last executing test programs: 2.229705197s ago: executing program 4 (id=3654): perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xc97c, 0x0, @perf_config_ext={0x0, 0x5}, 0x8000, 0x0, 0x409, 0x5, 0x0, 0x40, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) keyctl$KEYCTL_MOVE(0x4, 0x0, 0x0, 0x0, 0x2000000) 2.160119288s ago: executing program 4 (id=3655): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182300", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000001c0)='kfree\x00', r1}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26f8ffa5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbde8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d944e0b083bbd86b19cb074577a25ff581d92af08a06f857310a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4c2d7acf1dfe79d6771903b76e21190c22d641030e1ddacf006c3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000077339b4200000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e020000007a27310d5d01f8a8a0f5212d7f628f554afea715ccbc66cbb1016490f5d579308cb3188cf2fcaf67e0c16443d526ba4b968f07ae362c2133c168313e84beb871203880dd453c45d0a137d7f5a8b039dbfa62fb2b4214f8e69f967bf1fbd89e77fcca110000000800000000000000f8877994ebdc35f7efd41e3babd9b3782edd6776d5b6cb4ecd72c9de9b5503747d71440378cf2c2c7ea2dc5febb654a867f853713cf4c0bb322fbbe446d18dee4c821275ef18259cafc346c8b3b9fb0f3adcf6ea310a6b9a3f59e29a5909ea047fb61affb4bc8bbea1fb761b8933795b1a91358a7791aa843d07020e8bb6fc18458c49ac6313e7165b7d9f65e94a62b69f1011b94340cdb7303f01e5cdb5682ddf73d65c3de1d88dd7496d6345d5b9de0223988056a53e19a8b96b9640bc6c09d3c2ff894d626b57c776ed53f94d5e22ff148061b37f72bd92924cb1d0a725e19b264346b7cae0251a850de78316503f3c3d395c7e3f04fc8d52583327cd2341ce4b2d092815376299686f41353b2823814563011a2223b9dd00000000000000000000003a131374a3371cb3e2a9bb4d798b91cefa444501f40b7c9589e8c0bb6c82123d2b45ce905d0903b32ecf30e828c71a07a83f3275f3d661d1af0ffbd5d7f0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0xfeffff, 0x680, 0x3f000002, &(0x7f0000000700)="c45c57ce395de5b289f07d637a223920f181c2e57d71483cfb2d075a3ff07258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0xf0, 0xffffff0c}, 0x40) 2.159539128s ago: executing program 2 (id=3656): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7fff}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ac4010000060a0b040000000000000000020000004c000480340001800b000100746172676574000024000280090001004d41524b000000000c00030002b51112d439c5920800024000000002140001800b0001006c6f6f6b75700000040002800900010073797a30000000000900020073797a32"], 0x1ec}, 0x1, 0x0, 0x0, 0x4000840}, 0x0) 2.106671879s ago: executing program 4 (id=3657): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) (async) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$SO_COOKIE(r2, 0x1, 0x39, 0x0, &(0x7f0000000680)) (async, rerun: 32) r3 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) (rerun: 32) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x6) symlinkat(&(0x7f0000000400)='./file0/../file0\x00', r4, &(0x7f0000000080)='./file0\x00') (async, rerun: 64) readlinkat(r4, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000000780)=""/198, 0xc6) (rerun: 64) 2.019253691s ago: executing program 2 (id=3660): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0) pwrite64(r3, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) 1.904741744s ago: executing program 4 (id=3661): r0 = openat$nci(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x9200000000000000) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5}, &(0x7f0000000000), &(0x7f0000000080)=r6}, 0x20) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r4, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r2], 0x4) 1.775731085s ago: executing program 4 (id=3664): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000500)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x800000000006}, 0x18) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3f}}}, 0x1ff, 0xfff, 0x0, 0xa, 0x9}, &(0x7f0000000140)=0x98) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000280)={r4, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x8001, @private0={0xfc, 0x0, '\x00', 0xfe}, 0xa}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x27) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000180)={r5, 0x2, 0x3}, 0x8) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) syz_clone3(&(0x7f0000000380)={0x90a2100, 0x0, 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0}, 0x58) 1.698123457s ago: executing program 1 (id=3665): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c00"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff40bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r1, 0x0, 0x200000000000006}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) kexec_load(0x0, 0x0, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = gettid() r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r4, &(0x7f0000000440)=""/247, 0x26) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f00000000c0)={0x31, @tick=0x40, 0x4, {0x0, 0x2}, 0xa, 0x0, 0x4}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000040)={0x7, 0x7, 0x6, 0x2, 0x3, 0x824b}) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r4, 0x80045300, 0x0) tkill(r3, 0x7) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f00000000c0)=0xc) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000100)={0x28, 0x18, 0x1, 0x0, 0x0, {0x2}, [@typed={0x8, 0x800, 0x0, 0x0, @ipv4=@multicast2}, @nested={0xc, 0x8, 0x0, 0x1, [@typed={0x8, 0xc, 0x0, 0x0, @uid=r5}]}]}, 0x28}}, 0x0) quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000080)=@sr0, r5, &(0x7f00000001c0)='./file0\x00') r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r6) r8 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x41, &(0x7f0000000000)=0x40, 0x4) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000200)={0xa, 0x4e23, 0x5, @mcast2, 0xd}, 0x1c, &(0x7f0000000740)=[{&(0x7f0000000340)="0e0f5454af3f935fa633cdfc7bace49fe32563a57aaa218dce079e58a7925e00e95c09bad795751a65645d7b5040e39985d57dee039a2e698fcd07268d21dfefe009ff77a63b60a59e8fdf8010538932b5323fd09f074b8dd9a9ab2c2a6b4c47d306b649ee27475fd58402ccb3113d2d58c0533dcc4d1a1e5275be8f4b9fd37623208a138424a31e6fb9c529be4e4fd2605e26304dde4df097b53270598e0379ee075afe1c4aed5ffeeb8a1bf8218095919773c91d869d134096c851a295", 0xbe}, {&(0x7f0000000580)="c76e288ae83abde7aae4c6fa43a1f3d775d22a20c7da10b6f2d48df77c01566d7763b9713292d3700bb18b97d6708767f9a055931eb5b66dd76e77331cd7e4cd872572843724d01e479af369ebe2ee8c1dc7b93e6357b0e8809e4f60b46324e6271a60b4c1178bca5fb77e780537154c885e42371f1d4e60262e2769ebb9704a7831b880d09991658cdd5dfb5c14cd7c873c17bd269efc580b973f2f45dcce", 0x9f}, {&(0x7f0000000400)="044c5ae35b3748fa1272c152fb24843c74cf30e5151a64bebf596fd284e868139c7e00582fb7d0734a3d9aa902eb5232399c", 0x32}, {&(0x7f0000000640)="278f349f101898a656e3497aa4a303b847447990ae74a5d3a73039ee5c300607aee1d0eeaf91768a7784b70a5f249dd9ee1105f716230cfab8a363fdaf4bcdb3104fb982809bdf630e86f20bfeeb847158fefac130dbfa5cd3123549391082a81feb5eae7fbf9ebef180b2566963b667e473da8fdc60ab751fa91a5a04a28d9aec7d4b1d35f339db318dc94cfe656719fd1150a53e0311f67a7af75a4cb69c087588c7fb005e7bf1e7d2dccefe292acc759ae3309c3c83fdb0c5ae7bb6d486939f8a8ad9f4671b22ddd1dbeb5751854430260812ec14e5c0f427a2adaf6de8b163d6a1a2a4d1c13b582e3e140a444a4b7a78e0", 0xf3}], 0x4, &(0x7f0000000a00)=[@rthdr={{0x88, 0x29, 0x39, {0x0, 0xe, 0x2, 0x1, 0x0, [@empty, @remote, @mcast1, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private0, @private1={0xfc, 0x1, '\x00', 0x1}]}}}, @hopopts={{0xa0, 0x29, 0x36, {0x89, 0x10, '\x00', [@calipso={0x7, 0x30, {0x2, 0xa, 0x6, 0x7, [0xb, 0x100000001, 0x8, 0x8f7f, 0x7]}}, @pad1, @ra={0x5, 0x2, 0x400}, @enc_lim={0x4, 0x1, 0xd}, @padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @dev={0xfe, 0x80, '\x00', 0x2d}}, @enc_lim, @calipso={0x7, 0x20, {0x2, 0x6, 0x5, 0x3ff, [0x5, 0xfffffffffffffff7, 0x0]}}, @jumbo={0xc2, 0x4, 0x8}]}}}, @rthdr_2292={{0x98, 0x29, 0x39, {0x32, 0x10, 0x0, 0x80, 0x0, [@loopback, @mcast1, @local, @private2, @local, @mcast1, @mcast2, @dev={0xfe, 0x80, '\x00', 0x3b}]}}}, @rthdr={{0xb8, 0x29, 0x39, {0x29, 0x14, 0x1, 0x4, 0x0, [@dev={0xfe, 0x80, '\x00', 0x35}, @dev={0xfe, 0x80, '\x00', 0x24}, @private2, @ipv4={'\x00', '\xff\xff', @multicast2}, @private2={0xfc, 0x2, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, @loopback, @private2={0xfc, 0x2, '\x00', 0x1}]}}}, @pktinfo={{0x24, 0x29, 0x32, {@private2={0xfc, 0x2, '\x00', 0x1}}}}, @rthdrdstopts={{0x50, 0x29, 0x37, {0x0, 0x6, '\x00', [@ra={0x5, 0x2, 0x1}, @jumbo={0xc2, 0x4, 0x2}, @ra={0x5, 0x2, 0x2}, @calipso={0x7, 0x18, {0x1, 0x4, 0xd, 0x0, [0x470, 0x7fff]}}, @ra={0x5, 0x2, 0x8}, @ra={0x5, 0x2, 0x2}, @enc_lim={0x4, 0x1, 0x67}]}}}], 0x2f0}, 0x40000) sendmsg$ETHTOOL_MSG_COALESCE_SET(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08001400fc000000080011000700000008000e00800000000800", @ANYRES64=r6], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 1.652730968s ago: executing program 3 (id=3666): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="18110000716cc7d40268561f6e247892689e6731cf6e968a3c37e9ac00831942a9621c8d9cd2af430aad6747", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r2}, 0x10) set_tid_address(0x0) 1.636155748s ago: executing program 3 (id=3667): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182300", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000001c0)='kfree\x00', r1}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26f8ffa5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbde8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d944e0b083bbd86b19cb074577a25ff581d92af08a06f857310a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4c2d7acf1dfe79d6771903b76e21190c22d641030e1ddacf006c3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000077339b4200000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e020000007a27310d5d01f8a8a0f5212d7f628f554afea715ccbc66cbb1016490f5d579308cb3188cf2fcaf67e0c16443d526ba4b968f07ae362c2133c168313e84beb871203880dd453c45d0a137d7f5a8b039dbfa62fb2b4214f8e69f967bf1fbd89e77fcca110000000800000000000000f8877994ebdc35f7efd41e3babd9b3782edd6776d5b6cb4ecd72c9de9b5503747d71440378cf2c2c7ea2dc5febb654a867f853713cf4c0bb322fbbe446d18dee4c821275ef18259cafc346c8b3b9fb0f3adcf6ea310a6b9a3f59e29a5909ea047fb61affb4bc8bbea1fb761b8933795b1a91358a7791aa843d07020e8bb6fc18458c49ac6313e7165b7d9f65e94a62b69f1011b94340cdb7303f01e5cdb5682ddf73d65c3de1d88dd7496d6345d5b9de0223988056a53e19a8b96b9640bc6c09d3c2ff894d626b57c776ed53f94d5e22ff148061b37f72bd92924cb1d0a725e19b264346b7cae0251a850de78316503f3c3d395c7e3f04fc8d52583327cd2341ce4b2d092815376299686f41353b2823814563011a2223b9dd00000000000000000000003a131374a3371cb3e2a9bb4d798b91cefa444501f40b7c9589e8c0bb6c82123d2b45ce905d0903b32ecf30e828c71a07a83f3275f3d661d1af0ffbd5d7f0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0xfeffff, 0x680, 0x3f000002, &(0x7f0000000700)="c45c57ce395de5b289f07d637a223920f181c2e57d71483cfb2d075a3ff07258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0xf0, 0xffffff0c}, 0x40) 1.600071169s ago: executing program 3 (id=3668): r0 = openat$nci(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r4, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r2], 0x4) 1.451157312s ago: executing program 3 (id=3669): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000800)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000540)='sys_enter\x00', r0}, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x4000804}, 0x0) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bind$can_j1939(r6, &(0x7f0000000100)={0x1d, r7, 0x0, {}, 0xfd}, 0x18) connect$can_j1939(r6, &(0x7f0000000080)={0x1d, r7, 0xffffffffffffffff, {0x0, 0xf0, 0x2}, 0xfe}, 0x18) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000200)={&(0x7f0000000580)={0x50, r5, 0x10, 0x70bd28, 0x25dfdbff, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x0) bind$can_j1939(r3, &(0x7f0000000080)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}}, 0x18) sendmsg$can_j1939(r3, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@newtfilter={0x24, 0x11, 0x101, 0x70bd25, 0x100000, {0x0, 0x0, 0x74, r2, {0x5, 0xb}, {0x5, 0xfff3}, {0xfff1, 0xffe0}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4014}, 0xc4) 1.450588702s ago: executing program 2 (id=3670): r0 = socket$kcm(0xa, 0x2, 0x88) sendmsg$inet(r0, &(0x7f0000000000)={&(0x7f0000001340)={0x2, 0x2, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000001580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x27}, @multicast1}}}], 0x20}, 0x8000) sendmsg$inet(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001640)="657573a2aaa76a045d877c1f6455a4bb7edaedaf2406cf034c55272afe4a39f80fec79674992739b3f1d46ab6fc6b89bc95d81d84d8c293613c9f90375e9112c7b5f65f27e0e214389e9034316b5f9b75aaba5bc0d8f2290bd36c6624c127b3433e77de62a43eb8eeecd139da8a083185e6bef3c0866b648a4f6432a60e58c664a7a3dcb4a1776e6fdb08687841d75cdf12f0d7578930caa6a450381441bd9023d757be41434aaa87208e070bae470b8ebe5b100c3d6ed01dbff6a6e13320627043926cb30d2233291a5d9a15bfb760df9fabaa9f450747ff1cf93258dfbd2132d00516d8edfcb6b6352eb385866585cb371846f31532e653ccf7bc842c81206c8e80530a748501b2da5fedb1bcd0e53d09826aeb25c7ed8f3e1b219649baf3fc9ccb0da4aa1bdefca77ca97aa0c50d0485413936b83a20158cc3795456df09a917751c6e9555988b80b26f36bc8294fa37aca1b0c570e93588c9c25f4d72f01ba4bb874685628f0b64d71eaa9d17b489826ada40cede73bad175b9e956942b581fb7c52added185ce2f24422c0bf33ff32bb0e9e50b697f3257eb76134076bcf59767d12dc2cfa9c6e4544b55adc09a330a873c3a5ac8e28dda7fe398be13b3949ddaa7e25fc9652b783a95db047a3477a64dee6c4eadccbb48e9a525539c51603f8fdf1a8af0b9968ea399b7d787ead48a43bb8f83ced7de9dbe9d29a04438103179d2cc91cc15a5f3b5c589594d5232f8e956776547946bd38ea993b2cd1b1290ba255ef4a1a97055ad51cff35b804ef472a9f60bfedf3af92fc51e9b9e5580d4b12ac5fae4d8a4b9761b1c72a7282fe1cbc90767ec3266aef7ccf306ba8fc5161c74c3765b6b1ad5ab007b9892aedca8fadc7b37597546de787034e2c98a34118ef63680882759f4c3cb654e050b1303d3c9ded614e54fc833992b3d376e9f581d2ef7064ff268359a022b0df7d0679a54746150528ce08d47a05dd0e1f481b0f0b27f25e8b7b0a17827841cd7711e84dae20d98a76e5c6ea29b7a676bc4afb5729705e235ab7d41cf6dc39a208e806db5077326345bff9910e8b591d9c45f506f57f0392c41dfbe0e788299582f1dc2323da8ba93a7141061c8f78f81518c59c41a289b98d83a4575e9a509c0c615cd39ae76d2749378047a3b4ca1078880a0620088c17661322632882c77f751c60443e27df36020a72081b8e32f796f103412721158831ad7658a1299015a8a28ebc4cfd1414f4f4dcdef109c2bd75b7a8d83447e382724ec1076237c85b311df47a4fa7ad981e0f3918a093855e9968364c9bd1f385fccf076bc9e61558ddbe969742a860599a87e045b8fd95b0eb11b1f0fbdcb8a4008da5277f071d819791a2f54fc9f676196cf0b3f0e91c6d1586d9bd687c1df1e759e80b0cea66ea75eef5f9e57a36f61670268b8e2ad39561525e73fe2c942d0fb3f53e46695762c0dcee78ca9b2b81cba1c5fa2a736954dedcdf869149c7220be1f4ea53ccd72c3f8f7d9483068d668542023ea9a3d415a2006a5ac5439668c0a211c9d3212d38cdc13c35bf184579955fff0c35b2870af088340d60f744a0806135ce50a123182ab68fa8a89d858eceeed660f1ec5671d6d1be21022c372eabfa4fb1ebe03f7ab2650ec3679507d17611d1cd694be1adb33e591716af45eb1269969aca77be07d18784e2dd1240b6ac67be842afa51ce452f106de37a1e271b37e2904d6276c09eb5915fc8af524ff86e652c2acd33b634d8ba9268b7c278ebb8a92d7a45d97d2e45b4064b5", 0x4f4}], 0x1}, 0x48800) r1 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000006c0), 0x1, 0x553, &(0x7f0000000700)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r2, 0x2007ffc) preadv2(r2, 0x0, 0x0, 0x1, 0x0, 0xb) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x4, 0x0, &(0x7f0000000040)) ioctl$F2FS_IOC_GET_PIN_FILE(r1, 0x8004f50e, &(0x7f0000000380)) r3 = mq_open(&(0x7f0000000000)='batadv_slave_1\x00', 0x8c2, 0x30, &(0x7f0000000080)={0x8000000000000000, 0x8, 0x1, 0x7fffffffffffffff}) mq_getsetattr(r3, &(0x7f0000000040)={0x0, 0x40, 0x2, 0x80000000000007ff}, 0x0) mq_timedsend(r3, 0x0, 0x0, 0x5, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r6 = dup(r5) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@version_u}]}}) 1.394617883s ago: executing program 1 (id=3672): read$rfkill(0xffffffffffffffff, &(0x7f0000000040), 0x8) mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4005, 0x0, 0x6, 0x2) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) 1.344829804s ago: executing program 1 (id=3674): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a0000000400000008000000"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000240), &(0x7f0000000280)=r1}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff01fd}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1f, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6}]}) 1.252332026s ago: executing program 3 (id=3675): socket$pppl2tp(0x18, 0x1, 0x1) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r1, &(0x7f0000000040)='l', 0xffe0, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 1.241908246s ago: executing program 1 (id=3676): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40080}, 0x0) r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$rfkill(r0, &(0x7f0000000040), 0x8) mprotect(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) fremovexattr(r2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002240)=ANY=[], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r3, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0}}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000118bc6aa6d2cfcc80a4e0d001801000020207025000000000020203e7b1af8ff00000000bfa100000000040007010000f8ffffffb702710008000000b703000000000083850000006a000000957cdbe4ce1e2b453e8381291bd65abcab4ed5b6e68ceba650c86eae8f79d02fd707271a2b41bd86ebb34cd6270b12db29e62c93cdd2d821a822eb0e62aece0a2caf7d291583bb44b343ee1a2c873d928ef674fa38dae9392ab82e47b7a5531aad534ef441e57c504b36c4c3ddbfc14c6726ba3a0c6a7502d95782f457996ffd74f78b9d1a10d5dd2b42b5f6e1f1a975895218f6c2edb6fad605ce33dd736ab940465da9fa1479ad04b1d932b310eba6"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x18) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='kfree\x00', r5}, 0x18) r6 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r6, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', r6}) utime(&(0x7f0000000000)='.\x00', 0x0) mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000c00)=0xc, 0x6, 0x2) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x9, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.194927087s ago: executing program 1 (id=3678): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182300", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000001c0)='kfree\x00', r1}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26f8ffa5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbde8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d944e0b083bbd86b19cb074577a25ff581d92af08a06f857310a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4c2d7acf1dfe79d6771903b76e21190c22d641030e1ddacf006c3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000077339b4200000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e020000007a27310d5d01f8a8a0f5212d7f628f554afea715ccbc66cbb1016490f5d579308cb3188cf2fcaf67e0c16443d526ba4b968f07ae362c2133c168313e84beb871203880dd453c45d0a137d7f5a8b039dbfa62fb2b4214f8e69f967bf1fbd89e77fcca110000000800000000000000f8877994ebdc35f7efd41e3babd9b3782edd6776d5b6cb4ecd72c9de9b5503747d71440378cf2c2c7ea2dc5febb654a867f853713cf4c0bb322fbbe446d18dee4c821275ef18259cafc346c8b3b9fb0f3adcf6ea310a6b9a3f59e29a5909ea047fb61affb4bc8bbea1fb761b8933795b1a91358a7791aa843d07020e8bb6fc18458c49ac6313e7165b7d9f65e94a62b69f1011b94340cdb7303f01e5cdb5682ddf73d65c3de1d88dd7496d6345d5b9de0223988056a53e19a8b96b9640bc6c09d3c2ff894d626b57c776ed53f94d5e22ff148061b37f72bd92924cb1d0a725e19b264346b7cae0251a850de78316503f3c3d395c7e3f04fc8d52583327cd2341ce4b2d092815376299686f41353b2823814563011a2223b9dd00000000000000000000003a131374a3371cb3e2a9bb4d798b91cefa444501f40b7c9589e8c0bb6c82123d2b45ce905d0903b32ecf30e828c71a07a83f3275f3d661d1af0ffbd5d7f0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0xfeffff, 0x680, 0x3f000002, &(0x7f0000000700)="c45c57ce395de5b289f07d637a223920f181c2e57d71483cfb2d075a3ff07258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0xf0, 0xffffff0c}, 0x40) 1.088485389s ago: executing program 1 (id=3680): syz_usb_connect(0x3, 0x1c, 0x0, 0x0) r0 = socket(0x1d, 0x2, 0x6) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="060000000400000008000000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x37e2f4aba9289b81, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r2, 0x2, {0x3}}, 0x18) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x206c}, 0x1, 0x0, 0x0, 0xc4}, 0x20004009) 1.05722535s ago: executing program 2 (id=3681): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0) pwrite64(r3, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) 723.609426ms ago: executing program 4 (id=3683): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x18, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r3}, 0x10) r4 = syz_open_procfs(0x0, &(0x7f0000002080)='pagemap\x00') lseek(r4, 0xfffffffffffffffd, 0x1) ioctl$TIOCL_BLANKSCREEN(r4, 0x541c, &(0x7f0000000100)) rmdir(0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r7 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) writev(r6, &(0x7f0000000440)=[{&(0x7f0000000080)="2e9b5b0007e03dd65193dfb6c575963f86dd60", 0x13}], 0x1) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_SREG={0x8, 0x7, 0x1, 0x0, 0x5}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_TYPE={0x5}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x1f}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r8 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81) ioctl$HIDIOCSFEATURE(r8, 0xc0404806, &(0x7f0000000440)) close_range(r0, 0xffffffffffffffff, 0x0) 702.502397ms ago: executing program 0 (id=3684): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]}) fstatfs(0xffffffffffffffff, 0x0) 646.672508ms ago: executing program 0 (id=3685): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000800)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000540)='sys_enter\x00', r0}, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x4000804}, 0x0) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bind$can_j1939(r6, &(0x7f0000000100)={0x1d, r7, 0x0, {}, 0xfd}, 0x18) connect$can_j1939(r6, &(0x7f0000000080)={0x1d, r7, 0xffffffffffffffff, {0x0, 0xf0, 0x2}, 0xfe}, 0x18) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000200)={&(0x7f0000000580)={0x50, r5, 0x10, 0x70bd28, 0x25dfdbff, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x0) bind$can_j1939(r3, &(0x7f0000000080)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}}, 0x18) sendmsg$can_j1939(r3, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@newtfilter={0x24, 0x11, 0x101, 0x70bd25, 0x100000, {0x0, 0x0, 0x74, r2, {0x5, 0xb}, {0x5, 0xfff3}, {0xfff1, 0xffe0}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4014}, 0xc4) 533.68655ms ago: executing program 0 (id=3686): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000000)={&(0x7f00000001c0)="2453e412ac5dbc95471b883eed719187ce7466d2e5c047896360bb91ee99be0cda4abb669197f1d890195731c6ae2548fd39cbed81b2c8b6e9d784afee84293a365940c072117f1253bf6db637e13f986a26d70c44cc75ce686ccc243f870f6fa182b79ca301070362015eb80eac8d2880bcb927e0a604b7cffa398adb1dfc1dc5421f13e9cb1f5433149cb211e85ce2e06f8f2a", &(0x7f000001a240)=""/4096, &(0x7f0000000280)="c575d1423d77bed1874a00f6344608f8f0a7c36dd06ff0ec9cee97e764e1139a0f9d0d7a274531e363153180bc8ecb265e1b4ca1bc792a297c09840df978c66957bd702fcc450f7df8848efeb8e392abffc3803ff736dd29d4f9980611817e884a1398d77d486bfa59c6215e6cb9af844b26d648ec8067b2363ffd8f584feb376d97011c17a4ccac7c4ba909a8ef031fd45fd6c59c09ceb3979eb299af84502a204fdfc917c6f4052047b5bd6fec175e906120fc9624f8721ba7e644bce3dfa290c90d1dd72782ba5ad512f593d308a584e4e33d3c4670a42eaa5b9d8cb3ae336e37fbe8b2bcd5ce395fc3fd12152deb1921e71a44", &(0x7f0000000380)="a7a77fa697050ce3dfb56c96994854732da1bbaaf60a00054f063b0db2b6518e179ab861d2b03eb8c99a49192508255d9c1e2455ecaa1e218e8e69dc732360d9fcebfcee408a5ba091aa7daebc1ffbb3", 0x0, r0}, 0x38) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x20800, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000340)={'macvtap0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0x4000008, '.\x00'}}) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x3, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC=r2, @ANYRESDEC=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8f70000000000ff000044850000000e000000650000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kfree\x00', r6}, 0x18) r7 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r7, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10) connect$vsock_stream(r7, &(0x7f0000000400)={0x28, 0x0, 0x2710, @host}, 0x10) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="02000000040000000400000001"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xc, 0x4, 0x4, 0x7, 0x0, r8, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x80}, 0x50) 410.320682ms ago: executing program 0 (id=3687): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]}) fstatfs(0xffffffffffffffff, 0x0) (fail_nth: 2) 146.868477ms ago: executing program 3 (id=3688): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_usb_connect(0x3, 0x1c, 0x0, 0x0) r1 = socket(0x1d, 0x2, 0x6) connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x2711, @hyper}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1f, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = socket$igmp6(0xa, 0x3, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r4, 0x2, {0x3}}, 0x18) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x4}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10) r8 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r8, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x4048800) sendmsg$kcm(r8, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0) r9 = socket$kcm(0x2b, 0x1, 0x0) close(r9) socket(0xa, 0x3, 0xff) setsockopt$sock_attach_bpf(r9, 0x1, 0xd, &(0x7f00000001c0), 0x45) close(r9) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]}) setpriority(0x1, 0x0, 0x4) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r1) sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x100}, 0x1, 0x0, 0x0, 0xc4}, 0x20004009) 140.444417ms ago: executing program 2 (id=3689): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7fff}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ac4010000060a0b040000000000000000020000004c000480340001800b000100746172676574000024000280090001004d41524b000000000c00030002b51112d439c5920800024000000002140001800b0001006c6f6f6b75700000040002800900010073797a30000000000900020073797a32"], 0x1ec}, 0x1, 0x0, 0x0, 0x4000840}, 0x0) 52.784259ms ago: executing program 0 (id=3690): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10) set_tid_address(0x0) 922µs ago: executing program 0 (id=3691): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4) r4 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/devices\x00', 0x0, 0x0) preadv(r6, &(0x7f00000015c0)=[{&(0x7f0000001600)=""/4094, 0xffe}], 0x1, 0xf0, 0xd215) write$UHID_CREATE2(r6, &(0x7f0000000c00)={0xb, {'syz0\x00', 'syz1\x00', 'syz1\x00', 0x78, 0xd9a, 0x6, 0x4, 0x5, 0xd18f, "95ba3deec6827f5352119893c38758df08d7d66105b891c6b144839b85bdc6403ae7c5847e259bbc964310a346edcd81e27556e8e4ea8aab5a35364b50bddc6c1df55383d178ea3c05494bcc620a056b5e5a113dd491ab92673931b0d04ef86c406cd1a6d1cc8c42084f6c9d4a4891682d605a857945d3a6"}}, 0x190) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000940)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r5, {0x6}}}, 0x24}}, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r8}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'ipvlan1\x00'}) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)={0x5c, r1, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x40, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x3b, 0x4, "5d0971e919da3e8243146c48bf16a32bbe2db3efc9843e07eeee4378513eaad6e4a4b8ca57af80bd2f73a9eae435aa30b8d8c768c2db1a"}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}]}]}, 0x5c}}, 0x8080) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000}, 0x94) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000300)='sys_enter\x00', r10}, 0x18) mkdirat(0xffffffffffffff9c, 0x0, 0x0) preadv(r9, &(0x7f00000003c0)=[{&(0x7f0000000500)=""/215, 0xd7}], 0x1, 0x5, 0x1) timerfd_create(0x0, 0x800) rt_sigaction(0x5, &(0x7f00000000c0)={&(0x7f0000000040)="c422f91da5000060ffc42235bc64c89bf0217e00c401c1dee5410f19a4af000000006643cfc402f931cfc4c17710e6f2466c460f38051ddf000000", 0x0, &(0x7f0000000080)="c4a215ac27c4e17ee632470f8449000000c402519c760b8f0810cdc300c4c2bd4549ddc4c14814b0fe000000360f703477b466f9f26566360f0d447213", {[0x4800]}}, &(0x7f00000001c0)={&(0x7f0000000100)="c4a178ae949df9000000c482413f91f3a0a0abf3440f1efac4e17929a64a180000c4a1addbf7c421fc10020f38f9895b913f0e47dfc8c4017852b93c9e0000c44225ae7711", 0x0, &(0x7f0000000180)="c4e1cb5fe00f5531c481601539c402a1b94843366464676764edc4227d357306666442aa660fe16115c44295088effefffffc481e5687bfb"}, 0x8, &(0x7f0000000200)) 0s ago: executing program 2 (id=3692): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a000000040000000400000005"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESHEX=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) socket$packet(0x11, 0x3, 0x300) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) clock_gettime(0x0, &(0x7f0000000080)) kernel console output (not intermixed with test programs): hout journal. Quota mode: none. [ 148.417459][T11609] hsr_slave_1: entered promiscuous mode [ 148.535504][T11609] debugfs: 'hsr0' already exists in 'hsr' [ 148.535516][T11609] Cannot create hsr debugfs directory [ 148.592291][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.602704][T11680] futex_wake_op: syz.4.2993 tries to shift op by 144; fix this program [ 148.886649][T11609] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 148.888382][T11609] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 148.903664][T11609] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 148.905697][T11609] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 148.967951][T11609] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.981284][T11609] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.990889][T11703] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3000'. [ 149.002353][ T8683] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.009511][ T8683] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.016198][T11702] binfmt_misc: register: failed to install interpreter file ./file2 [ 149.026224][ T8683] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.033305][ T8683] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.120928][T11609] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.133921][T11692] futex_wake_op: syz.3.2997 tries to shift op by 144; fix this program [ 149.243557][T11609] veth0_vlan: entered promiscuous mode [ 149.262910][T11609] veth1_vlan: entered promiscuous mode [ 149.291552][T11609] veth0_macvtap: entered promiscuous mode [ 149.308500][T11609] veth1_macvtap: entered promiscuous mode [ 149.348699][T11609] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 149.370532][T11609] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 149.388318][ T8646] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.403914][ T8646] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.413195][ T8646] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.422113][ T8646] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.539695][T11743] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3008'. [ 149.549385][ T3410] hid (null): unknown global tag 0xe [ 149.560150][ T3410] hid (null): unknown global tag 0xc [ 149.569221][ T3410] hid (null): unknown global tag 0xe [ 149.569391][ T3410] hid (null): unknown global tag 0xe [ 149.569458][ T3410] hid (null): unknown global tag 0xd [ 149.569469][ T3410] hid (null): unknown global tag 0xc [ 149.569480][ T3410] hid (null): unknown global tag 0xc [ 149.569493][ T3410] hid (null): unknown global tag 0xe [ 149.569532][ T3410] hid (null): unknown global tag 0xc [ 149.569581][ T3410] hid (null): unknown global tag 0xc [ 149.569630][ T3410] hid (null): unknown global tag 0xd [ 149.569703][ T3410] hid (null): unknown global tag 0xd [ 149.573897][ T3410] hid (null): unknown global tag 0xe [ 149.630161][ T3410] hid (null): unknown global tag 0xc [ 149.630192][ T3410] hid (null): report_id 19018 is invalid [ 149.641217][ T3410] hid (null): report_id 0 is invalid [ 149.646518][ T3410] hid (null): unknown global tag 0xd [ 149.646609][ T3410] hid (null): unknown global tag 0xe [ 149.646643][ T3410] hid (null): unknown global tag 0xc [ 149.646655][ T3410] hid (null): nested delimiters [ 149.646665][ T3410] hid (null): unknown global tag 0x9b [ 149.646706][ T3410] hid (null): report_id 0 is invalid [ 149.646758][ T3410] hid (null): report_id 0 is invalid [ 149.646788][ T3410] hid (null): unknown global tag 0xe [ 149.688559][ T3410] hid (null): unknown global tag 0xc [ 149.693855][ T3410] hid (null): report_id 3847094645 is invalid [ 149.693883][ T3410] hid (null): unknown global tag 0xcb [ 149.693910][ T3410] hid (null): unknown global tag 0xe [ 149.695200][ T3410] hid (null): unknown global tag 0xd [ 149.716425][ T3410] hid (null): report_id 16796 is invalid [ 149.716493][ T3410] hid (null): unknown global tag 0xe [ 149.731327][ T3410] hid (null): unknown global tag 0xd [ 149.731395][ T3410] hid (null): invalid report_size 63360 [ 149.731420][ T3410] hid (null): invalid report_count 99512854 [ 149.731442][ T3410] hid (null): global environment stack overflow [ 149.731519][ T3410] hid (null): unknown global tag 0xd [ 149.731559][ T3410] hid (null): unknown global tag 0xc [ 149.765220][ T3410] hid (null): unknown global tag 0xc [ 149.765236][ T3410] hid (null): unknown global tag 0xd [ 149.765265][ T3410] hid (null): unknown global tag 0xd [ 149.765286][ T3410] hid (null): unknown global tag 0xd [ 149.786507][ T3410] hid (null): unknown global tag 0xc [ 149.791878][ T3410] hid (null): invalid report_size 48769 [ 149.791905][ T3410] hid (null): invalid report_size 53507 [ 149.792829][ T3410] hid-generic 0491:000D:0000.002A: unknown global tag 0xe [ 149.810887][ T3410] hid-generic 0491:000D:0000.002A: item 0 2 1 14 parsing failed [ 149.818645][ T3410] hid-generic 0491:000D:0000.002A: probe with driver hid-generic failed with error -22 [ 149.852605][ T29] kauditd_printk_skb: 598 callbacks suppressed [ 149.852619][ T29] audit: type=1326 audit(1758814182.850:15957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11746 comm="syz.1.3010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84cb69eec9 code=0x7ffc0000 [ 149.858998][ T29] audit: type=1326 audit(1758814182.850:15958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11746 comm="syz.1.3010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84cb69eec9 code=0x7ffc0000 [ 149.961239][ T29] audit: type=1326 audit(1758814182.960:15959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11756 comm="syz.2.3014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedae26eec9 code=0x7ffc0000 [ 150.008282][ T29] audit: type=1326 audit(1758814182.990:15960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11756 comm="syz.2.3014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedae26eec9 code=0x7ffc0000 [ 150.032171][ T29] audit: type=1326 audit(1758814182.990:15961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11756 comm="syz.2.3014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7fedae26eec9 code=0x7ffc0000 [ 150.032231][ T29] audit: type=1326 audit(1758814182.990:15962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11756 comm="syz.2.3014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedae26eec9 code=0x7ffc0000 [ 150.032255][ T29] audit: type=1326 audit(1758814182.990:15963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11756 comm="syz.2.3014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedae26eec9 code=0x7ffc0000 [ 150.135747][ T29] audit: type=1326 audit(1758814183.130:15964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11776 comm="syz.2.3020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedae26eec9 code=0x7ffc0000 [ 150.135775][ T29] audit: type=1326 audit(1758814183.130:15965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11776 comm="syz.2.3020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fedae26eec9 code=0x7ffc0000 [ 150.135839][ T29] audit: type=1326 audit(1758814183.130:15966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11776 comm="syz.2.3020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedae26eec9 code=0x7ffc0000 [ 150.296792][T11783] tipc: Enabling of bearer rejected, failed to enable media [ 150.385493][T11795] tipc: Enabling of bearer rejected, already enabled [ 150.425194][T11805] netlink: 332 bytes leftover after parsing attributes in process `syz.0.3031'. [ 150.518482][T11817] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3038'. [ 150.532590][ T3399] hid-generic 0000:0000:0000.002B: unknown main item tag 0x0 [ 150.540488][ T3399] hid-generic 0000:0000:0000.002B: hidraw0: HID v0.00 Device [syz1] on syz0 [ 150.544680][T11819] loop1: detected capacity change from 0 to 1024 [ 150.572764][T11819] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 150.598784][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.621694][T11826] 9pnet_fd: Insufficient options for proto=fd [ 150.750929][T11841] tipc: Enabling of bearer rejected, already enabled [ 150.796609][T11843] netlink: 332 bytes leftover after parsing attributes in process `syz.1.3048'. [ 151.579068][T11915] tipc: Started in network mode [ 151.584002][T11915] tipc: Node identity ac14140f, cluster identity 4711 [ 151.595384][T11915] tipc: New replicast peer: 255.255.255.255 [ 151.601587][T11915] tipc: Enabled bearer , priority 10 [ 151.683332][T11933] 9pnet_fd: Insufficient options for proto=fd [ 151.744785][T11949] tipc: Enabling of bearer rejected, already enabled [ 151.769846][T11954] FAULT_INJECTION: forcing a failure. [ 151.769846][T11954] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 151.782943][T11954] CPU: 1 UID: 0 PID: 11954 Comm: syz.3.3095 Not tainted syzkaller #0 PREEMPT(voluntary) [ 151.782968][T11954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 151.782980][T11954] Call Trace: [ 151.782986][T11954] [ 151.782993][T11954] __dump_stack+0x1d/0x30 [ 151.783073][T11954] dump_stack_lvl+0xe8/0x140 [ 151.783141][T11954] dump_stack+0x15/0x1b [ 151.783156][T11954] should_fail_ex+0x265/0x280 [ 151.783181][T11954] should_fail+0xb/0x20 [ 151.783200][T11954] should_fail_usercopy+0x1a/0x20 [ 151.783251][T11954] _copy_from_user+0x1c/0xb0 [ 151.783274][T11954] __sys_bpf+0x178/0x7b0 [ 151.783302][T11954] __x64_sys_bpf+0x41/0x50 [ 151.783322][T11954] x64_sys_call+0x2aea/0x2ff0 [ 151.783339][T11954] do_syscall_64+0xd2/0x200 [ 151.783476][T11954] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 151.783527][T11954] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 151.783558][T11954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.783578][T11954] RIP: 0033:0x7fd28c8aeec9 [ 151.783590][T11954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.783673][T11954] RSP: 002b:00007fd28b30f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 151.783692][T11954] RAX: ffffffffffffffda RBX: 00007fd28cb05fa0 RCX: 00007fd28c8aeec9 [ 151.783703][T11954] RDX: 0000000000000038 RSI: 0000200000000540 RDI: 0000000000000018 [ 151.783713][T11954] RBP: 00007fd28b30f090 R08: 0000000000000000 R09: 0000000000000000 [ 151.783724][T11954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.783742][T11954] R13: 00007fd28cb06038 R14: 00007fd28cb05fa0 R15: 00007ffffccd1f18 [ 151.783886][T11954] [ 151.974077][T11961] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3098'. [ 152.101571][T11970] tipc: Enabling of bearer rejected, already enabled [ 152.169091][T11976] 9pnet_fd: Insufficient options for proto=fd [ 152.204475][T11985] tipc: Enabling of bearer rejected, already enabled [ 152.551274][T12015] tipc: Enabling of bearer rejected, already enabled [ 152.566694][T12017] loop1: detected capacity change from 0 to 1024 [ 152.603436][T12017] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.646884][T12017] 9pnet_fd: Insufficient options for proto=fd [ 152.652251][ T3399] tipc: Node number set to 2886997007 [ 152.688759][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.821143][ T9361] bridge0: port 3(syz_tun) entered disabled state [ 152.837291][ T9361] syz_tun (unregistering): left allmulticast mode [ 152.843828][ T9361] syz_tun (unregistering): left promiscuous mode [ 152.850251][ T9361] bridge0: port 3(syz_tun) entered disabled state [ 152.880601][T12055] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3138'. [ 152.895678][ T10] hid (null): unknown global tag 0xe [ 152.906506][ T10] hid (null): unknown global tag 0xc [ 152.915139][ T10] hid (null): unknown global tag 0xe [ 152.920595][ T10] hid (null): unknown global tag 0xe [ 152.925921][ T10] hid (null): unknown global tag 0xd [ 152.931254][ T10] hid (null): unknown global tag 0xc [ 152.931270][ T10] hid (null): unknown global tag 0xc [ 152.931283][ T10] hid (null): unknown global tag 0xe [ 152.931325][ T10] hid (null): unknown global tag 0xc [ 152.931436][ T10] hid (null): unknown global tag 0xc [ 152.931494][ T10] hid (null): unknown global tag 0xd [ 152.931546][ T10] hid (null): unknown global tag 0xd [ 152.935714][ T10] hid (null): unknown global tag 0xe [ 152.974917][ T10] hid (null): unknown global tag 0xc [ 152.974949][ T10] hid (null): report_id 19018 is invalid [ 152.975016][ T10] hid (null): report_id 0 is invalid [ 152.975071][ T10] hid (null): unknown global tag 0xd [ 152.975100][ T10] hid (null): unknown global tag 0xe [ 152.975131][ T10] hid (null): unknown global tag 0xc [ 152.975145][ T10] hid (null): nested delimiters [ 152.975156][ T10] hid (null): unknown global tag 0x9b [ 152.975226][ T10] hid (null): report_id 0 is invalid [ 152.975265][ T10] hid (null): report_id 0 is invalid [ 152.975294][ T10] hid (null): unknown global tag 0xe [ 152.975335][ T10] hid (null): unknown global tag 0xc [ 152.975399][ T10] hid (null): report_id 3847094645 is invalid [ 152.975423][ T10] hid (null): unknown global tag 0xcb [ 152.975474][ T10] hid (null): unknown global tag 0xe [ 152.976989][ T10] hid (null): unknown global tag 0xd [ 152.977055][ T10] hid (null): report_id 16796 is invalid [ 152.977085][ T10] hid (null): unknown global tag 0xe [ 152.981498][ T10] hid (null): unknown global tag 0xd [ 153.022176][T12060] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3139'. [ 153.022907][ T10] hid (null): invalid report_size 63360 [ 153.036636][ T3399] hid-generic 0000:0000:0000.002C: unknown main item tag 0x0 [ 153.038794][ T10] hid (null): invalid report_count 99512854 [ 153.047219][ T3399] hid-generic 0000:0000:0000.002C: hidraw0: HID v0.00 Device [syz1] on syz0 [ 153.050162][ T10] hid (null): global environment stack overflow [ 153.125676][ T10] hid (null): unknown global tag 0xd [ 153.131009][ T10] hid (null): unknown global tag 0xc [ 153.131101][ T10] hid (null): unknown global tag 0xc [ 153.131111][ T10] hid (null): unknown global tag 0xd [ 153.131140][ T10] hid (null): unknown global tag 0xd [ 153.131153][ T10] hid (null): unknown global tag 0xd [ 153.131185][ T10] hid (null): unknown global tag 0xc [ 153.131199][ T10] hid (null): invalid report_size 48769 [ 153.131221][ T10] hid (null): invalid report_size 53507 [ 153.141859][ T10] hid-generic 0491:000D:0000.002D: unknown global tag 0xe [ 153.144218][T12050] chnl_net:caif_netlink_parms(): no params data found [ 153.147325][ T10] hid-generic 0491:000D:0000.002D: item 0 2 1 14 parsing failed [ 153.196041][ T10] hid-generic 0491:000D:0000.002D: probe with driver hid-generic failed with error -22 [ 153.233986][T12050] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.241152][T12050] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.242715][T12050] bridge_slave_0: entered allmulticast mode [ 153.248920][T12067] 9pnet_fd: Insufficient options for proto=fd [ 153.262531][T12050] bridge_slave_0: entered promiscuous mode [ 153.269666][ T8646] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.280865][T12050] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.280969][T12050] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.281085][T12050] bridge_slave_1: entered allmulticast mode [ 153.281608][T12050] bridge_slave_1: entered promiscuous mode [ 153.314275][T12050] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.326790][ T8646] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.343248][T12050] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 153.346565][T12086] 9pnet_fd: Insufficient options for proto=fd [ 153.376478][T12050] team0: Port device team_slave_0 added [ 153.377620][T12050] team0: Port device team_slave_1 added [ 153.397214][ T8646] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.416476][T12050] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 153.423530][T12050] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.423554][T12050] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 153.425062][T12050] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 153.467834][T12050] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.467916][T12050] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 153.514705][T12050] hsr_slave_0: entered promiscuous mode [ 153.515260][T12050] hsr_slave_1: entered promiscuous mode [ 153.515554][T12050] debugfs: 'hsr0' already exists in 'hsr' [ 153.515564][T12050] Cannot create hsr debugfs directory [ 153.522261][ T8646] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.633248][ T8646] bridge_slave_1: left allmulticast mode [ 153.633294][ T8646] bridge_slave_1: left promiscuous mode [ 153.644716][ T8646] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.653996][ T8646] bridge_slave_0: left allmulticast mode [ 153.654030][ T8646] bridge_slave_0: left promiscuous mode [ 153.654228][ T8646] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.695890][T12100] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3147'. [ 153.704937][T12100] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3147'. [ 153.788307][T12112] loop1: detected capacity change from 0 to 1024 [ 153.800771][T12112] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 153.831003][ T8646] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 153.841842][ T8646] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 153.851308][ T8646] bond0 (unregistering): Released all slaves [ 153.860950][T12099] tipc: Enabling of bearer rejected, already enabled [ 153.896708][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.918391][ T8646] tipc: Disabling bearer [ 153.925369][ T8646] tipc: Disabling bearer [ 153.930705][ T8646] tipc: Disabling bearer [ 153.935935][ T8646] tipc: Left network mode [ 153.966956][ T8646] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 153.974412][ T8646] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 153.981294][T12129] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3158'. [ 153.991581][T12130] netlink: 100 bytes leftover after parsing attributes in process `syz.0.3156'. [ 153.993086][ T8646] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.008064][ T8646] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 154.008532][ T10] hid (null): unknown global tag 0xe [ 154.025393][ T10] hid (null): unknown global tag 0xc [ 154.029108][ T10] hid (null): unknown global tag 0xe [ 154.036557][ T10] hid (null): unknown global tag 0xe [ 154.036581][ T10] hid (null): unknown global tag 0xd [ 154.036595][ T10] hid (null): unknown global tag 0xc [ 154.036608][ T10] hid (null): unknown global tag 0xc [ 154.036640][ T10] hid (null): unknown global tag 0xe [ 154.036676][ T10] hid (null): unknown global tag 0xc [ 154.036714][ T10] hid (null): unknown global tag 0xc [ 154.036798][ T10] hid (null): unknown global tag 0xd [ 154.036809][ T10] hid (null): unknown global tag 0xd [ 154.041028][ T10] hid (null): unknown global tag 0xe [ 154.042940][ T8646] batman_adv: batadv0: Interface deactivated: dummy0 [ 154.047900][ T10] hid (null): unknown global tag 0xc [ 154.047926][ T10] hid (null): report_id 19018 is invalid [ 154.053224][ T8646] batman_adv: batadv0: Removing interface: dummy0 [ 154.114657][ T10] hid (null): report_id 0 is invalid [ 154.114731][ T10] hid (null): unknown global tag 0xd [ 154.114759][ T10] hid (null): unknown global tag 0xe [ 154.114790][ T10] hid (null): unknown global tag 0xc [ 154.114883][ T10] hid (null): nested delimiters [ 154.114895][ T10] hid (null): unknown global tag 0x9b [ 154.114910][ T10] hid (null): report_id 0 is invalid [ 154.114963][ T10] hid (null): report_id 0 is invalid [ 154.114998][ T10] hid (null): unknown global tag 0xe [ 154.115058][ T10] hid (null): unknown global tag 0xc [ 154.115069][ T10] hid (null): report_id 3847094645 is invalid [ 154.115090][ T10] hid (null): unknown global tag 0xcb [ 154.115161][ T10] hid (null): unknown global tag 0xe [ 154.116425][ T10] hid (null): unknown global tag 0xd [ 154.189806][ T10] hid (null): report_id 16796 is invalid [ 154.189846][ T10] hid (null): unknown global tag 0xe [ 154.194158][ T10] hid (null): unknown global tag 0xd [ 154.207007][ T10] hid (null): invalid report_size 63360 [ 154.212619][ T10] hid (null): invalid report_count 99512854 [ 154.212644][ T10] hid (null): global environment stack overflow [ 154.212718][ T10] hid (null): unknown global tag 0xd [ 154.212819][ T10] hid (null): unknown global tag 0xc [ 154.212906][ T10] hid (null): unknown global tag 0xc [ 154.212917][ T10] hid (null): unknown global tag 0xd [ 154.212941][ T10] hid (null): unknown global tag 0xd [ 154.212954][ T10] hid (null): unknown global tag 0xd [ 154.212998][ T10] hid (null): unknown global tag 0xc [ 154.213009][ T10] hid (null): invalid report_size 48769 [ 154.213028][ T10] hid (null): invalid report_size 53507 [ 154.213688][ T8646] batman_adv: batadv0: Interface deactivated: macsec1 [ 154.213699][ T8646] batman_adv: batadv0: Removing interface: macsec1 [ 154.214057][ T10] hid-generic 0491:000D:0000.002E: unknown global tag 0xe [ 154.294412][ T10] hid-generic 0491:000D:0000.002E: item 0 2 1 14 parsing failed [ 154.294643][ T10] hid-generic 0491:000D:0000.002E: probe with driver hid-generic failed with error -22 [ 154.302315][ T8646] batadv_slave_1: left promiscuous mode [ 154.318424][ T8646] veth1_macvtap: left promiscuous mode [ 154.318494][ T8646] veth0_macvtap: left promiscuous mode [ 154.330831][ T8646] veth1_vlan: left promiscuous mode [ 154.330862][ T8646] veth0_vlan: left promiscuous mode [ 154.466356][ T8646] team0 (unregistering): Port device 26±ÿ removed [ 154.473891][ T8646] team0 (unregistering): Port device team_slave_0 removed [ 154.480019][ T8686] smc: removing ib device syz! [ 154.505661][T12144] tipc: Enabling of bearer rejected, already enabled [ 154.569512][T12146] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3164'. [ 154.774241][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 154.774259][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 154.774275][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 154.774287][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 154.774313][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 154.774326][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 154.774344][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774358][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.774377][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774405][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.774425][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774438][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.774471][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774486][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.774516][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774531][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.774551][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774565][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.774587][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774601][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.774620][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774634][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.774654][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774668][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.774692][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774707][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.774730][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774743][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.774763][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774777][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.774817][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774830][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.774848][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774879][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.774916][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774930][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.774948][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.774981][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.775016][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.775031][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.775066][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.775081][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.775101][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.775115][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.775135][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.775169][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.775193][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.775221][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.775240][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 154.775254][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 154.775288][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 155.163937][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 155.163966][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 155.163979][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 155.163995][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 155.164007][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 155.203080][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 155.203097][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 155.203138][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 155.226508][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 155.226541][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 155.242127][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 155.249960][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 155.257766][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 155.265596][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 155.273415][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 155.281276][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 155.289066][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 155.296888][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 155.304709][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 155.312533][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 155.320357][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 155.328191][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 155.336009][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 155.343842][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 155.351672][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 155.359496][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 155.367287][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 155.437688][T12050] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 155.449415][ T29] kauditd_printk_skb: 537 callbacks suppressed [ 155.449427][ T29] audit: type=1326 audit(1758814188.450:16504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12170 comm="syz.3.3173" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd28c8aeec9 code=0x0 [ 155.481778][T12050] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 155.498113][T12050] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 155.506091][T12176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3173'. [ 155.520018][T12176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3173'. [ 155.530474][T12050] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 155.546461][ T29] audit: type=1400 audit(1758814188.540:16505): avc: denied { create } for pid=12183 comm="syz.0.3176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 155.567349][T12184] loop0: detected capacity change from 0 to 1024 [ 155.580910][T12184] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 155.595089][ T29] audit: type=1400 audit(1758814188.590:16506): avc: denied { setopt } for pid=12183 comm="syz.0.3176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 155.595543][ T10] IPVS: starting estimator thread 0... [ 155.621228][ T29] audit: type=1400 audit(1758814188.620:16507): avc: denied { name_bind } for pid=12183 comm="syz.0.3176" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 155.638944][T12184] bridge_slave_0: left allmulticast mode [ 155.648739][T12184] bridge_slave_0: left promiscuous mode [ 155.654689][T12184] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.666296][T12184] bridge_slave_1: left allmulticast mode [ 155.672034][T12184] bridge_slave_1: left promiscuous mode [ 155.677651][T12184] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.687857][T12184] bond0: (slave bond_slave_0): Releasing backup interface [ 155.698020][T12184] bond0: (slave bond_slave_1): Releasing backup interface [ 155.708856][T12184] team0: Port device team_slave_0 removed [ 155.717346][T12184] team0: Port device team_slave_1 removed [ 155.723928][T12184] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 155.729473][T12192] IPVS: using max 2544 ests per chain, 127200 per kthread [ 155.731387][T12184] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 155.751407][T12184] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 155.758783][T12184] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 155.776510][T12186] tipc: Enabling of bearer rejected, failed to enable media [ 155.794132][ T3410] hid (null): unknown global tag 0xe [ 155.804495][ T3410] hid (null): unknown global tag 0xc [ 155.813582][ T3410] hid (null): unknown global tag 0xe [ 155.818973][ T3410] hid (null): unknown global tag 0xe [ 155.824337][ T3410] hid (null): unknown global tag 0xd [ 155.829647][ T3410] hid (null): unknown global tag 0xc [ 155.832382][T12050] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.834921][ T3410] hid (null): unknown global tag 0xc [ 155.834936][ T3410] hid (null): unknown global tag 0xe [ 155.852289][ T3410] hid (null): unknown global tag 0xc [ 155.857610][ T3410] hid (null): unknown global tag 0xc [ 155.863097][ T3410] hid (null): unknown global tag 0xd [ 155.868410][ T3410] hid (null): unknown global tag 0xd [ 155.877660][T12050] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.878050][ T3410] hid (null): unknown global tag 0xe [ 155.889569][ T3410] hid (null): unknown global tag 0xc [ 155.895021][ T3410] hid (null): report_id 19018 is invalid [ 155.897517][ T1924] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.900725][ T3410] hid (null): report_id 0 is invalid [ 155.907741][ T1924] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.913008][ T3410] hid (null): unknown global tag 0xd [ 155.925482][ T3410] hid (null): unknown global tag 0xe [ 155.925521][ T3410] hid (null): unknown global tag 0xc [ 155.925531][ T3410] hid (null): nested delimiters [ 155.925541][ T3410] hid (null): unknown global tag 0x9b [ 155.925552][ T3410] hid (null): report_id 0 is invalid [ 155.925584][ T3410] hid (null): report_id 0 is invalid [ 155.925613][ T3410] hid (null): unknown global tag 0xe [ 155.925626][ T3410] hid (null): unknown global tag 0xc [ 155.925664][ T3410] hid (null): report_id 3847094645 is invalid [ 155.925683][ T3410] hid (null): unknown global tag 0xcb [ 155.925707][ T3410] hid (null): unknown global tag 0xe [ 155.926992][ T3410] hid (null): unknown global tag 0xd [ 155.954200][T12050] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 155.957681][ T3410] hid (null): report_id 16796 is invalid [ 155.957715][ T3410] hid (null): unknown global tag 0xe [ 155.962257][ T3410] hid (null): unknown global tag 0xd [ 155.963047][T12050] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 155.968313][ T3410] hid (null): invalid report_size 63360 [ 155.978533][ T1924] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.979825][ T3410] hid (null): invalid report_count 99512854 [ 155.979862][ T3410] hid (null): global environment stack overflow [ 155.985146][ T1924] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.990484][ T3410] hid (null): unknown global tag 0xd [ 156.006249][T11609] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.006353][ T3410] hid (null): unknown global tag 0xc [ 156.078585][ T3410] hid (null): unknown global tag 0xc [ 156.078601][ T3410] hid (null): unknown global tag 0xd [ 156.078633][ T3410] hid (null): unknown global tag 0xd [ 156.078646][ T3410] hid (null): unknown global tag 0xd [ 156.078693][ T3410] hid (null): unknown global tag 0xc [ 156.105522][ T3410] hid (null): invalid report_size 48769 [ 156.111122][ T3410] hid (null): invalid report_size 53507 [ 156.120100][ T3410] hid-generic 0491:000D:0000.002F: unknown global tag 0xe [ 156.127296][ T3410] hid-generic 0491:000D:0000.002F: item 0 2 1 14 parsing failed [ 156.169058][T12050] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.281856][ T3410] hid-generic 0491:000D:0000.002F: probe with driver hid-generic failed with error -22 [ 156.346029][T12050] veth0_vlan: entered promiscuous mode [ 156.364965][T12050] veth1_vlan: entered promiscuous mode [ 156.399491][T12050] veth0_macvtap: entered promiscuous mode [ 156.404966][T12050] veth1_macvtap: entered promiscuous mode [ 156.423684][T12217] futex_wake_op: syz.0.3181 tries to shift op by 144; fix this program [ 156.534162][T12050] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 156.544572][T12050] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 156.575154][ T8683] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.591672][ T8683] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.591701][ T8683] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.591788][ T8683] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.604347][T12246] tipc: Enabling of bearer rejected, failed to enable media [ 156.829534][ T29] audit: type=1326 audit(1758814189.820:16508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12267 comm="syz.3.3195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28c8aeec9 code=0x7ffc0000 [ 156.853153][ T29] audit: type=1326 audit(1758814189.820:16509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12267 comm="syz.3.3195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28c8aeec9 code=0x7ffc0000 [ 156.876937][ T29] audit: type=1326 audit(1758814189.820:16510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12267 comm="syz.3.3195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fd28c8aeec9 code=0x7ffc0000 [ 156.900984][ T29] audit: type=1326 audit(1758814189.820:16511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12267 comm="syz.3.3195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28c8aeec9 code=0x7ffc0000 [ 156.924564][ T29] audit: type=1326 audit(1758814189.820:16512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12267 comm="syz.3.3195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd28c8aeec9 code=0x7ffc0000 [ 156.985728][ T29] audit: type=1326 audit(1758814189.830:16513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12267 comm="syz.3.3195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28c8aeec9 code=0x7ffc0000 [ 157.018622][T12272] __nla_validate_parse: 3 callbacks suppressed [ 157.018635][T12272] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3196'. [ 157.084045][T12261] chnl_net:caif_netlink_parms(): no params data found [ 157.118898][T12261] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.126073][T12261] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.133416][T12261] bridge_slave_0: entered allmulticast mode [ 157.139966][T12261] bridge_slave_0: entered promiscuous mode [ 157.147223][T12261] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.154846][T12261] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.164033][T12261] bridge_slave_1: entered allmulticast mode [ 157.170966][T12261] bridge_slave_1: entered promiscuous mode [ 157.194583][T12261] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 157.205319][T12261] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.231895][T12261] team0: Port device team_slave_0 added [ 157.239312][T12261] team0: Port device team_slave_1 added [ 157.258901][T12286] futex_wake_op: syz.4.3199 tries to shift op by 144; fix this program [ 157.268014][T12303] syzkaller0: entered promiscuous mode [ 157.273618][T12303] syzkaller0: entered allmulticast mode [ 157.285499][T12261] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 157.292545][T12261] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.319014][T12261] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 157.330870][T12261] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 157.337950][T12261] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.363907][T12261] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 157.382461][ T8646] IPVS: stop unused estimator thread 0... [ 157.436752][T12261] hsr_slave_0: entered promiscuous mode [ 157.447986][T12261] hsr_slave_1: entered promiscuous mode [ 157.459760][T12261] debugfs: 'hsr0' already exists in 'hsr' [ 157.465504][T12261] Cannot create hsr debugfs directory [ 157.475575][ T8646] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.544964][ T8646] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.574265][T12315] netlink: 332 bytes leftover after parsing attributes in process `syz.0.3208'. [ 157.605219][T12317] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3209'. [ 157.622798][ T8646] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.713112][ T8646] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.816922][ T8646] bridge_slave_1: left allmulticast mode [ 157.822622][ T8646] bridge_slave_1: left promiscuous mode [ 157.828250][ T8646] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.837089][ T8646] bridge_slave_0: left allmulticast mode [ 157.842784][ T8646] bridge_slave_0: left promiscuous mode [ 157.848634][ T8646] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.919025][T12337] IPVS: set_ctl: invalid protocol: 20551 0.0.0.0:0 [ 158.041473][ T8646] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 158.051311][ T8646] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 158.062678][T12344] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3219'. [ 158.065827][ T8646] bond0 (unregistering): Released all slaves [ 158.071812][T12344] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3219'. [ 158.147138][ T8646] tipc: Disabling bearer [ 158.152414][ T8646] tipc: Left network mode [ 158.160564][ T8646] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 158.168112][ T8646] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 158.175862][ T8646] batman_adv: batadv0: Removing interface: dummy0 [ 158.185727][ T8646] veth1_macvtap: left promiscuous mode [ 158.191397][ T8646] veth0_macvtap: left promiscuous mode [ 158.196965][ T8646] veth1_vlan: left promiscuous mode [ 158.202256][ T8646] veth0_vlan: left promiscuous mode [ 158.273578][ T8646] team0 (unregistering): Port device team_slave_1 removed [ 158.283748][ T8646] team0 (unregistering): Port device team_slave_0 removed [ 158.392636][T12261] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 158.401770][T12261] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 158.411120][T12261] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 158.420721][T12261] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 158.436603][T12356] futex_wake_op: syz.0.3225 tries to shift op by 144; fix this program [ 158.471986][T12261] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.485150][T12261] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.495935][ T8686] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.503060][ T8686] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.519250][ T1924] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.526417][ T1924] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.625236][T12261] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.667572][T12389] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 158.675971][T12389] tipc: Enabled bearer , priority 10 [ 158.714459][T12396] FAULT_INJECTION: forcing a failure. [ 158.714459][T12396] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.727583][T12396] CPU: 1 UID: 0 PID: 12396 Comm: syz.4.3235 Not tainted syzkaller #0 PREEMPT(voluntary) [ 158.727607][T12396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 158.727619][T12396] Call Trace: [ 158.727625][T12396] [ 158.727632][T12396] __dump_stack+0x1d/0x30 [ 158.727652][T12396] dump_stack_lvl+0xe8/0x140 [ 158.727714][T12396] dump_stack+0x15/0x1b [ 158.727730][T12396] should_fail_ex+0x265/0x280 [ 158.727754][T12396] should_fail+0xb/0x20 [ 158.727835][T12396] should_fail_usercopy+0x1a/0x20 [ 158.727860][T12396] _copy_from_user+0x1c/0xb0 [ 158.727897][T12396] __x64_sys_sendfile64+0x88/0x150 [ 158.727928][T12396] x64_sys_call+0x2bb0/0x2ff0 [ 158.727945][T12396] do_syscall_64+0xd2/0x200 [ 158.727975][T12396] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 158.728076][T12396] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 158.728098][T12396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.728115][T12396] RIP: 0033:0x7f27b4d8eec9 [ 158.728128][T12396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.728145][T12396] RSP: 002b:00007f27b37f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 158.728164][T12396] RAX: ffffffffffffffda RBX: 00007f27b4fe5fa0 RCX: 00007f27b4d8eec9 [ 158.728177][T12396] RDX: 0000200000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 158.728190][T12396] RBP: 00007f27b37f7090 R08: 0000000000000000 R09: 0000000000000000 [ 158.728203][T12396] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 158.728217][T12396] R13: 00007f27b4fe6038 R14: 00007f27b4fe5fa0 R15: 00007ffc5ad94c98 [ 158.728292][T12396] [ 158.900552][T12261] veth0_vlan: entered promiscuous mode [ 158.909211][T12261] veth1_vlan: entered promiscuous mode [ 158.921489][T12261] veth0_macvtap: entered promiscuous mode [ 158.932526][T12261] veth1_macvtap: entered promiscuous mode [ 158.943585][T12261] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 158.954633][T12261] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 158.966360][ T8646] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.984394][ T8646] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.994755][ T8646] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.008731][ T8646] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.240490][T12424] SELinux: failed to load policy [ 159.264949][T12430] FAULT_INJECTION: forcing a failure. [ 159.264949][T12430] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 159.278133][T12430] CPU: 1 UID: 0 PID: 12430 Comm: syz.4.3246 Not tainted syzkaller #0 PREEMPT(voluntary) [ 159.278166][T12430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 159.278176][T12430] Call Trace: [ 159.278180][T12430] [ 159.278187][T12430] __dump_stack+0x1d/0x30 [ 159.278204][T12430] dump_stack_lvl+0xe8/0x140 [ 159.278220][T12430] dump_stack+0x15/0x1b [ 159.278234][T12430] should_fail_ex+0x265/0x280 [ 159.278336][T12430] should_fail+0xb/0x20 [ 159.278355][T12430] should_fail_usercopy+0x1a/0x20 [ 159.278384][T12430] _copy_from_user+0x1c/0xb0 [ 159.278412][T12430] __sys_bpf+0x178/0x7b0 [ 159.278442][T12430] __x64_sys_bpf+0x41/0x50 [ 159.278508][T12430] x64_sys_call+0x2aea/0x2ff0 [ 159.278527][T12430] do_syscall_64+0xd2/0x200 [ 159.278574][T12430] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 159.278596][T12430] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 159.278673][T12430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.278694][T12430] RIP: 0033:0x7f27b4d8eec9 [ 159.278709][T12430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.278725][T12430] RSP: 002b:00007f27b37f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 159.278744][T12430] RAX: ffffffffffffffda RBX: 00007f27b4fe5fa0 RCX: 00007f27b4d8eec9 [ 159.278792][T12430] RDX: 0000000000000040 RSI: 00002000000005c0 RDI: 000000000000001c [ 159.278804][T12430] RBP: 00007f27b37f7090 R08: 0000000000000000 R09: 0000000000000000 [ 159.278939][T12430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 159.278951][T12430] R13: 00007f27b4fe6038 R14: 00007f27b4fe5fa0 R15: 00007ffc5ad94c98 [ 159.278969][T12430] [ 159.535860][T12434] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3248'. [ 159.546881][T12439] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3249'. [ 159.739814][T12466] FAULT_INJECTION: forcing a failure. [ 159.739814][T12466] name failslab, interval 1, probability 0, space 0, times 0 [ 159.752549][T12466] CPU: 0 UID: 0 PID: 12466 Comm: syz.0.3258 Not tainted syzkaller #0 PREEMPT(voluntary) [ 159.752576][T12466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 159.752588][T12466] Call Trace: [ 159.752593][T12466] [ 159.752600][T12466] __dump_stack+0x1d/0x30 [ 159.752658][T12466] dump_stack_lvl+0xe8/0x140 [ 159.752674][T12466] dump_stack+0x15/0x1b [ 159.752690][T12466] should_fail_ex+0x265/0x280 [ 159.752779][T12466] should_failslab+0x8c/0xb0 [ 159.752882][T12466] kmem_cache_alloc_noprof+0x50/0x310 [ 159.752905][T12466] ? security_file_alloc+0x32/0x100 [ 159.752932][T12466] security_file_alloc+0x32/0x100 [ 159.753037][T12466] init_file+0x5c/0x1d0 [ 159.753125][T12466] alloc_empty_file+0x8b/0x200 [ 159.753196][T12466] path_openat+0x68/0x2170 [ 159.753214][T12466] ? security_inode_alloc+0x37/0x100 [ 159.753240][T12466] ? xas_load+0x413/0x430 [ 159.753322][T12466] ? xas_load+0x413/0x430 [ 159.753418][T12466] ? css_rstat_updated+0xb7/0x240 [ 159.753500][T12466] ? mod_memcg_lruvec_state+0x1fc/0x2c0 [ 159.753551][T12466] ? try_charge_memcg+0x200/0x9e0 [ 159.753640][T12466] do_filp_open+0x109/0x230 [ 159.753664][T12466] io_openat2+0x272/0x390 [ 159.753883][T12466] io_openat+0x1b/0x30 [ 159.753910][T12466] __io_issue_sqe+0xfe/0x2e0 [ 159.753927][T12466] ? io_wq_submit_work+0x5c2/0x5f0 [ 159.753945][T12466] io_issue_sqe+0x53/0x970 [ 159.753961][T12466] ? io_openat_prep+0x26a/0x2b0 [ 159.754094][T12466] io_submit_sqes+0x675/0x1060 [ 159.754119][T12466] __se_sys_io_uring_enter+0x1c1/0x1b70 [ 159.754193][T12466] ? 0xffffffff81000000 [ 159.754205][T12466] ? __rcu_read_unlock+0x4f/0x70 [ 159.754257][T12466] ? get_pid_task+0x96/0xd0 [ 159.754276][T12466] ? proc_fail_nth_write+0x13b/0x160 [ 159.754300][T12466] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 159.754324][T12466] ? vfs_write+0x7e8/0x960 [ 159.754388][T12466] ? __rcu_read_unlock+0x4f/0x70 [ 159.754405][T12466] ? __fget_files+0x184/0x1c0 [ 159.754425][T12466] ? fput+0x8f/0xc0 [ 159.754449][T12466] __x64_sys_io_uring_enter+0x78/0x90 [ 159.754561][T12466] x64_sys_call+0x2de1/0x2ff0 [ 159.754582][T12466] do_syscall_64+0xd2/0x200 [ 159.754617][T12466] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 159.754678][T12466] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 159.754703][T12466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.754790][T12466] RIP: 0033:0x7f00fc51eec9 [ 159.754803][T12466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.754819][T12466] RSP: 002b:00007f00faf7f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 159.754838][T12466] RAX: ffffffffffffffda RBX: 00007f00fc775fa0 RCX: 00007f00fc51eec9 [ 159.754850][T12466] RDX: 0000000000007721 RSI: 0000000000002219 RDI: 0000000000000000 [ 159.754862][T12466] RBP: 00007f00faf7f090 R08: 0000000000000000 R09: 0000000000000000 [ 159.754953][T12466] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000001 [ 159.754963][T12466] R13: 00007f00fc776038 R14: 00007f00fc775fa0 R15: 00007ffc5ad88668 [ 159.754979][T12466] [ 160.095601][ T1924] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.157685][T12451] futex_wake_op: syz.3.3252 tries to shift op by 144; fix this program [ 160.408737][T12505] netlink: 332 bytes leftover after parsing attributes in process `syz.4.3271'. [ 160.455062][T12478] chnl_net:caif_netlink_parms(): no params data found [ 160.573628][T12478] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.580803][T12478] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.589998][T12478] bridge_slave_0: entered allmulticast mode [ 160.601726][T12478] bridge_slave_0: entered promiscuous mode [ 160.615099][T12478] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.622336][T12478] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.638765][T12478] bridge_slave_1: entered allmulticast mode [ 160.645069][ T29] kauditd_printk_skb: 216 callbacks suppressed [ 160.645128][ T29] audit: type=1326 audit(1758814193.640:16730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12506 comm="syz.1.3272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f6afdeec9 code=0x7ffc0000 [ 160.672416][T12478] bridge_slave_1: entered promiscuous mode [ 160.704387][T12478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 160.716430][T12478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 160.741664][T12478] team0: Port device team_slave_0 added [ 160.744292][T12524] loop1: detected capacity change from 0 to 512 [ 160.754646][T12524] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 160.755613][T12478] team0: Port device team_slave_1 added [ 160.790904][T12478] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 160.797867][T12478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.823954][T12478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 160.836697][ T29] audit: type=1400 audit(1758814193.830:16731): avc: denied { bind } for pid=12523 comm="syz.1.3275" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 160.857361][T12478] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 160.864317][T12478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.890284][T12478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 160.934214][T12478] hsr_slave_0: entered promiscuous mode [ 160.940593][T12478] hsr_slave_1: entered promiscuous mode [ 160.946378][T12478] debugfs: 'hsr0' already exists in 'hsr' [ 160.952148][T12478] Cannot create hsr debugfs directory [ 160.960845][T12609] netlink: 332 bytes leftover after parsing attributes in process `syz.3.3279'. [ 161.044182][T12671] FAULT_INJECTION: forcing a failure. [ 161.044182][T12671] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 161.057274][T12671] CPU: 0 UID: 0 PID: 12671 Comm: syz.1.3283 Not tainted syzkaller #0 PREEMPT(voluntary) [ 161.057299][T12671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 161.057311][T12671] Call Trace: [ 161.057317][T12671] [ 161.057352][T12671] __dump_stack+0x1d/0x30 [ 161.057370][T12671] dump_stack_lvl+0xe8/0x140 [ 161.057385][T12671] dump_stack+0x15/0x1b [ 161.057398][T12671] should_fail_ex+0x265/0x280 [ 161.057494][T12671] should_fail+0xb/0x20 [ 161.057560][T12671] should_fail_usercopy+0x1a/0x20 [ 161.057581][T12671] _copy_from_user+0x1c/0xb0 [ 161.057627][T12671] ___sys_sendmsg+0xc1/0x1d0 [ 161.057663][T12671] __sys_sendmmsg+0x178/0x300 [ 161.057695][T12671] __x64_sys_sendmmsg+0x57/0x70 [ 161.057794][T12671] x64_sys_call+0x1c4a/0x2ff0 [ 161.057813][T12671] do_syscall_64+0xd2/0x200 [ 161.057871][T12671] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 161.057891][T12671] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 161.057913][T12671] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.057930][T12671] RIP: 0033:0x7f0f6afdeec9 [ 161.057942][T12671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.057981][T12671] RSP: 002b:00007f0f69a3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 161.058000][T12671] RAX: ffffffffffffffda RBX: 00007f0f6b235fa0 RCX: 00007f0f6afdeec9 [ 161.058010][T12671] RDX: 0000000000000272 RSI: 0000200000007fc0 RDI: 0000000000000003 [ 161.058048][T12671] RBP: 00007f0f69a3f090 R08: 0000000000000000 R09: 0000000000000000 [ 161.058058][T12671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.058071][T12671] R13: 00007f0f6b236038 R14: 00007f0f6b235fa0 R15: 00007ffc1a1b5b28 [ 161.058088][T12671] [ 161.259240][T12678] tipc: Started in network mode [ 161.264198][T12678] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 161.273509][T12678] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 161.281831][T12678] tipc: Enabled bearer , priority 10 [ 161.312062][ T29] audit: type=1326 audit(1758814194.310:16732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12680 comm="syz.3.3286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28c8aeec9 code=0x7ffc0000 [ 161.335804][ T29] audit: type=1326 audit(1758814194.310:16733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12680 comm="syz.3.3286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28c8aeec9 code=0x7ffc0000 [ 161.425742][ T29] audit: type=1326 audit(1758814194.360:16734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12680 comm="syz.3.3286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fd28c8aeec9 code=0x7ffc0000 [ 161.449344][ T29] audit: type=1326 audit(1758814194.370:16735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12680 comm="syz.3.3286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28c8aeec9 code=0x7ffc0000 [ 161.472995][ T29] audit: type=1326 audit(1758814194.370:16736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12680 comm="syz.3.3286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28c8aeec9 code=0x7ffc0000 [ 161.496613][ T29] audit: type=1326 audit(1758814194.370:16737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12680 comm="syz.3.3286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd28c8aeec9 code=0x7ffc0000 [ 161.520168][ T29] audit: type=1326 audit(1758814194.370:16738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12680 comm="syz.3.3286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28c8aeec9 code=0x7ffc0000 [ 161.543801][ T29] audit: type=1326 audit(1758814194.370:16739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12680 comm="syz.3.3286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd28c8aeec9 code=0x7ffc0000 [ 161.687265][ T1924] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.755501][T12748] loop1: detected capacity change from 0 to 164 [ 161.766565][T12748] syz.1.3296: attempt to access beyond end of device [ 161.766565][T12748] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 161.780688][T12748] syz.1.3296: attempt to access beyond end of device [ 161.780688][T12748] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 161.799820][ T1924] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.851695][ T1924] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.922384][ T1924] bridge_slave_1: left allmulticast mode [ 161.928035][ T1924] bridge_slave_1: left promiscuous mode [ 161.933677][ T1924] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.941413][ T1924] bridge_slave_0: left allmulticast mode [ 161.947044][ T1924] bridge_slave_0: left promiscuous mode [ 161.952705][ T1924] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.021488][ T1924] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 162.031620][ T1924] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 162.042603][ T1924] bond0 (unregistering): Released all slaves [ 162.080316][T12780] tipc: Enabling of bearer rejected, already enabled [ 162.097208][ T1924] hsr_slave_0: left promiscuous mode [ 162.103112][ T1924] hsr_slave_1: left promiscuous mode [ 162.108703][ T1924] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 162.116171][ T1924] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 162.123734][ T1924] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 162.131245][ T1924] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 162.141719][ T1924] veth1_macvtap: left promiscuous mode [ 162.147171][ T1924] veth0_macvtap: left promiscuous mode [ 162.152662][ T1924] veth1_vlan: left promiscuous mode [ 162.157849][ T1924] veth0_vlan: left promiscuous mode [ 162.162807][T12782] FAULT_INJECTION: forcing a failure. [ 162.162807][T12782] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 162.176084][T12782] CPU: 0 UID: 0 PID: 12782 Comm: syz.3.3301 Not tainted syzkaller #0 PREEMPT(voluntary) [ 162.176108][T12782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 162.176119][T12782] Call Trace: [ 162.176125][T12782] [ 162.176132][T12782] __dump_stack+0x1d/0x30 [ 162.176205][T12782] dump_stack_lvl+0xe8/0x140 [ 162.176224][T12782] dump_stack+0x15/0x1b [ 162.176241][T12782] should_fail_ex+0x265/0x280 [ 162.176260][T12782] should_fail+0xb/0x20 [ 162.176276][T12782] should_fail_usercopy+0x1a/0x20 [ 162.176324][T12782] _copy_from_user+0x1c/0xb0 [ 162.176354][T12782] proc_ioctl_default+0x43/0xa0 [ 162.176379][T12782] usbdev_ioctl+0xe97/0x1710 [ 162.176440][T12782] ? __pfx_usbdev_ioctl+0x10/0x10 [ 162.176464][T12782] __se_sys_ioctl+0xcb/0x140 [ 162.176484][T12782] __x64_sys_ioctl+0x43/0x50 [ 162.176498][T12782] x64_sys_call+0x1816/0x2ff0 [ 162.176515][T12782] do_syscall_64+0xd2/0x200 [ 162.176661][T12782] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 162.176688][T12782] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 162.176722][T12782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.176743][T12782] RIP: 0033:0x7fd28c8aeec9 [ 162.176756][T12782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.176771][T12782] RSP: 002b:00007fd28b30f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 162.176852][T12782] RAX: ffffffffffffffda RBX: 00007fd28cb05fa0 RCX: 00007fd28c8aeec9 [ 162.176865][T12782] RDX: 0000200000000040 RSI: 00000000c0105512 RDI: 0000000000000005 [ 162.176878][T12782] RBP: 00007fd28b30f090 R08: 0000000000000000 R09: 0000000000000000 [ 162.176892][T12782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.176905][T12782] R13: 00007fd28cb06038 R14: 00007fd28cb05fa0 R15: 00007ffffccd1f18 [ 162.176923][T12782] [ 162.398671][ T1924] team0 (unregistering): Port device team_slave_1 removed [ 162.418740][ T3470] tipc: Node number set to 1 [ 162.424899][ T1924] team0 (unregistering): Port device team_slave_0 removed [ 162.705135][T12478] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 162.717680][T12478] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 162.728833][T12478] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 162.737460][T12478] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 162.768572][T12831] netlink: 1276 bytes leftover after parsing attributes in process `syz.0.3306'. [ 162.770810][T12478] 8021q: adding VLAN 0 to HW filter on device bond0 [ 162.803708][T12478] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.815987][ T8686] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.823058][ T8686] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.834204][ T8701] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.841429][ T8701] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.841454][T12835] loop0: detected capacity change from 0 to 512 [ 162.875704][T12835] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 162.890680][T12835] EXT4-fs (loop0): mount failed [ 162.945081][T12478] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 163.002020][T12478] veth0_vlan: entered promiscuous mode [ 163.009337][T12478] veth1_vlan: entered promiscuous mode [ 163.021603][T12478] veth0_macvtap: entered promiscuous mode [ 163.030937][T12478] veth1_macvtap: entered promiscuous mode [ 163.040657][T12478] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.050845][T12478] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.061057][ T8701] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.070001][ T8701] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.078782][ T8701] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.089228][ T8701] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.559799][T12870] netlink: 264 bytes leftover after parsing attributes in process `syz.0.3314'. [ 163.940584][T12922] netlink: 332 bytes leftover after parsing attributes in process `syz.4.3323'. [ 164.066475][T12931] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3326'. [ 164.080874][ T3470] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0 [ 164.100585][ T3470] hid-generic 0000:0000:0000.0030: hidraw0: HID v0.00 Device [syz1] on syz0 [ 164.140868][T12937] 9pnet_fd: Insufficient options for proto=fd [ 164.834040][T12971] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3335'. [ 164.851618][T12971] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3335'. [ 164.937856][T12984] netlink: 264 bytes leftover after parsing attributes in process `syz.1.3338'. [ 164.960025][T12978] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3337'. [ 165.005974][T12999] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1545 sclass=netlink_route_socket pid=12999 comm=syz.4.3343 [ 165.076235][T13008] IPv6: sit1: Disabled Multicast RS [ 165.090045][T13008] sit1: entered allmulticast mode [ 165.321980][T13023] netlink: 332 bytes leftover after parsing attributes in process `syz.2.3349'. [ 165.392315][T13036] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1545 sclass=netlink_route_socket pid=13036 comm=syz.2.3354 [ 165.460656][T13037] IPv6: sit1: Disabled Multicast RS [ 165.466916][T13037] sit1: entered allmulticast mode [ 166.027121][ T29] kauditd_printk_skb: 209 callbacks suppressed [ 166.027171][ T29] audit: type=1326 audit(1758814199.020:16948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13086 comm="syz.0.3364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00fc51eec9 code=0x7ffc0000 [ 166.028056][T13092] FAULT_INJECTION: forcing a failure. [ 166.028056][T13092] name failslab, interval 1, probability 0, space 0, times 0 [ 166.042815][ T29] audit: type=1326 audit(1758814199.020:16949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13086 comm="syz.0.3364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00fc51eec9 code=0x7ffc0000 [ 166.058755][T13092] CPU: 1 UID: 0 PID: 13092 Comm: syz.0.3364 Not tainted syzkaller #0 PREEMPT(voluntary) [ 166.058781][T13092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 166.058792][T13092] Call Trace: [ 166.058798][T13092] [ 166.058803][T13092] __dump_stack+0x1d/0x30 [ 166.058847][T13092] dump_stack_lvl+0xe8/0x140 [ 166.058927][T13092] dump_stack+0x15/0x1b [ 166.058943][T13092] should_fail_ex+0x265/0x280 [ 166.058965][T13092] ? audit_log_d_path+0x8d/0x150 [ 166.058992][T13092] should_failslab+0x8c/0xb0 [ 166.059015][T13092] __kmalloc_cache_noprof+0x4c/0x320 [ 166.059100][T13092] audit_log_d_path+0x8d/0x150 [ 166.059127][T13092] audit_log_d_path_exe+0x42/0x70 [ 166.059154][T13092] audit_log_task+0x1e9/0x250 [ 166.059206][T13092] audit_seccomp+0x61/0x100 [ 166.059228][T13092] ? __seccomp_filter+0x68c/0x10d0 [ 166.059312][T13092] __seccomp_filter+0x69d/0x10d0 [ 166.059332][T13092] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 166.059362][T13092] ? vfs_write+0x7e8/0x960 [ 166.059382][T13092] ? __rcu_read_unlock+0x4f/0x70 [ 166.059401][T13092] ? __fget_files+0x184/0x1c0 [ 166.059501][T13092] __secure_computing+0x82/0x150 [ 166.059521][T13092] syscall_trace_enter+0xcf/0x1e0 [ 166.059561][T13092] do_syscall_64+0xac/0x200 [ 166.059588][T13092] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 166.059610][T13092] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 166.059643][T13092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.059663][T13092] RIP: 0033:0x7f00fc51eec9 [ 166.059677][T13092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.059721][T13092] RSP: 002b:00007f00faf5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000114 [ 166.059774][T13092] RAX: ffffffffffffffda RBX: 00007f00fc776090 RCX: 00007f00fc51eec9 [ 166.059786][T13092] RDX: 00000000000008f5 RSI: 000000000000000b RDI: 0000000000000006 [ 166.059798][T13092] RBP: 00007f00faf5e090 R08: 0000000000000000 R09: 0000000000000000 [ 166.059809][T13092] R10: 0100000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 166.059821][T13092] R13: 00007f00fc776128 R14: 00007f00fc776090 R15: 00007ffc5ad88668 [ 166.059838][T13092] [ 166.105535][T13096] FAULT_INJECTION: forcing a failure. [ 166.105535][T13096] name failslab, interval 1, probability 0, space 0, times 0 [ 166.115106][ T29] audit: type=1326 audit(1758814199.020:16950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13086 comm="syz.0.3364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f00fc51eec9 code=0x7ffc0000 [ 166.115136][ T29] audit: type=1326 audit(1758814199.020:16951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13086 comm="syz.0.3364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00fc51eec9 code=0x7ffc0000 [ 166.118415][T13096] CPU: 1 UID: 0 PID: 13096 Comm: syz.3.3367 Not tainted syzkaller #0 PREEMPT(voluntary) [ 166.118436][T13096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 166.118445][T13096] Call Trace: [ 166.118450][T13096] [ 166.118524][T13096] __dump_stack+0x1d/0x30 [ 166.118545][T13096] dump_stack_lvl+0xe8/0x140 [ 166.118564][T13096] dump_stack+0x15/0x1b [ 166.118580][T13096] should_fail_ex+0x265/0x280 [ 166.118602][T13096] ? audit_log_d_path+0x8d/0x150 [ 166.118639][T13096] should_failslab+0x8c/0xb0 [ 166.118661][T13096] __kmalloc_cache_noprof+0x4c/0x320 [ 166.118752][T13096] audit_log_d_path+0x8d/0x150 [ 166.118779][T13096] audit_log_d_path_exe+0x42/0x70 [ 166.118887][T13096] audit_log_task+0x1e9/0x250 [ 166.118913][T13096] audit_seccomp+0x61/0x100 [ 166.118936][T13096] ? __seccomp_filter+0x68c/0x10d0 [ 166.118955][T13096] __seccomp_filter+0x69d/0x10d0 [ 166.119010][T13096] ? vfs_write+0x7e8/0x960 [ 166.119030][T13096] ? __rcu_read_unlock+0x4f/0x70 [ 166.119050][T13096] ? __fget_files+0x184/0x1c0 [ 166.119074][T13096] __secure_computing+0x82/0x150 [ 166.119104][T13096] syscall_trace_enter+0xcf/0x1e0 [ 166.119139][T13096] do_syscall_64+0xac/0x200 [ 166.119167][T13096] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 166.119192][T13096] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 166.119219][T13096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.119238][T13096] RIP: 0033:0x7fd28c8aeec9 [ 166.119252][T13096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.119268][T13096] RSP: 002b:00007fd28b30f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000065 [ 166.119296][T13096] RAX: ffffffffffffffda RBX: 00007fd28cb05fa0 RCX: 00007fd28c8aeec9 [ 166.119308][T13096] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001e [ 166.119320][T13096] RBP: 00007fd28b30f090 R08: 0000000000000000 R09: 0000000000000000 [ 166.119331][T13096] R10: 0000000000001004 R11: 0000000000000246 R12: 0000000000000001 [ 166.119390][T13096] R13: 00007fd28cb06038 R14: 00007fd28cb05fa0 R15: 00007ffffccd1f18 [ 166.119407][T13096] [ 166.350819][T13111] tipc: Started in network mode [ 166.370209][ T29] audit: type=1326 audit(1758814199.020:16952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13086 comm="syz.0.3364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f00fc51eec9 code=0x7ffc0000 [ 166.379970][T13111] tipc: Node identity ac14140f, cluster identity 4711 [ 166.390057][ T29] audit: type=1326 audit(1758814199.020:16953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13086 comm="syz.0.3364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00fc51eec9 code=0x7ffc0000 [ 166.390080][ T29] audit: type=1326 audit(1758814199.020:16954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13086 comm="syz.0.3364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f00fc51d710 code=0x7ffc0000 [ 166.395185][T13111] tipc: New replicast peer: 255.255.255.255 [ 166.396247][ T29] audit: type=1326 audit(1758814199.020:16955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13086 comm="syz.0.3364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f00fc51d97f code=0x7ffc0000 [ 166.400692][T13111] tipc: Enabled bearer , priority 10 [ 166.405157][ T29] audit: type=1326 audit(1758814199.030:16957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13090 comm="syz.4.3366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27b4d8eec9 code=0x7ffc0000 [ 166.405179][ T29] audit: type=1326 audit(1758814199.030:16958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13090 comm="syz.4.3366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f27b4d8eec9 code=0x7ffc0000 [ 166.781489][T13129] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3374'. [ 166.973386][T13188] tipc: Enabling of bearer rejected, already enabled [ 167.030961][T13193] loop0: detected capacity change from 0 to 1024 [ 167.054756][T13193] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 167.066947][T13186] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11) [ 167.073548][T13186] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 167.081289][T13186] vhci_hcd vhci_hcd.0: Device attached [ 167.113155][T13207] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 167.146853][T13210] FAULT_INJECTION: forcing a failure. [ 167.146853][T13210] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 167.160052][T13210] CPU: 0 UID: 0 PID: 13210 Comm: syz.1.3388 Not tainted syzkaller #0 PREEMPT(voluntary) [ 167.160128][T13210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 167.160138][T13210] Call Trace: [ 167.160143][T13210] [ 167.160149][T13210] __dump_stack+0x1d/0x30 [ 167.160169][T13210] dump_stack_lvl+0xe8/0x140 [ 167.160188][T13210] dump_stack+0x15/0x1b [ 167.160275][T13210] should_fail_ex+0x265/0x280 [ 167.160300][T13210] should_fail+0xb/0x20 [ 167.160319][T13210] should_fail_usercopy+0x1a/0x20 [ 167.160344][T13210] _copy_to_user+0x20/0xa0 [ 167.160432][T13210] simple_read_from_buffer+0xb5/0x130 [ 167.160454][T13210] proc_fail_nth_read+0x10e/0x150 [ 167.160496][T13210] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 167.160521][T13210] vfs_read+0x1a8/0x770 [ 167.160540][T13210] ? poll_select_finish+0x164/0x3f0 [ 167.160642][T13210] ksys_read+0xda/0x1a0 [ 167.160664][T13210] __x64_sys_read+0x40/0x50 [ 167.160681][T13210] x64_sys_call+0x27bc/0x2ff0 [ 167.160698][T13210] do_syscall_64+0xd2/0x200 [ 167.160789][T13210] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 167.160818][T13210] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 167.160845][T13210] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.160861][T13210] RIP: 0033:0x7f0f6afdd8dc [ 167.160874][T13210] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 167.160888][T13210] RSP: 002b:00007f0f69a3f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 167.160965][T13210] RAX: ffffffffffffffda RBX: 00007f0f6b235fa0 RCX: 00007f0f6afdd8dc [ 167.160975][T13210] RDX: 000000000000000f RSI: 00007f0f69a3f0a0 RDI: 0000000000000004 [ 167.160988][T13210] RBP: 00007f0f69a3f090 R08: 0000000000000000 R09: 0000000000000000 [ 167.161001][T13210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.161012][T13210] R13: 00007f0f6b236038 R14: 00007f0f6b235fa0 R15: 00007ffc1a1b5b28 [ 167.161027][T13210] [ 167.181722][T13186] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(16) [ 167.256217][T13218] loop1: detected capacity change from 0 to 1024 [ 167.260299][T13186] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 167.262313][T13186] vhci_hcd vhci_hcd.0: Device attached [ 167.280786][T13207] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(19) [ 167.395014][T13207] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 167.402851][T13207] vhci_hcd vhci_hcd.0: Device attached [ 167.403110][ T3470] tipc: Node number set to 2886997007 [ 167.423680][T13223] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 167.432062][T13217] vhci_hcd vhci_hcd.0: pdev(2) rhport(4) sockfd(22) [ 167.438650][T13217] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 167.446377][T13217] vhci_hcd vhci_hcd.0: Device attached [ 167.457749][T13218] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 167.490346][ T3399] vhci_hcd: vhci_device speed not set [ 167.501954][T11609] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.551429][ T3399] usb 5-1: new full-speed USB device number 2 using vhci_hcd [ 167.580192][T13220] vhci_hcd: connection closed [ 167.580194][T13221] vhci_hcd: connection closed [ 167.585090][ T8686] vhci_hcd: stop threads [ 167.594070][ T8686] vhci_hcd: release socket [ 167.598516][ T8686] vhci_hcd: disconnect device [ 167.603458][T13212] vhci_hcd: connection closed [ 167.609342][T13200] vhci_hcd: connection reset by peer [ 167.621566][ T8686] vhci_hcd: stop threads [ 167.625811][ T8686] vhci_hcd: release socket [ 167.630320][ T8686] vhci_hcd: disconnect device [ 167.636180][T12261] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.652280][ T8686] vhci_hcd: stop threads [ 167.656531][ T8686] vhci_hcd: release socket [ 167.661109][ T8686] vhci_hcd: disconnect device [ 167.669688][ T8686] vhci_hcd: stop threads [ 167.673934][ T8686] vhci_hcd: release socket [ 167.678342][ T8686] vhci_hcd: disconnect device [ 167.783976][T13264] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3394'. [ 167.793362][T13264] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3394'. [ 167.856304][T13269] ALSA: seq fatal error: cannot create timer (-19) [ 168.145290][T13290] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3405'. [ 168.154797][T13290] IPv6: Can't replace route, no match found [ 168.387745][T13313] netlink: 332 bytes leftover after parsing attributes in process `syz.0.3412'. [ 168.451823][T13318] loop0: detected capacity change from 0 to 1024 [ 168.491127][T13318] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.514882][T13329] tipc: Enabling of bearer rejected, already enabled [ 168.594906][T13337] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 168.603283][T13337] tipc: Enabled bearer , priority 10 [ 168.644304][T11609] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.718565][T13353] netlink: 332 bytes leftover after parsing attributes in process `syz.4.3426'. [ 168.869035][T13389] tipc: Enabling of bearer rejected, already enabled [ 168.994480][T13408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 169.003966][T13408] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 169.583224][T13453] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 169.591558][T13453] tipc: Enabled bearer , priority 10 [ 169.673169][T13457] tipc: Enabling of bearer rejected, already enabled [ 169.721333][T13459] loop1: detected capacity change from 0 to 1024 [ 169.755917][T13459] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 169.786016][T13468] netlink: 332 bytes leftover after parsing attributes in process `syz.2.3453'. [ 169.939064][T13493] netlink: 332 bytes leftover after parsing attributes in process `syz.3.3457'. [ 169.939235][T12261] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.961080][T13491] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3456'. [ 170.122406][T13525] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3459'. [ 170.141929][T13525] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3459'. [ 170.557222][T13544] netlink: 'syz.1.3466': attribute type 1 has an invalid length. [ 170.601503][T13546] veth0: entered promiscuous mode [ 170.871432][T13561] loop1: detected capacity change from 0 to 1024 [ 170.901635][T13561] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 170.916744][T13563] tipc: Enabling of bearer rejected, already enabled [ 171.012542][T12261] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.032698][ T29] kauditd_printk_skb: 1536 callbacks suppressed [ 171.032712][ T29] audit: type=1400 audit(1758814204.030:18490): avc: denied { bind } for pid=13572 comm="syz.2.3475" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 171.058417][ T29] audit: type=1400 audit(1758814204.030:18491): avc: denied { bpf } for pid=13571 comm="syz.0.3476" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 171.079385][ T29] audit: type=1400 audit(1758814204.030:18492): avc: denied { perfmon } for pid=13571 comm="syz.0.3476" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 171.100442][ T29] audit: type=1400 audit(1758814204.030:18493): avc: denied { prog_run } for pid=13571 comm="syz.0.3476" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 171.114424][ T3470] hid-generic 0000:0000:0000.0031: unknown main item tag 0x0 [ 171.119567][ T29] audit: type=1400 audit(1758814204.030:18494): avc: denied { map_create } for pid=13572 comm="syz.2.3475" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 171.119588][ T29] audit: type=1400 audit(1758814204.030:18495): avc: denied { bpf } for pid=13572 comm="syz.2.3475" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 171.119608][ T29] audit: type=1400 audit(1758814204.030:18496): avc: denied { map_read map_write } for pid=13572 comm="syz.2.3475" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 171.146832][ T3470] hid-generic 0000:0000:0000.0031: hidraw0: HID v0.00 Device [syz1] on syz0 [ 171.167250][ T29] audit: type=1400 audit(1758814204.030:18497): avc: denied { prog_load } for pid=13572 comm="syz.2.3475" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 171.167273][ T29] audit: type=1400 audit(1758814204.030:18498): avc: denied { perfmon } for pid=13572 comm="syz.2.3475" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 171.239806][ T29] audit: type=1400 audit(1758814204.100:18499): avc: denied { prog_load } for pid=13571 comm="syz.0.3476" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 171.320712][T13582] 9pnet_fd: Insufficient options for proto=fd [ 171.576881][T13602] FAULT_INJECTION: forcing a failure. [ 171.576881][T13602] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 171.590050][T13602] CPU: 1 UID: 0 PID: 13602 Comm: syz.3.3481 Not tainted syzkaller #0 PREEMPT(voluntary) [ 171.590078][T13602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 171.590090][T13602] Call Trace: [ 171.590156][T13602] [ 171.590164][T13602] __dump_stack+0x1d/0x30 [ 171.590186][T13602] dump_stack_lvl+0xe8/0x140 [ 171.590205][T13602] dump_stack+0x15/0x1b [ 171.590222][T13602] should_fail_ex+0x265/0x280 [ 171.590320][T13602] should_fail+0xb/0x20 [ 171.590336][T13602] should_fail_usercopy+0x1a/0x20 [ 171.590380][T13602] _copy_to_user+0x20/0xa0 [ 171.590422][T13602] simple_read_from_buffer+0xb5/0x130 [ 171.590445][T13602] proc_fail_nth_read+0x10e/0x150 [ 171.590472][T13602] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 171.590497][T13602] vfs_read+0x1a8/0x770 [ 171.590564][T13602] ? bpf_trace_run2+0x124/0x1c0 [ 171.590587][T13602] ? __rcu_read_unlock+0x4f/0x70 [ 171.590607][T13602] ? __fget_files+0x184/0x1c0 [ 171.590664][T13602] ksys_read+0xda/0x1a0 [ 171.590687][T13602] __x64_sys_read+0x40/0x50 [ 171.590709][T13602] x64_sys_call+0x27bc/0x2ff0 [ 171.590807][T13602] do_syscall_64+0xd2/0x200 [ 171.590848][T13602] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 171.590872][T13602] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 171.590956][T13602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.590973][T13602] RIP: 0033:0x7fd28c8ad8dc [ 171.590986][T13602] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 171.590999][T13602] RSP: 002b:00007fd28b30f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 171.591015][T13602] RAX: ffffffffffffffda RBX: 00007fd28cb05fa0 RCX: 00007fd28c8ad8dc [ 171.591027][T13602] RDX: 000000000000000f RSI: 00007fd28b30f0a0 RDI: 0000000000000007 [ 171.591080][T13602] RBP: 00007fd28b30f090 R08: 0000000000000000 R09: 0000000000000000 [ 171.591093][T13602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 171.591105][T13602] R13: 00007fd28cb06038 R14: 00007fd28cb05fa0 R15: 00007ffffccd1f18 [ 171.591124][T13602] [ 172.223347][T13653] tipc: Enabling of bearer rejected, already enabled [ 172.486688][T13659] futex_wake_op: syz.4.3497 tries to shift op by 144; fix this program [ 172.590550][ T3399] usb 5-1: enqueue for inactive port 0 [ 172.596058][ T3399] usb 5-1: enqueue for inactive port 0 [ 172.679570][ T3399] vhci_hcd: vhci_device speed not set [ 172.777251][T13685] tipc: New replicast peer: 255.255.255.255 [ 172.783335][T13685] tipc: Enabled bearer , priority 10 [ 172.873548][T13691] FAULT_INJECTION: forcing a failure. [ 172.873548][T13691] name failslab, interval 1, probability 0, space 0, times 0 [ 172.886209][T13691] CPU: 0 UID: 0 PID: 13691 Comm: syz.1.3511 Not tainted syzkaller #0 PREEMPT(voluntary) [ 172.886278][T13691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 172.886290][T13691] Call Trace: [ 172.886295][T13691] [ 172.886301][T13691] __dump_stack+0x1d/0x30 [ 172.886321][T13691] dump_stack_lvl+0xe8/0x140 [ 172.886340][T13691] dump_stack+0x15/0x1b [ 172.886391][T13691] should_fail_ex+0x265/0x280 [ 172.886414][T13691] should_failslab+0x8c/0xb0 [ 172.886439][T13691] __kmalloc_node_track_caller_noprof+0xa4/0x410 [ 172.886479][T13691] ? sidtab_sid2str_get+0xa0/0x130 [ 172.886502][T13691] kmemdup_noprof+0x2b/0x70 [ 172.886534][T13691] sidtab_sid2str_get+0xa0/0x130 [ 172.886568][T13691] security_sid_to_context_core+0x1eb/0x2e0 [ 172.886587][T13691] security_sid_to_context+0x27/0x40 [ 172.886626][T13691] selinux_lsmprop_to_secctx+0x67/0xf0 [ 172.886648][T13691] security_lsmprop_to_secctx+0x43/0x80 [ 172.886673][T13691] audit_log_task_context+0x77/0x190 [ 172.886730][T13691] audit_log_task+0xf4/0x250 [ 172.886759][T13691] audit_seccomp+0x61/0x100 [ 172.886830][T13691] ? __seccomp_filter+0x68c/0x10d0 [ 172.886852][T13691] __seccomp_filter+0x69d/0x10d0 [ 172.886945][T13691] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 172.887012][T13691] ? vfs_write+0x7e8/0x960 [ 172.887038][T13691] __secure_computing+0x82/0x150 [ 172.887060][T13691] syscall_trace_enter+0xcf/0x1e0 [ 172.887085][T13691] do_syscall_64+0xac/0x200 [ 172.887115][T13691] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 172.887210][T13691] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 172.887315][T13691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.887336][T13691] RIP: 0033:0x7f0f6afdeec9 [ 172.887418][T13691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.887435][T13691] RSP: 002b:00007f0f69a3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000007f [ 172.887455][T13691] RAX: ffffffffffffffda RBX: 00007f0f6b235fa0 RCX: 00007f0f6afdeec9 [ 172.887468][T13691] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 172.887480][T13691] RBP: 00007f0f69a3f090 R08: 0000000000000000 R09: 0000000000000000 [ 172.887490][T13691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 172.887501][T13691] R13: 00007f0f6b236038 R14: 00007f0f6b235fa0 R15: 00007ffc1a1b5b28 [ 172.887593][T13691] [ 173.298987][T13697] loop1: detected capacity change from 0 to 8192 [ 173.381268][T13716] FAULT_INJECTION: forcing a failure. [ 173.381268][T13716] name failslab, interval 1, probability 0, space 0, times 0 [ 173.393955][T13716] CPU: 1 UID: 0 PID: 13716 Comm: syz.4.3517 Not tainted syzkaller #0 PREEMPT(voluntary) [ 173.393982][T13716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 173.393993][T13716] Call Trace: [ 173.394000][T13716] [ 173.394072][T13716] __dump_stack+0x1d/0x30 [ 173.394093][T13716] dump_stack_lvl+0xe8/0x140 [ 173.394113][T13716] dump_stack+0x15/0x1b [ 173.394130][T13716] should_fail_ex+0x265/0x280 [ 173.394154][T13716] should_failslab+0x8c/0xb0 [ 173.394256][T13716] kmem_cache_alloc_node_noprof+0x57/0x320 [ 173.394312][T13716] ? __alloc_skb+0x101/0x320 [ 173.394335][T13716] __alloc_skb+0x101/0x320 [ 173.394355][T13716] ? audit_log_start+0x365/0x6c0 [ 173.394380][T13716] audit_log_start+0x380/0x6c0 [ 173.394415][T13716] audit_seccomp+0x48/0x100 [ 173.394437][T13716] ? __seccomp_filter+0x68c/0x10d0 [ 173.394458][T13716] __seccomp_filter+0x69d/0x10d0 [ 173.394505][T13716] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 173.394532][T13716] ? vfs_write+0x7e8/0x960 [ 173.394551][T13716] ? __rcu_read_unlock+0x4f/0x70 [ 173.394569][T13716] ? __fget_files+0x184/0x1c0 [ 173.394590][T13716] __secure_computing+0x82/0x150 [ 173.394630][T13716] syscall_trace_enter+0xcf/0x1e0 [ 173.394650][T13716] do_syscall_64+0xac/0x200 [ 173.394679][T13716] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 173.394700][T13716] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 173.394736][T13716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.394758][T13716] RIP: 0033:0x7f27b4d8eec9 [ 173.394773][T13716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.394822][T13716] RSP: 002b:00007f27b37f7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac [ 173.394838][T13716] RAX: ffffffffffffffda RBX: 00007f27b4fe5fa0 RCX: 00007f27b4d8eec9 [ 173.394850][T13716] RDX: 0000000000089101 RSI: 0000200000000640 RDI: ffffffffffffff9c [ 173.394861][T13716] RBP: 00007f27b37f7090 R08: 0000000000000000 R09: 0000000000000000 [ 173.394871][T13716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.394881][T13716] R13: 00007f27b4fe6038 R14: 00007f27b4fe5fa0 R15: 00007ffc5ad94c98 [ 173.394899][T13716] [ 173.675525][T13719] __nla_validate_parse: 10 callbacks suppressed [ 173.675581][T13719] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3519'. [ 173.721089][T13719] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3519'. [ 173.758102][T13738] block device autoloading is deprecated and will be removed. [ 173.766707][T13738] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 173.777384][T13738] FAT-fs (loop0): unable to read boot sector [ 173.880140][T13754] loop0: detected capacity change from 0 to 1024 [ 173.902406][T13754] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 173.972501][T11609] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.172488][T13784] netlink: 332 bytes leftover after parsing attributes in process `syz.1.3532'. [ 174.234800][T13775] futex_wake_op: syz.0.3528 tries to shift op by 144; fix this program [ 174.341178][T13797] tipc: Enabling of bearer rejected, already enabled [ 174.644565][T13821] SELinux: failed to load policy [ 174.692397][T13826] netlink: 332 bytes leftover after parsing attributes in process `syz.3.3544'. [ 174.948042][T13861] netlink: 332 bytes leftover after parsing attributes in process `syz.1.3551'. [ 175.193205][T13885] netlink: 332 bytes leftover after parsing attributes in process `syz.1.3559'. [ 175.392633][T13913] loop0: detected capacity change from 0 to 512 [ 175.445140][T13913] EXT4-fs: Ignoring removed orlov option [ 175.469782][T13913] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 175.481885][T13913] EXT4-fs (loop0): orphan cleanup on readonly fs [ 175.488666][T13913] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.3566: bg 0: block 248: padding at end of block bitmap is not set [ 175.504067][T13913] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.3566: Failed to acquire dquot type 1 [ 175.520049][T13913] EXT4-fs (loop0): 1 truncate cleaned up [ 175.544650][T13913] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 175.666304][T13932] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3572'. [ 175.676969][ T3399] hid-generic 0000:0000:0000.0032: unknown main item tag 0x0 [ 175.682447][T13913] syz.0.3566 (13913) used greatest stack depth: 9280 bytes left [ 175.689511][ T3399] hid-generic 0000:0000:0000.0032: hidraw0: HID v0.00 Device [syz1] on syz0 [ 175.701973][T11609] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.731979][T13934] loop1: detected capacity change from 0 to 1024 [ 175.754257][T13934] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 175.783886][T13951] 9pnet_fd: Insufficient options for proto=fd [ 175.835858][T12261] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.880912][T13950] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3576'. [ 176.018440][T13985] loop0: detected capacity change from 0 to 1024 [ 176.042729][T13985] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.073878][ T29] kauditd_printk_skb: 1723 callbacks suppressed [ 176.073893][ T29] audit: type=1400 audit(1758814209.070:20218): avc: denied { mount } for pid=13984 comm="syz.0.3584" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 176.102035][ T29] audit: type=1400 audit(1758814209.070:20219): avc: denied { read write } for pid=13984 comm="syz.0.3584" name="loop0" dev="devtmpfs" ino=594 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 176.125340][ T29] audit: type=1400 audit(1758814209.070:20220): avc: denied { open } for pid=13984 comm="syz.0.3584" path="/dev/loop0" dev="devtmpfs" ino=594 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 176.149113][ T29] audit: type=1400 audit(1758814209.100:20221): avc: denied { add_name } for pid=13984 comm="syz.0.3584" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 176.170111][ T29] audit: type=1400 audit(1758814209.100:20222): avc: denied { create } for pid=13984 comm="syz.0.3584" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 176.190805][ T29] audit: type=1400 audit(1758814209.100:20223): avc: denied { read write } for pid=13984 comm="syz.0.3584" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 176.213785][ T29] audit: type=1400 audit(1758814209.100:20224): avc: denied { open } for pid=13984 comm="syz.0.3584" path="/112/file1/file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 176.237146][ T29] audit: type=1400 audit(1758814209.100:20225): avc: denied { create } for pid=13984 comm="syz.0.3584" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 176.257760][ T29] audit: type=1400 audit(1758814209.100:20226): avc: denied { prog_load } for pid=13984 comm="syz.0.3584" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 176.277543][ T29] audit: type=1400 audit(1758814209.100:20227): avc: denied { bpf } for pid=13984 comm="syz.0.3584" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 176.372044][T13998] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3586'. [ 176.434052][T11609] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.578059][T14024] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3592'. [ 176.619675][ C1] vcan0: j1939_session_tx_dat: 0xffff8881147bba00: queue data error: -100 [ 176.628248][ C1] vcan0 (unregistering): j1939_xtp_rx_dpo: no connection found [ 176.635816][ C1] vcan0 (unregistering): j1939_xtp_rx_dpo: no connection found [ 176.643382][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.651193][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.659010][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.666829][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.674675][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.682507][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.690357][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.698153][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.705987][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.713810][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.721651][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.729479][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.737298][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.745132][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.752972][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.760793][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.768608][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.776438][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.784292][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.792115][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.799947][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.807749][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.815608][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.823411][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.831255][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.839044][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.846858][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.854671][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.862522][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.870335][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.878134][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.885942][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.893781][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.901589][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.909397][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.917186][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.925005][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.932837][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.940664][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.948482][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.956315][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.964128][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.971957][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.979766][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 176.987578][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 176.995390][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.003211][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.011025][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.018827][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.026674][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.034505][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.042305][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.050143][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.057957][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.065794][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.073606][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.081426][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.089236][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.097072][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.104876][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.112686][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.120498][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.128316][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.136133][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.143954][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.151761][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.159583][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.167377][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.175203][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.183065][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.190885][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.198697][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.206512][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.214338][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.222165][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.229992][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.237798][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.245955][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.253787][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.261610][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.269442][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.277237][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.285081][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.292895][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.300727][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.308530][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.316359][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.324178][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.332026][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.339840][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.347645][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.355463][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.363302][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.371112][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.378929][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.386737][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.394587][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.402399][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.410232][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.418022][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.425853][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.433663][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.441482][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.449297][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.457102][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.464916][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.472760][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.480578][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.488389][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.496209][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.504030][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.511835][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.519666][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.527487][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.535309][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.543114][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.550926][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.558719][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.566559][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.574372][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.582190][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.590016][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.597835][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.605648][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.613478][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.621295][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.630587][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.638404][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.646230][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.654034][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.661870][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.669675][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.677474][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.685281][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.693095][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.700919][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.708729][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.716560][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.724381][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.732185][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.739994][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.747781][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.755600][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.763418][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.771264][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.779055][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.786882][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.794685][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.802505][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.810324][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.818122][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.825951][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.833778][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.841575][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.849393][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.857218][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.865038][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.872846][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.880668][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.888465][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.896305][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.904125][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.911968][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.919779][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.927585][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.935388][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.943202][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.951028][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.958841][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.966666][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.974486][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.982293][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 177.990132][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 177.997935][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 178.005780][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 178.013594][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 178.021438][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 178.029249][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 178.037099][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 178.044921][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 178.221474][T14049] FAULT_INJECTION: forcing a failure. [ 178.221474][T14049] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 178.234602][T14049] CPU: 0 UID: 0 PID: 14049 Comm: syz.3.3601 Not tainted syzkaller #0 PREEMPT(voluntary) [ 178.234629][T14049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 178.234670][T14049] Call Trace: [ 178.234677][T14049] [ 178.234683][T14049] __dump_stack+0x1d/0x30 [ 178.234702][T14049] dump_stack_lvl+0xe8/0x140 [ 178.234717][T14049] dump_stack+0x15/0x1b [ 178.234733][T14049] should_fail_ex+0x265/0x280 [ 178.234757][T14049] should_fail+0xb/0x20 [ 178.234796][T14049] should_fail_usercopy+0x1a/0x20 [ 178.234846][T14049] _copy_from_user+0x1c/0xb0 [ 178.234876][T14049] do_sys_poll+0x149/0xbd0 [ 178.234946][T14049] ? selinux_file_open+0x2df/0x330 [ 178.234991][T14049] __se_sys_poll+0xdd/0x200 [ 178.235035][T14049] __x64_sys_poll+0x43/0x50 [ 178.235057][T14049] x64_sys_call+0x27d2/0x2ff0 [ 178.235121][T14049] do_syscall_64+0xd2/0x200 [ 178.235151][T14049] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 178.235237][T14049] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 178.235265][T14049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.235286][T14049] RIP: 0033:0x7fd28c8aeec9 [ 178.235301][T14049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.235317][T14049] RSP: 002b:00007fd28b30f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 178.235388][T14049] RAX: ffffffffffffffda RBX: 00007fd28cb05fa0 RCX: 00007fd28c8aeec9 [ 178.235399][T14049] RDX: 0000000000000009 RSI: 20000000000000b5 RDI: 0000200000000000 [ 178.235487][T14049] RBP: 00007fd28b30f090 R08: 0000000000000000 R09: 0000000000000000 [ 178.235500][T14049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.235512][T14049] R13: 00007fd28cb06038 R14: 00007fd28cb05fa0 R15: 00007ffffccd1f18 [ 178.235531][T14049] [ 178.237513][T14047] SELinux: Context system_u:object_r:semanage_exec_t:s0 is not valid (left unmapped). [ 178.638810][T14085] loop1: detected capacity change from 0 to 1024 [ 178.697048][T14085] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 178.793371][T12261] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.830332][T14105] __nla_validate_parse: 4 callbacks suppressed [ 178.830347][T14105] netlink: 332 bytes leftover after parsing attributes in process `syz.4.3614'. [ 178.917171][T14120] openvswitch: netlink: Message has 6 unknown bytes. [ 179.019908][T14141] loop0: detected capacity change from 0 to 1024 [ 179.035322][T14131] loop1: detected capacity change from 0 to 1024 [ 179.043487][T14107] netlink: 'syz.2.3615': attribute type 1 has an invalid length. [ 179.048588][T14131] ext4: Unknown parameter 'uid<00000000000000000000' [ 179.059794][T14140] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3622'. [ 179.080763][ T3470] hid-generic 0000:0000:0000.0033: unknown main item tag 0x0 [ 179.090588][ T3470] hid-generic 0000:0000:0000.0033: hidraw0: HID v0.00 Device [syz1] on syz0 [ 179.098822][T14128] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3620'. [ 179.111792][T14141] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 179.113110][T14107] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14107 comm=syz.2.3615 [ 179.189920][T14182] 9pnet_fd: Insufficient options for proto=fd [ 179.232418][T11609] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.311148][T14193] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14193 comm=syz.0.3628 [ 179.326812][T14193] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3628'. [ 179.335817][T14193] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3628'. [ 179.390273][T14199] netlink: 332 bytes leftover after parsing attributes in process `syz.0.3630'. [ 179.422760][T14202] tipc: Enabled bearer , priority 0 [ 179.441621][T14202] syzkaller0: entered promiscuous mode [ 179.447125][T14202] syzkaller0: entered allmulticast mode [ 179.487614][T14202] tipc: Resetting bearer [ 179.506858][T14200] tipc: Resetting bearer [ 179.521183][T14200] tipc: Disabling bearer [ 179.536619][T14214] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3636'. [ 179.583050][T14220] tipc: Enabling of bearer rejected, already enabled [ 179.628235][T14214] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3636'. [ 179.727487][T14231] netlink: 332 bytes leftover after parsing attributes in process `syz.4.3643'. [ 179.730673][T14229] openvswitch: netlink: Message has 6 unknown bytes. [ 179.921972][T14257] tipc: Enabling of bearer rejected, already enabled [ 179.987661][T14262] loop1: detected capacity change from 0 to 1024 [ 180.033704][T14262] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.042054][T14274] netlink: 332 bytes leftover after parsing attributes in process `syz.2.3656'. [ 180.104090][T12261] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.107435][ T29] kauditd_printk_skb: 1563 callbacks suppressed [ 181.107447][ T29] audit: type=1400 audit(1758814214.100:21791): avc: denied { read } for pid=14425 comm="syz.0.3679" dev="nsfs" ino=4026532359 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 181.135080][ T29] audit: type=1400 audit(1758814214.100:21792): avc: denied { open } for pid=14425 comm="syz.0.3679" path="net:[4026532359]" dev="nsfs" ino=4026532359 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 181.219360][ T29] audit: type=1326 audit(1758814214.170:21793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14430 comm="syz.2.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ef73eec9 code=0x7ffc0000 [ 181.242992][ T29] audit: type=1326 audit(1758814214.170:21794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14430 comm="syz.2.3681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3ef73eec9 code=0x7ffc0000 [ 181.243021][ T29] audit: type=1400 audit(1758814214.170:21795): avc: denied { create } for pid=14428 comm="syz.1.3680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 181.286134][ T29] audit: type=1400 audit(1758814214.170:21796): avc: denied { create } for pid=14425 comm="syz.0.3679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 181.306780][ T29] audit: type=1400 audit(1758814214.170:21797): avc: denied { read } for pid=14425 comm="syz.0.3679" dev="nsfs" ino=4026532359 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 181.328104][ T29] audit: type=1400 audit(1758814214.170:21799): avc: denied { read open } for pid=14425 comm="syz.0.3679" path="net:[4026532359]" dev="nsfs" ino=4026532359 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 181.352013][ T29] audit: type=1400 audit(1758814214.170:21798): avc: denied { map_create } for pid=14428 comm="syz.1.3680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 181.371345][ T29] audit: type=1400 audit(1758814214.170:21800): avc: denied { create } for pid=14425 comm="syz.0.3679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 181.439483][ T1034] hid-generic 0000:0000:0000.0034: unknown main item tag 0x0 [ 181.448199][ T1034] hid-generic 0000:0000:0000.0034: hidraw0: HID v0.00 Device [syz1] on syz0 [ 181.798190][T14460] FAULT_INJECTION: forcing a failure. [ 181.798190][T14460] name failslab, interval 1, probability 0, space 0, times 0 [ 181.810862][T14460] CPU: 1 UID: 0 PID: 14460 Comm: syz.0.3687 Not tainted syzkaller #0 PREEMPT(voluntary) [ 181.810888][T14460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 181.810964][T14460] Call Trace: [ 181.810972][T14460] [ 181.810981][T14460] __dump_stack+0x1d/0x30 [ 181.811003][T14460] dump_stack_lvl+0xe8/0x140 [ 181.811020][T14460] dump_stack+0x15/0x1b [ 181.811037][T14460] should_fail_ex+0x265/0x280 [ 181.811123][T14460] should_failslab+0x8c/0xb0 [ 181.811145][T14460] kmem_cache_alloc_node_noprof+0x57/0x320 [ 181.811174][T14460] ? __alloc_skb+0x101/0x320 [ 181.811258][T14460] __alloc_skb+0x101/0x320 [ 181.811284][T14460] ? audit_log_start+0x365/0x6c0 [ 181.811349][T14460] audit_log_start+0x380/0x6c0 [ 181.811376][T14460] audit_seccomp+0x48/0x100 [ 181.811490][T14460] ? __seccomp_filter+0x68c/0x10d0 [ 181.811624][T14460] __seccomp_filter+0x69d/0x10d0 [ 181.811642][T14460] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 181.811789][T14460] ? vfs_write+0x7e8/0x960 [ 181.811841][T14460] __secure_computing+0x82/0x150 [ 181.811863][T14460] syscall_trace_enter+0xcf/0x1e0 [ 181.811918][T14460] do_syscall_64+0xac/0x200 [ 181.811944][T14460] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 181.811962][T14460] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 181.812026][T14460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.812045][T14460] RIP: 0033:0x7f00fc51eec9 [ 181.812159][T14460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.812173][T14460] RSP: 002b:00007f00faf7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000008a [ 181.812192][T14460] RAX: ffffffffffffffda RBX: 00007f00fc775fa0 RCX: 00007f00fc51eec9 [ 181.812269][T14460] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff [ 181.812282][T14460] RBP: 00007f00faf7f090 R08: 0000000000000000 R09: 0000000000000000 [ 181.812294][T14460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 181.812306][T14460] R13: 00007f00fc776038 R14: 00007f00fc775fa0 R15: 00007ffc5ad88668 [ 181.812322][T14460] [ 182.215285][T14473] netlink: 'syz.0.3691': attribute type 1 has an invalid length. [ 182.228877][T14473] 8021q: adding VLAN 0 to HW filter on device bond1 [ 182.236686][ T1924] ================================================================== [ 182.244758][ T1924] BUG: KCSAN: data-race in alloc_pid / copy_process [ 182.251340][ T1924] [ 182.253648][ T1924] read-write to 0xffffffff8685fc48 of 4 bytes by task 8693 on cpu 1: [ 182.261696][ T1924] alloc_pid+0x539/0x720 [ 182.265927][ T1924] copy_process+0xe25/0x2000 [ 182.270500][ T1924] kernel_clone+0x16c/0x5c0 [ 182.274992][ T1924] user_mode_thread+0x7d/0xb0 [ 182.279659][ T1924] call_usermodehelper_exec_work+0x41/0x160 [ 182.285539][ T1924] process_scheduled_works+0x4cb/0x9d0 [ 182.290985][ T1924] worker_thread+0x582/0x770 [ 182.295566][ T1924] kthread+0x489/0x510 [ 182.299624][ T1924] ret_from_fork+0x11f/0x1b0 [ 182.304197][ T1924] ret_from_fork_asm+0x1a/0x30 [ 182.308942][ T1924] [ 182.311245][ T1924] read to 0xffffffff8685fc48 of 4 bytes by task 1924 on cpu 0: [ 182.318764][ T1924] copy_process+0x14a6/0x2000 [ 182.323511][ T1924] kernel_clone+0x16c/0x5c0 [ 182.327998][ T1924] user_mode_thread+0x7d/0xb0 [ 182.332670][ T1924] call_usermodehelper_exec_work+0x41/0x160 [ 182.338553][ T1924] process_scheduled_works+0x4cb/0x9d0 [ 182.344000][ T1924] worker_thread+0x582/0x770 [ 182.348581][ T1924] kthread+0x489/0x510 [ 182.352629][ T1924] ret_from_fork+0x11f/0x1b0 [ 182.357199][ T1924] ret_from_fork_asm+0x1a/0x30 [ 182.361943][ T1924] [ 182.364246][ T1924] value changed: 0x8000010b -> 0x8000010c [ 182.369940][ T1924] [ 182.372244][ T1924] Reported by Kernel Concurrency Sanitizer on: [ 182.378382][ T1924] CPU: 0 UID: 0 PID: 1924 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(voluntary) [ 182.388253][ T1924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 182.398289][ T1924] Workqueue: events_unbound call_usermodehelper_exec_work [ 182.405390][ T1924] ================================================================== [ 182.428415][T14473] bond1 (unregistering): Released all slaves