comm="syz.0.9695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b0b4d169 code=0x7ffc0000 [ 447.421615][ T29] audit: type=1326 audit(2000000301.800:59411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32352 comm="syz.0.9695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7fe6b0b4d169 code=0x7ffc0000 [ 447.445313][ T29] audit: type=1326 audit(2000000301.800:59412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32352 comm="syz.0.9695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b0b4d169 code=0x7ffc0000 [ 447.468983][ T29] audit: type=1326 audit(2000000301.840:59413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32356 comm="syz.0.9698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b0b4d169 code=0x7ffc0000 [ 447.492714][ T29] audit: type=1326 audit(2000000301.840:59414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32356 comm="syz.0.9698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe6b0b4bad0 code=0x7ffc0000 [ 447.516483][ T29] audit: type=1326 audit(2000000301.840:59415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32356 comm="syz.0.9698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b0b4d169 code=0x7ffc0000 [ 447.540294][ T29] audit: type=1326 audit(2000000301.840:59416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32356 comm="syz.0.9698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe6b0b4d169 code=0x7ffc0000 [ 447.563956][ T29] audit: type=1326 audit(2000000301.840:59417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32356 comm="syz.0.9698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b0b4d169 code=0x7ffc0000 [ 447.587580][ T29] audit: type=1326 audit(2000000301.840:59418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32356 comm="syz.0.9698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe6b0b4d169 code=0x7ffc0000 [ 447.611063][ T29] audit: type=1326 audit(2000000301.840:59419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32356 comm="syz.0.9698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b0b4d169 code=0x7ffc0000 [ 447.642625][T32355] netlink: 96 bytes leftover after parsing attributes in process `syz.2.9697'. [ 447.710965][T32365] 9pnet_fd: Insufficient options for proto=fd [ 447.763163][T32372] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 447.902183][T32389] netlink: 104 bytes leftover after parsing attributes in process `syz.5.9711'. [ 447.911276][T32389] tc_dump_action: action bad kind [ 447.956931][T32397] 9pnet_fd: Insufficient options for proto=fd [ 448.026556][T32402] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 448.323049][T32431] 9pnet_fd: Insufficient options for proto=fd [ 448.436857][T32439] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 448.531304][T32452] team0: Unable to change to the same mode the team is in [ 448.560140][T32455] uprobe: syz.5.9735:32455 failed to unregister, leaking uprobe [ 448.583605][T32457] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9739'. [ 448.619936][T32463] 9pnet_fd: Insufficient options for proto=fd [ 448.780196][T32474] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9746'. [ 448.789319][T32475] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9742'. [ 448.789480][T32475] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 449.069864][T32499] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.120398][T32501] netlink: 'syz.2.9755': attribute type 10 has an invalid length. [ 449.128259][T32501] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9755'. [ 449.144626][T32501] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 449.153617][T32501] team0: Failed to send options change via netlink (err -105) [ 449.161194][T32501] team0: Port device geneve1 added [ 449.193047][T32499] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.261045][T32506] 9pnet: p9_errstr2errno: server reported unknown error [ 449.327113][T32499] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.396970][T32499] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.471512][T32499] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.523903][T32499] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.541820][T32499] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.581534][T32499] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.602786][T32518] 9pnet_fd: Insufficient options for proto=fd [ 449.930239][T32542] serio: Serial port ptm0 [ 450.090027][T32554] syzkaller0: entered promiscuous mode [ 450.095729][T32554] syzkaller0: entered allmulticast mode [ 450.630330][T32575] team0: Unable to change to the same mode the team is in [ 450.715963][T32585] 9pnet_fd: Insufficient options for proto=fd [ 451.790226][T32630] __nla_validate_parse: 4 callbacks suppressed [ 451.790244][T32630] netlink: 104 bytes leftover after parsing attributes in process `syz.0.9808'. [ 451.805606][T32630] tc_dump_action: action bad kind [ 451.932224][T32637] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9811'. [ 451.962063][T32640] netlink: 'syz.5.9810': attribute type 10 has an invalid length. [ 451.970036][T32640] netlink: 40 bytes leftover after parsing attributes in process `syz.5.9810'. [ 451.979742][T32640] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 452.189223][T32661] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 452.272454][T32674] netlink: 20 bytes leftover after parsing attributes in process `syz.5.9827'. [ 452.397810][ T29] kauditd_printk_skb: 401 callbacks suppressed [ 452.397828][ T29] audit: type=1326 audit(2000000306.810:59821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32681 comm="syz.5.9830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 452.427713][ T29] audit: type=1326 audit(2000000306.810:59822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32681 comm="syz.5.9830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f23f096bad0 code=0x7ffc0000 [ 452.451431][ T29] audit: type=1326 audit(2000000306.810:59823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32681 comm="syz.5.9830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 452.475054][ T29] audit: type=1326 audit(2000000306.810:59824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32681 comm="syz.5.9830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 452.498711][ T29] audit: type=1326 audit(2000000306.810:59825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32681 comm="syz.5.9830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 452.522503][ T29] audit: type=1326 audit(2000000306.810:59826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32681 comm="syz.5.9830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 452.545971][ T29] audit: type=1326 audit(2000000306.810:59827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32681 comm="syz.5.9830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 452.569608][ T29] audit: type=1326 audit(2000000306.810:59828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32681 comm="syz.5.9830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 452.593379][ T29] audit: type=1326 audit(2000000306.810:59829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32681 comm="syz.5.9830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 452.617188][ T29] audit: type=1326 audit(2000000306.810:59830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32681 comm="syz.5.9830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23f096d169 code=0x7ffc0000 [ 452.726289][T32694] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 452.741095][T32696] netlink: 'syz.5.9834': attribute type 10 has an invalid length. [ 452.749302][T32696] netlink: 40 bytes leftover after parsing attributes in process `syz.5.9834'. [ 452.758827][T32696] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 452.814959][T32702] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9838'. [ 452.967660][T32709] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9841'. [ 453.114946][T32723] netlink: 96 bytes leftover after parsing attributes in process `syz.2.9849'. [ 453.143916][T32726] netlink: 104 bytes leftover after parsing attributes in process `syz.4.9847'. [ 453.153127][T32726] tc_dump_action: action bad kind [ 453.282420][ T51] unregister_netdevice: waiting for batadv0 to become free. Usage count = 3 [ 453.312313][T32741] 9pnet_fd: Insufficient options for proto=fd [ 454.362497][T32767] netlink: 104 bytes leftover after parsing attributes in process `syz.2.9865'. [ 454.372232][T32767] tc_dump_action: action bad kind [ 454.495413][ T304] 9pnet_fd: Insufficient options for proto=fd [ 455.014158][ T333] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.022684][ T333] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.031150][ T333] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.039557][ T333] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.059690][ T333] team0: Port device geneve1 removed [ 455.066555][ T333] bond1: (slave ip6gretap1): Releasing backup interface [ 455.080507][ T334] team0: Unable to change to the same mode the team is in [ 455.262592][ T337] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 455.344119][ T341] 9pnet_fd: Insufficient options for proto=fd [ 455.400255][ T345] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 456.690710][ T412] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 456.760330][ T421] 9pnet_fd: Insufficient options for proto=fd [ 456.940851][ T439] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 456.986848][ T432] __nla_validate_parse: 3 callbacks suppressed [ 456.986880][ T432] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9914'. [ 457.003154][ T447] netlink: 96 bytes leftover after parsing attributes in process `syz.3.9919'. [ 457.019008][ T432] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 457.097304][ T461] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9924'. [ 457.158401][ T466] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 457.328786][ T484] netlink: 96 bytes leftover after parsing attributes in process `syz.5.9934'. [ 457.503170][ T29] kauditd_printk_skb: 267 callbacks suppressed [ 457.503200][ T29] audit: type=1326 audit(2000000311.920:60098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=503 comm="syz.3.9940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 457.539046][ T29] audit: type=1326 audit(2000000311.960:60099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=503 comm="syz.3.9940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f87875dbad0 code=0x7ffc0000 [ 457.562647][ T29] audit: type=1326 audit(2000000311.960:60100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=503 comm="syz.3.9940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 457.586075][ T29] audit: type=1326 audit(2000000311.960:60101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=503 comm="syz.3.9940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 457.609916][ T29] audit: type=1326 audit(2000000311.960:60102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=503 comm="syz.3.9940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 457.611477][ T490] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9936'. [ 457.633330][ T29] audit: type=1326 audit(2000000311.960:60103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=503 comm="syz.3.9940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 457.633367][ T29] audit: type=1326 audit(2000000311.960:60104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=503 comm="syz.3.9940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 457.633397][ T29] audit: type=1326 audit(2000000311.960:60105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=503 comm="syz.3.9940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 457.712431][ T29] audit: type=1326 audit(2000000311.960:60106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=503 comm="syz.3.9940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 457.722461][ T507] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9941'. [ 457.735982][ T29] audit: type=1326 audit(2000000311.960:60107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=503 comm="syz.3.9940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87875dd169 code=0x7ffc0000 [ 457.778425][ T490] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 457.977681][ T517] netlink: 96 bytes leftover after parsing attributes in process `syz.3.9946'. [ 458.031074][ T525] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 458.333632][ T552] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9959'. [ 458.470443][ T562] team0: Unable to change to the same mode the team is in [ 458.537476][ T567] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 458.859125][ T583] netlink: 104 bytes leftover after parsing attributes in process `syz.3.9972'. [ 458.868311][ T583] tc_dump_action: action bad kind [ 458.989765][ T598] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 459.018080][ T594] team0: Port device geneve1 removed [ 459.089640][ T602] team0: Unable to change to the same mode the team is in [ 459.123660][ T596] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9978'. [ 459.140775][ T596] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 459.205472][ T609] 9pnet_fd: Insufficient options for proto=fd [ 460.028068][ T632] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 460.121994][ T641] 9pnet_fd: Insufficient options for proto=fd [ 460.290365][ T643] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 460.451834][ T655] team0: Unable to change to the same mode the team is in [ 460.520483][ T659] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 460.557053][ T665] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.599553][ T669] 9pnet_fd: Insufficient options for proto=fd [ 460.608863][ T670] netlink: 'syz.2.10004': attribute type 10 has an invalid length. [ 460.618693][ T665] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.641587][ T670] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 460.653569][ T670] team0: Failed to send options change via netlink (err -105) [ 460.661095][ T670] team0: Port device geneve1 added [ 460.689127][ T665] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.749117][ T665] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.834704][ T665] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.846562][ T665] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.862928][ T665] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.880037][ T665] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.908572][ T681] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 460.968816][ T684] team0: Port device geneve1 removed [ 460.994069][ T684] team0: Unable to change to the same mode the team is in [ 461.047629][ T690] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 461.259189][ T708] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 461.336565][ T713] team0: Unable to change to the same mode the team is in [ 461.378897][ T720] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 461.584854][ T740] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 461.663436][ T748] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 462.020426][ T770] __nla_validate_parse: 13 callbacks suppressed [ 462.020446][ T770] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10050'. [ 462.038555][ T770] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 462.058311][ T774] netlink: 'syz.5.10051': attribute type 10 has an invalid length. [ 462.066348][ T774] netlink: 40 bytes leftover after parsing attributes in process `syz.5.10051'. [ 462.099805][ T774] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 462.148617][ T779] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 462.157756][ T781] netlink: 'syz.3.10052': attribute type 10 has an invalid length. [ 462.165745][ T781] netlink: 40 bytes leftover after parsing attributes in process `syz.3.10052'. [ 462.204552][ T781] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.212804][ T781] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.287886][ T781] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 462.324286][ T781] team0: Failed to send options change via netlink (err -105) [ 462.331860][ T781] team0: Port device geneve1 added [ 462.432867][ T776] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.502370][ T776] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.513503][ T802] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10062'. [ 462.534986][ T802] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 462.605205][ T776] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.617445][ T808] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 462.635345][ T776] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.662175][ T815] netlink: 20 bytes leftover after parsing attributes in process `syz.4.10067'. [ 462.671987][ T776] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.693571][ T776] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.759619][ T818] netlink: 96 bytes leftover after parsing attributes in process `syz.5.10068'. [ 462.801942][ T29] kauditd_printk_skb: 562 callbacks suppressed [ 462.801981][ T29] audit: type=1326 audit(2000000317.220:60670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=827 comm="syz.2.10073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d630dd169 code=0x7ffc0000 [ 462.845707][ T29] audit: type=1326 audit(2000000317.250:60671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=827 comm="syz.2.10073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d630dd169 code=0x7ffc0000 [ 462.869310][ T29] audit: type=1326 audit(2000000317.260:60672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=827 comm="syz.2.10073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d630dd169 code=0x7ffc0000 [ 462.892903][ T29] audit: type=1326 audit(2000000317.260:60673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=827 comm="syz.2.10073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d630dd169 code=0x7ffc0000 [ 462.916549][ T29] audit: type=1326 audit(2000000317.260:60674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=827 comm="syz.2.10073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d630dd169 code=0x7ffc0000 [ 462.990815][ T29] audit: type=1326 audit(2000000317.410:60675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=827 comm="syz.2.10073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2d630dd169 code=0x7ffc0000 [ 463.014368][ T29] audit: type=1326 audit(2000000317.410:60676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=827 comm="syz.2.10073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d630dd169 code=0x7ffc0000 [ 463.037875][ T29] audit: type=1326 audit(2000000317.410:60677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=827 comm="syz.2.10073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d630dd169 code=0x7ffc0000 [ 463.061483][ T29] audit: type=1326 audit(2000000317.410:60678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=827 comm="syz.2.10073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d630dd169 code=0x7ffc0000 [ 463.085117][ T29] audit: type=1326 audit(2000000317.410:60679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=827 comm="syz.2.10073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d630dd169 code=0x7ffc0000 [ 463.109523][ T835] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.117982][ T835] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.126461][ T835] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.134819][ T835] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.163039][ T835] team0: Port device geneve1 removed [ 463.172955][ T837] team0: Unable to change to the same mode the team is in [ 463.180828][ T832] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10074'. [ 463.187077][ T845] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 463.212498][ T832] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 463.320776][ T855] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.351889][ T841] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10077'. [ 463.366207][ T841] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 463.367292][ T861] netlink: 'syz.2.10082': attribute type 10 has an invalid length. [ 463.376193][ T859] netlink: 20 bytes leftover after parsing attributes in process `syz.4.10084'. [ 463.383606][ T861] netlink: 40 bytes leftover after parsing attributes in process `syz.2.10082'. [ 463.420571][ T861] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 463.431043][ T861] team0: Failed to send options change via netlink (err -105) [ 463.438611][ T861] team0: Port device geneve1 added [ 463.507219][ T855] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.562457][ T872] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 463.627450][ T855] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.676673][ T855] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.851038][ T884] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 463.939909][ T887] tc_dump_action: action bad kind [ 464.065869][ T893] team0: Unable to change to the same mode the team is in [ 464.307196][ T902] 9pnet: Could not find request transport: fd0x0000000000000004 [ 464.682878][ T914] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 464.737597][ T855] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.760024][ T855] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.791077][ T855] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.807173][ T855] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.876587][ T927] team0: No ports can be present during mode change [ 464.933830][ T934] 9pnet: Could not find request transport: fd0x0000000000000004 [ 465.225473][ T960] team0: Unable to change to the same mode the team is in [ 465.319664][ T966] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 465.377136][ T975] tc_dump_action: action bad kind [ 465.466486][ T977] 9pnet_fd: Insufficient options for proto=fd [ 465.502911][ T983] team0: Unable to change to the same mode the team is in [ 465.813766][ T998] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 465.971264][ T1012] 9pnet_fd: Insufficient options for proto=fd [ 466.264170][ T1035] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 466.376924][ T1045] 9pnet_fd: Insufficient options for proto=fd [ 466.586977][ T1068] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 466.614059][ T1074] netlink: 'syz.0.10171': attribute type 10 has an invalid length. [ 466.639697][ T1074] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.648000][ T1074] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.661652][ T1076] 9pnet: Could not find request transport: fd0x0000000000000004 [ 466.679041][ T1074] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 466.701474][ T1074] team0: Failed to send options change via netlink (err -105) [ 466.709191][ T1074] team0: Port device geneve1 added [ 466.716542][ T1071] team0: Unable to change to the same mode the team is in [ 466.768545][ T1069] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.865846][ T1069] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.358263][ T1069] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.377207][ T1069] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.394725][ T1069] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.411114][ T1069] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.454089][ T1100] team0: No ports can be present during mode change [ 467.628903][ T1107] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 468.025829][ T1136] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 468.059279][ T1139] __nla_validate_parse: 19 callbacks suppressed [ 468.059298][ T1139] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10193'. [ 468.079576][ T1139] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 468.161931][ T1143] netlink: 96 bytes leftover after parsing attributes in process `syz.4.10197'. [ 468.384006][ T29] kauditd_printk_skb: 495 callbacks suppressed [ 468.384029][ T29] audit: type=1326 audit(2000000322.800:61175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1161 comm="syz.4.10204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 468.434842][ T29] audit: type=1326 audit(2000000322.840:61176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1161 comm="syz.4.10204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff7f481bad0 code=0x7ffc0000 [ 468.457117][ T1166] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 468.458550][ T29] audit: type=1326 audit(2000000322.840:61177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1161 comm="syz.4.10204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 468.489814][ T29] audit: type=1326 audit(2000000322.840:61178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1161 comm="syz.4.10204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 468.513462][ T29] audit: type=1326 audit(2000000322.840:61179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1161 comm="syz.4.10204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 468.537296][ T29] audit: type=1326 audit(2000000322.840:61180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1161 comm="syz.4.10204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 468.560852][ T29] audit: type=1326 audit(2000000322.840:61181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1161 comm="syz.4.10204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 468.584574][ T29] audit: type=1326 audit(2000000322.840:61182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1161 comm="syz.4.10204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 468.608267][ T29] audit: type=1326 audit(2000000322.840:61183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1161 comm="syz.4.10204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 468.632018][ T29] audit: type=1326 audit(2000000322.840:61184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1161 comm="syz.4.10204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff7f481d169 code=0x7ffc0000 [ 468.660398][ T1170] netlink: 96 bytes leftover after parsing attributes in process `syz.4.10208'. [ 468.750880][ T1173] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10209'. [ 468.760693][ T1173] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 468.958294][ T1191] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 470.257126][ T1240] team0: Unable to change to the same mode the team is in [ 470.306891][ T1244] ================================================================== [ 470.315009][ T1244] BUG: KCSAN: data-race in mas_wr_store_entry / mtree_range_walk [ 470.322761][ T1244] [ 470.325094][ T1244] write to 0xffff888104844c10 of 8 bytes by task 1241 on cpu 0: [ 470.332741][ T1244] mas_wr_store_entry+0x1266/0x2460 [ 470.337965][ T1244] mas_store_prealloc+0x6d5/0x960 [ 470.343018][ T1244] commit_merge+0x685/0x710 [ 470.347553][ T1244] vma_expand+0x241/0x320 [ 470.351910][ T1244] vma_merge_new_range+0x2c2/0x340 [ 470.357046][ T1244] mmap_region+0x805/0x1490 [ 470.361558][ T1244] do_mmap+0x9ef/0xc80 [ 470.365646][ T1244] vm_mmap_pgoff+0x16d/0x2d0 [ 470.370265][ T1244] ksys_mmap_pgoff+0xd0/0x340 [ 470.374972][ T1244] x64_sys_call+0x1945/0x2e10 [ 470.379676][ T1244] do_syscall_64+0xc9/0x1c0 [ 470.384203][ T1244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.390109][ T1244] [ 470.392441][ T1244] read to 0xffff888104844c10 of 8 bytes by task 1244 on cpu 1: [ 470.399998][ T1244] mtree_range_walk+0x1b3/0x460 [ 470.404876][ T1244] mas_walk+0x16e/0x320 [ 470.409046][ T1244] lock_vma_under_rcu+0xa7/0x340 [ 470.414003][ T1244] exc_page_fault+0x150/0x6a0 [ 470.418688][ T1244] asm_exc_page_fault+0x26/0x30 [ 470.423546][ T1244] [ 470.425872][ T1244] value changed: 0x00007fe6af16dfff -> 0xffffffff85627830 [ 470.432986][ T1244] [ 470.435313][ T1244] Reported by Kernel Concurrency Sanitizer on: [ 470.441469][ T1244] CPU: 1 UID: 0 PID: 1244 Comm: syz.0.10236 Not tainted 6.14.0-syzkaller-12886-ga1b5bd45d4ee #0 PREEMPT(voluntary) [ 470.453629][ T1244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 470.463685][ T1244] ==================================================================