last executing test programs: 3.443928993s ago: executing program 4 (id=9248): bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r0}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x84, 0x84, 0x2, [@func_proto, @union={0x5, 0x7, 0x0, 0x5, 0x1, 0x4, [{0x7, 0x0, 0x101}, {0x2, 0x4}, {0xa, 0x0, 0x2}, {0x0, 0x3, 0x1ff}, {0x4, 0x3, 0xfffffffe}, {0xa, 0x5, 0x8}, {0x5, 0x0, 0x9}]}, @float={0x9, 0x0, 0x0, 0x10, 0xc}, @volatile={0x0, 0x0, 0x0, 0x9, 0x5}]}}, 0x0, 0x9e, 0x0, 0x0, 0x1e3e}, 0x28) 3.164361898s ago: executing program 4 (id=9249): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000003640)='kfree\x00', r2, 0x0, 0x400}, 0x18) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000035c0)="5c00000013006bcd9e3fe3dc4e48aa31086b8703340000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x240000c0) 2.926736053s ago: executing program 4 (id=9252): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'syzkaller0\x00', @random="b524732b4e4a"}) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) writev(r0, &(0x7f0000000400)=[{&(0x7f00000001c0)="89e7ee2c78dad9b4b473fec988ca", 0xe}, {&(0x7f0000000540)="4acfb717f0892cf8a4940106b4aa39a71dc5a7541f61183c", 0x18}], 0x2) 2.787910416s ago: executing program 4 (id=9254): r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x18) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r0, &(0x7f0000000180)={&(0x7f0000000580)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x4008030) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="000000000000000000000000001e551d02369966d291642100195b251e8e7d76a261d9cac1f88b93cf1c8cd06adf9e0efc65a63c6147f0eecce0c50acf2aebbfaaf68fb579815188bdd0b804a5bd12c7e3df313e5f13dcd62b383a1e117eec7062c819932e253b139e89165191aaa480e447f8"], 0x48) 2.761946576s ago: executing program 4 (id=9255): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'syzkaller0\x00', @random="b524732b4e4a"}) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) writev(r0, &(0x7f0000000400)=[{&(0x7f00000001c0)="89e7ee2c78dad9b4b473fec988ca", 0xe}, {&(0x7f0000000540)="4acfb717f0892cf8a4940106b4aa39a71dc5a7541f61183cf86bcbea7932b98cbf3c8fa1a1952ae372f84969d92c62953da4f2b6f417fd6ea94192d5257d8eeb0aeb57e54b1f0e7d0076cd9208f9ce2660525680737c028075642ea8ad", 0x5d}], 0x2) 2.622477269s ago: executing program 4 (id=9257): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b70800000000000091c4af5f00000000bfa200000000000007020000f8ffffe4b703000008000000b704000000000000850000012a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000003640)='kfree\x00', r1, 0x0, 0x400}, 0x18) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000035c0)="5c00000013006bcd9e3fe3dc4e48aa31086b8703340000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x240000c0) 2.343756574s ago: executing program 0 (id=9263): setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x2}, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2400, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) syz_mount_image$iso9660(&(0x7f0000000940), &(0x7f0000000980)='./file0\x00', 0x2200440, &(0x7f0000000a00)={[{@showassoc}, {@map_acorn}, {@mode={'mode', 0x3d, 0xe}}, {@utf8}, {@check_relaxed}, {}, {@gid}, {@overriderock}, {@mode={'mode', 0x3d, 0x7}}, {@hide}, {@uid}, {@uid={'uid', 0x3d, 0xee01}}, {@unhide}, {@mode={'mode', 0x3d, 0x76}}, {@session={'session', 0x3d, 0x49}}, {@sbsector={'sbsector', 0x3d, 0x80000001}}, {}, {@uid}], [{@dont_hash}, {@fowner_eq}, {@dont_hash}]}, 0x0, 0x943, &(0x7f0000001500)="$eJzs3c1vHGcZAPBnNl7iuFWakrRx3ENXTYxMBM7uRkmIcsHxrp0tthfZjtSKi4G4KIqhiIIUKg5BQpyI4IA4wC1HThG99ITyV3Dgkj+AS8TJN1fv7PojzX44luN13d9Pmp2dmWfe55l9Z+eVP3Yn+Crb2NjIpz0u3/7nQRbL4XOz9vTR44dp+v1afCOOxZXs84jhiChFDEXEaERxurbYnO/T0L2IlYh4EpFFxPFozXdlJbI/x+vby08i+0fK29uum6eHDb7WBn3+AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAYZRN18rlShZzjYXbH5S6y28B3mP7ZnvNQnosNPvmjcjSFMPDm7f6Hj29vfmt9PBenG0tnc1vSB7D8elrb5+6cXqosLl/j4IOxCe//fTej9fWVn816EIGZLa+0FhqNuanZuulxlKzdP3q1fKlWzNLpZnGXH3pw6Xl+nxperE+tdxcLE1Mf7tUuX79cqk++WHz9sJsbWquvrny2ner5fLV0vuTP6xPLS41Fy69P7k0fasxN9dYmM1j0uYUcy2diD9oLJeW61PzpdJHd9dWL/crMgVVdhNU7RdULVerlUq1Wrl65fqVa+Xy0Asryl8SL0QM/qRlsPb9Gg57tdEe/wEAAICjK8t/x55+/i/mv4fPYqYxVy8PuiwAAABgH+V/+T+bZsWIONFe6+d/AAAAOEr6f8aub0T2nTjXijh3pzW/04741/E8YmSmMVefnG7O3ajEt7Y+7de5tWL+7wcXY6wVNTbSmo+0o9qfHBxOUZXJG5W4GO+0It6ZOJ9m5yd2RGYR+b8zVFuR7U/elDYji1uvwlabl1MkABx17/UZj3cz/l+M8VbE+FgadmNorMNoXTayAsBhsfUNNq/wyaCPEQB4nlEaAAAAAAAAAAAAAAAAAAAAAAAAAAAA9t9BfP+/J5548lV7MugrEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA11MWcazT+kLE8YgoR8Slg6/q1Xkw6AIGLFuP9bgfJwddBwAAAAAAAAAAAAAAAAAAAAAAAAAAAADAUdP+/v9CtOavtVbFUCFiPCJWIuJHg65xTzre1SBi/aDrOGR2fP9/6vPYyGKo1e2RFadri8351P35vR8KTx89fpim9q4/f5k8qYGU4bluaGfovteb+V4jtdVP7v3641+WajfzIm8uz8zV5mcXv78d+Hb2WUQpWtOmE+16fzf+7790OPLP0pHuLu9Mnrf2Yt6znfZ+2jNvL3fXVqsp03L9g+Xf/OLu/R2bvhljEecnIiaez/SzNHXJNBbFXtmyZ9kfs5Pxt1jJ+z+9GtlGlrrojfz4T3x0d2118qcfr93pUtOpGI2IOxHDu69pNL+edJSfdYViylrOg9LDmT7t9bSjxUqXY3gzzkXEyEsdw7nux5Dr87q3K7rcpaLT8e5L9/S7fTJ2lD3L/pvdiv/EH3bc/6OQ+n88dvPuTDF55I4zpWtkoRWZH3m1Z5td35XsTaHXxj/FT+J7W/1f2HH9b/fVwVyPdmR89e+L7UHozJdGpPbVp1uV7TrPtKK61PlWXIgYGnupK8qFPleUF/cv7uI4+8ieZX/PJuL/8cD9fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMMvizjWaX0hYjwiTkXEG2m5FLGxH/kKI1n87+R+tLQ3DwaX+lDI1mM97scAewAAAAAAAACA/XSz9vTR44dpytLisbiQfR4x3PpL/1BEnMr+WpyuLTbn+zRUjFiJiCd7qCHtF69vLz9JS6N7aAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCPriwAAAP//hO21Ig==") bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20010814) close(r1) 2.208036387s ago: executing program 0 (id=9265): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) getsockopt$sock_buf(r3, 0x1, 0x1a, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r5, 0x6, 0x0, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000040000bf00000000000000009500000000000000"], &(0x7f0000000200)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0) r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x1b, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@generic={0x4, 0x0, 0xc, 0x7f, 0x2}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xb8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x47c}, @ringbuf_query, @btf_id={0x18, 0x1, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x7}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='GPL\x00', 0x5, 0xe7, &(0x7f00000003c0)=""/231, 0x41100, 0x1a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x4, 0x7, 0x8, 0x7d}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000700)=[r6, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r7], &(0x7f0000000740)=[{0x5, 0x2, 0x83, 0x2}, {0x5, 0x2, 0x6, 0x7}], 0x10, 0x6}, 0x94) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x14eeaa19, &(0x7f00000000c0)) r8 = fsmount(r5, 0x0, 0x0) r9 = openat$cgroup_subtree(r8, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r9, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) 1.300663465s ago: executing program 0 (id=9279): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x1809049, 0x0, 0xff, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0x1, 0x0, 0x1, 0xa, 0x21005, 0x9, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) clock_gettime(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="4400000010000104fcffffff800000", @ANYRES32=0x0, @ANYBLOB="0344020000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r3, @ANYBLOB="774be249af121c19d30b639bb40cb511b2a4a14756c57c71e7f400612612eec90b447fdef5fa212b7018b56b8feebec233457ec041503a601b3c10c058bd9d9eee689b2c3720104c2766152a6a7e7562a0d79b34666c87f88b9c1937d17b2a67332bb2643e57a704bef7153d0dfd7f75339e00000000000000093d14c241bda2a379738dae7e8a99b95f65c0cec1f900"/161], 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = accept$phonet_pipe(0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000180)=0x10) getsockopt$PNPIPE_ENCAP(r5, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000440)=0x4) bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0xd, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x0, 0x0, 0x0, 0x2000004, 0x0, 0x0, 0x1f00, 0x39, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x2, 0x200008, 0x5, 0x20000}, 0x10}, 0x94) r6 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$bt_BT_POWER(r6, 0x112, 0x9, &(0x7f00000006c0)=0x4, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r4], 0x4c}}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.188153057s ago: executing program 2 (id=9284): bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r0}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x84, 0x84, 0x2, [@func_proto, @union={0x5, 0x7, 0x0, 0x5, 0x1, 0x4, [{0x7, 0x0, 0x101}, {0x2, 0x4}, {0xa, 0x0, 0x2}, {0x0, 0x3, 0x1ff}, {0x4, 0x3, 0xfffffffe}, {0xa, 0x5, 0x8}, {0x5, 0x0, 0x9}]}, @float={0x9, 0x0, 0x0, 0x10, 0xc}, @volatile={0x0, 0x0, 0x0, 0x9, 0x5}]}}, 0x0, 0x9e, 0x0, 0x0, 0x1e3e}, 0x28) 1.183199597s ago: executing program 2 (id=9285): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000001680)={0x3, &(0x7f0000001640)=[{0x7, 0xb, 0xe, 0xbf}, {0x81, 0x40, 0xb4, 0x6211}, {0x6, 0x9, 0x6, 0x400}]}) 1.062334349s ago: executing program 2 (id=9287): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="020000000400000008000000010000"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000910095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) creat(&(0x7f0000000080)='./bus\x00', 0x0) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x8c, &(0x7f0000000300)='trans=rdma,') 1.008283s ago: executing program 0 (id=9288): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) getsockopt$sock_buf(r3, 0x1, 0x1a, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r5, 0x6, 0x0, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000040000bf00000000000000009500000000000000"], &(0x7f0000000200)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000680)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x14eeaa19, &(0x7f00000000c0)) r7 = fsmount(r5, 0x0, 0x0) r8 = openat$cgroup_subtree(r7, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r8, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) 1.00655551s ago: executing program 2 (id=9289): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'syzkaller0\x00', @random="b524732b4e4a"}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000540)="4acfb717f0892cf8a4940106b4aa39a71dc5a7541f61183c", 0x18}], 0x1) 424.367902ms ago: executing program 3 (id=9297): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000001680)={0x2, &(0x7f0000001640)=[{0x81, 0x40, 0xb4, 0x6211}, {0x6, 0x9, 0x6, 0x400}]}) 394.155352ms ago: executing program 2 (id=9298): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="020000000400000008000000010000"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000910095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) creat(&(0x7f0000000080)='./bus\x00', 0x0) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x8c, &(0x7f0000000300)='trans=rdma,') 377.062543ms ago: executing program 3 (id=9299): r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0) r1 = socket$inet(0x2, 0x1, 0x100) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @mcast2, 0x1}, 0x1c) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32, @ANYBLOB="00000000000000006100ed0000000000180000000000000000000000000000009500000000000000b50a00000000000095000000000000001315c1"], &(0x7f0000000000)='GPL\x00', 0x4, 0x1e, &(0x7f0000000340)=""/238, 0x41000, 0x0, '\x00', 0x0, 0x900}, 0x21) r2 = fsmount(r0, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000002c0)='kmem_cache_free\x00', r3}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r6 = epoll_create(0x3) ioctl$TIOCOUTQ(r2, 0x5411, &(0x7f0000000240)) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f00000006c0)={0xf6c447fee59251f4}) close_range(r4, r5, 0x0) 356.720183ms ago: executing program 2 (id=9300): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r1 = socket(0x40000000015, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x2715, 0x0, &(0x7f0000000000)) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e40)=ANY=[@ANYBLOB="0b00000005000000020000000200000005"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000160000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10) r4 = socket(0x1e, 0x80004, 0x0) r5 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x7, 0x0, 0x1000004}, 0x10) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r6) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000a40)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000006feffff720af0fff8ffffff71a4f0ff000000002d030000000000001d400500000000004704000001ed000072030001030100001d44000000000000db0a00fee10000007303fe0000000000b500feff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67", @ANYRES8=r6, @ANYBLOB="38830297e264c645f37975c8d446ff9ee252232a7e4adc59dd07f1aa6a70f24945d68ceec524c768195f59a509661486cc448f03584c592ee20ed082eb0e2a200c46c2245280af01797285d3c1c4e695084b880a3d814f118568250a32992cf69bcc47c46bfabd15d3f5e48db6264d3ab5d8154e99b52ec302bdc3144aedf1d1972cf0e2e31670c4615e6f9d660dc15c975a00ec7424e2369d6336a2ac61a7a69a5d935c89d8fc6de2c498c145032367e3c6a200852f915c742b0ab2"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0xe, 0xfffffffc}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r7}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) r8 = socket$inet6_udp(0xa, 0x2, 0x0) r9 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000000680)={'batadv0\x00', 0x0}) sendto$packet(r9, &(0x7f00000000c0)="ea3d8100", 0x5f, 0x404cb51, &(0x7f0000000080)={0x11, 0x8100, r10, 0x1, 0x0, 0x6, @multicast}, 0x23) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f0000000040)={'syztnl2\x00', &(0x7f0000000100)={'ip6_vti0\x00', r10, 0x29, 0x0, 0x2, 0x0, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7800, 0x8, 0xf, 0x9}}) 325.244304ms ago: executing program 3 (id=9303): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000080)) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffe4ffff01"], 0x48) openat$selinux_context(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) socket$nl_netfilter(0x10, 0x3, 0xc) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x604100, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0b41, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000002c0)=ANY=[@ANYRES64=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x541c, &(0x7f0000000000)) 301.648084ms ago: executing program 1 (id=9304): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$team(&(0x7f0000000000), r0) process_mrelease(0xffffffffffffffff, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x44000) setfsuid(0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000640)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x80, &(0x7f0000000700)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000740), &(0x7f0000000780), 0x8, 0x9b, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) sendmsg$inet(r0, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000d80)=[{&(0x7f0000000b00)="9a62b14feabbbe904897bc7a14a98d6064fcb96d15658a73828e7aa1c2882abd789ff25966638ab6eabb9a5d334a98152c775b4fc462df15e9f6164bfe21", 0x3e}, {&(0x7f0000000b40)="f7681d782bb5c094b8b97c1c25499bbc1856d7ef718ab793531aeafb7bd865eaf8df126935e74ebeaaf47fcfeb32edc555980f6c3ad0c968a5d24af4fb518dbcbdda85ef445cb4a0784f6cf87e8675a407a03447c4dbbcea7e24285138ae2b8c2c96dd4c4a1585d6fbd5a262d5674f013ee74d4023ab3f0ce9b65454361872c9fe3be40e86ae1f24ff5ed3c1c03f1d71ba0c009b4e7e14f0c264eb5b6a7e80fd82f24db57597681bd6123c3b4d45817d9f19c2d65a1c0e91d4cee8e92556e0e0b635b7156d7ce02a26b41b546f98eb42d73a76b930db0e538efd910f4de3a7ebb21909d6ebbf4eb4ec82a0d4ac4af2dacf", 0xf1}, {&(0x7f0000000c40)="dde157751d16d9f5a32e271c855059cf079ec4f6e171dc34816919653236e5c649a2875c19ecdbbff3df1688a7ffd56a6b25ffca0bd92a0b546b155e641fe57c8fe53836cd855811d17365aac1d358c9936ccdb2456be6b5571d4eb00fbfd7930adfb34943f599a78cd5c3053dff7f4cab887e283de7ced39f1b2ab0b74f2a12eb18d7473b68e8b1ccd3e4a45d0d5c1519054e8ed7fbee983386687a678ed4cb83ccf70d23296e2d1764cb8c7297ca540536d44b40719bd024631b069f4e9121023170b7c88d3a6812b610bf6cad835220c6bfba1fbbece0d6", 0xd9}, {&(0x7f0000000d40)}], 0x4, &(0x7f0000000dc0)}, 0x8000) r1 = syz_open_dev$ptys(0xc, 0x3, 0x0) ioctl$KDFONTOP_GET(r1, 0x4b72, &(0x7f0000001280)={0x1, 0x1, 0x17, 0x2, 0x1ec, &(0x7f0000000e80)}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001480)) syz_open_dev$ptys(0xc, 0x3, 0x1) geteuid() ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f00000017c0)) write$usbip_server(0xffffffffffffffff, &(0x7f0000001880)=@ret_submit={{0x3, 0x7, 0x0, 0x0, 0x40000000}, 0x8, 0x18, 0x8, 0x5d, 0xea8, 0x0, "9451d22cefbe0a64d85101d7b041f9ad49ab758aa8c49e9f", [{0x1, 0x0, 0x5, 0x2}, {0x6c7, 0x8, 0x2, 0x4}, {0x1, 0x2, 0x2, 0x7ff}, {0xa, 0x200, 0xebe9, 0x1}, {0xd, 0x8, 0xe, 0x5}, {0x7fffffff, 0xf, 0xc, 0x3}, {0x1, 0x0, 0x5, 0xb61}, {0x0, 0x1, 0x8, 0x2}, {0xff, 0x6, 0x9}, {0x4, 0x6, 0x81, 0xffff}, {0x4508, 0x9, 0x81e0, 0xfffffffa}, {0xa, 0x2, 0x10000, 0x9}, {0x401, 0x30bb, 0x7, 0x5}, {0x2, 0xfffffff6, 0x1, 0x6}, {0xa37, 0x9, 0x2, 0x6}, {0x6, 0x10001, 0x4, 0x6}, {0x1, 0xfffffff2, 0x6, 0x8}, {0x8, 0x48, 0x4, 0x1}, {0x8000, 0xffff7ce1, 0xea, 0x7}, {0xd, 0x4, 0xb, 0xcd1}, {0x3f3, 0xdf73, 0x1bb7ed8c, 0x5c5}, {0x3, 0x9, 0x2, 0x2}, {0x1, 0x164, 0x1ff, 0x3}, {0xaa56, 0x0, 0x7, 0x2}, {0x0, 0x8, 0xb, 0x401}, {0x3, 0x7, 0x3ff, 0x3ff}, {0x6, 0x3, 0xfffffffa, 0xd5}, {0x6e80359e, 0x3, 0x9, 0x9}, {0x2, 0x7, 0x7}, {0x2, 0x3, 0x3, 0x4}, {0xd405, 0x1ff, 0x4, 0x6}, {0xf0, 0x87a, 0x2, 0xa}, {0xfff, 0x6, 0x6, 0x101}, {0x76870df2, 0x1, 0x401, 0x9}, {0x9, 0x0, 0xb, 0x21}, {0x7fff, 0x2, 0x9, 0x3}, {0x2, 0x9, 0x8000, 0x1}, {0x1ff, 0x10000, 0x6, 0xf}, {0x7fffffff, 0xfffffff9, 0xa, 0x2e06}, {0x7, 0x6, 0x3, 0x19}, {0xfffffffb, 0x2, 0x2, 0xb01}, {0x1b8, 0x80, 0xfffffffe, 0xfff}, {0x0, 0xe, 0x7, 0x5}, {0x1, 0x8, 0x394}, {0xf, 0x5b, 0x9f, 0x3}, {0x8, 0x7, 0x2, 0x3}, {0x1, 0x2, 0x0, 0x3ff}, {0x5, 0x6, 0x8000, 0xfffffff8}, {0x5, 0xff, 0x80, 0xfffffff8}, {0x4, 0xfff, 0x9, 0x8}, {0x5, 0x200, 0x5, 0x7}, {0x4, 0x3, 0xfffffffa, 0x9}, {0x1, 0x0, 0x8, 0x1}, {0x5, 0x3, 0x4}, {0x682, 0x1, 0x6956e414, 0xffffffff}, {0x9, 0xba1, 0x8, 0x7f}, {0x0, 0x42cf, 0x2, 0x7fffffff}, {0xde34, 0x8, 0xfffffe01, 0x7}, {0x1, 0x5, 0x7ff, 0x7}, {0x1, 0x600, 0x7f, 0x1}, {0x2, 0x3, 0x6, 0xfffffff2}, {0x6, 0x2, 0x10, 0x2b}, {0x7ff, 0xb, 0x7fffffff, 0x31}, {0xa642, 0x2, 0x9, 0x52}, {0x8, 0x401, 0x80000001, 0x3ff}, {0x4, 0x1000, 0x7fff, 0x1f3762d1}, {0x5, 0x111f80d4, 0x7f, 0x3}, {0x3, 0x7f, 0x0, 0x5}, {0x7fffffff, 0xa47, 0xef9e, 0x8}, {0x1000, 0x7, 0xae, 0x1}, {0xc, 0x4, 0x4, 0x48000}, {0xfffffd83, 0xffffff0f, 0x80000001, 0xffffd114}, {0x3, 0x2, 0x1ff, 0x82}, {0x9, 0x0, 0x6, 0x6}, {0x9, 0x4, 0x7, 0x3}, {0x1, 0x1, 0x3, 0x2}, {0xff, 0x488707c5, 0x5, 0x6}, {0xf, 0x6, 0x6, 0x4d0}, {0x3, 0x9, 0x101, 0x8}, {0x7, 0x7, 0x6}, {0x5, 0x7, 0xe, 0x36}, {0x10001, 0x0, 0xba1, 0x6}, {0xaa, 0x101, 0xe2, 0x5}, {0x2, 0xf, 0x8000, 0x70000000}, {0x6, 0xf, 0x5, 0xfdc}, {0x6fba, 0x5af, 0x29, 0x85d2}, {0x4, 0x4, 0x4, 0x7fff}, {0x800, 0x10000000, 0xfffffffb, 0x2}, {0x2, 0x6, 0x200, 0xc84}, {0x2, 0x8b1, 0x6, 0x4}, {0x4, 0x17e0000, 0x9, 0x7fff}, {0x43, 0x401, 0x9, 0x5d97fe65}, {0x800, 0x7, 0x1, 0x5}]}, 0x618) 293.839064ms ago: executing program 3 (id=9305): r0 = socket(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0xfff0) 256.409955ms ago: executing program 1 (id=9306): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x1809049, 0x0, 0xff, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0x1, 0x0, 0x1, 0xa, 0x21005, 0x9, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) clock_gettime(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="4400000010000104fcffffff800000", @ANYRES32=0x0, @ANYBLOB="0344020000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r3, @ANYBLOB="774be249af121c19d30b639bb40cb511b2a4a14756c57c71e7f400612612eec90b447fdef5fa212b7018b56b8feebec233457ec041503a601b3c10c058bd9d9eee689b2c3720104c2766152a6a7e7562a0d79b34666c87f88b9c1937d17b2a67332bb2643e57a704bef7153d0dfd7f75339e00000000000000093d14c241bda2a379738dae7e8a99b95f65c0cec1f900"/161], 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = accept$phonet_pipe(0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000180)=0x10) getsockopt$PNPIPE_ENCAP(r5, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000440)=0x4) bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0xd, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x0, 0x0, 0x0, 0x2000004, 0x0, 0x0, 0x1f00, 0x39, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x2, 0x200008, 0x5, 0x20000}, 0x10}, 0x94) r6 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$bt_BT_POWER(r6, 0x112, 0x9, &(0x7f00000006c0)=0x4, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r4], 0x4c}}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0) 256.111325ms ago: executing program 3 (id=9307): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'syzkaller0\x00', @random="b524732b4e4a"}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) writev(r0, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000540)="4acfb717f0892cf8a4940106b4aa39a71dc5a7541f61183c", 0x18}], 0x2) 140.236487ms ago: executing program 0 (id=9308): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000001680)={0x2, &(0x7f0000001640)=[{0x81, 0x40, 0xb4, 0x6211}, {0x6, 0x9, 0x6, 0x400}]}) 97.512408ms ago: executing program 1 (id=9309): r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x18) sendmsg$tipc(r0, &(0x7f0000000180)={&(0x7f0000000580)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x4008030) 74.098468ms ago: executing program 1 (id=9310): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="020000000400000008000000010000"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000910095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) creat(&(0x7f0000000080)='./bus\x00', 0x0) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x8c, &(0x7f0000000300)='trans=rdma,') 68.856419ms ago: executing program 0 (id=9311): r0 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18010000008000000000000000000004850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x70bd25, 0x25dfdbfc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0xfff1}, {0xe, 0x10}}, [@TCA_RATE={0x6, 0x5, {0xfc}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x20000000) 34.446249ms ago: executing program 1 (id=9312): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB, @ANYBLOB], 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r1 = socket(0x40000000015, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x2715, 0x0, &(0x7f0000000000)) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e40)=ANY=[@ANYBLOB="0b00000005000000020000000200000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000160000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) 3.07408ms ago: executing program 3 (id=9313): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000080)) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffe4ffff01"], 0x48) openat$selinux_context(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) socket$nl_netfilter(0x10, 0x3, 0xc) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pipe(&(0x7f0000000000)) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0b41, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000002c0)=ANY=[@ANYRES64=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x541c, &(0x7f0000000000)) 0s ago: executing program 1 (id=9314): socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b70800000000000091c4af5f00000000bfa200000000000007020000f8ffffe4b703000008000000b704000000000000850000012a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@uname={'uname', 0x3d, '\xd0\xae\xde\xc1\xaa \xff\xd8\x1d\x1b\xf8\x93)!|\xb0X\xa3\x96\xed\xa2\xab@\xa2m\x93\xdd\b<\x00t\xdc\xabl\xab!\xae\x16\xc4\xcd\xf9{\xdc5_;A\xd2{eC\x014\\\xb3\xc4\xce\xc3yS2-\x01\xbe\xaarW\x96O\xd3\x0f\xe2\xd7/\x17\x1d\xa7.8\x9f8-\xea<\x8d\x91\x90j\xea\xd5\xd5\xae\xcc\xc0\x97\xef\x10\x92\xea\x98|+\x00\x00\x00\x00\x00\x00\x00\x00'}}]}}) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000035c0)="5c00000013006bcd9e3fe3dc4e48aa31086b8703340000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x240000c0) kernel console output (not intermixed with test programs): 0007f95a721f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 499.490570][T28412] RAX: ffffffffffffffda RBX: 00007f95a89f5fa0 RCX: 00007f95a87bebe9 [ 499.490587][T28412] RDX: 0000000000008844 RSI: 0000200000000080 RDI: 0000000000000003 [ 499.490604][T28412] RBP: 00007f95a721f090 R08: 0000000000000000 R09: 0000000000000000 [ 499.490620][T28412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 499.490662][T28412] R13: 00007f95a89f6038 R14: 00007f95a89f5fa0 R15: 00007fffb0d51a48 [ 499.490688][T28412] [ 499.514848][T28414] syz!: rxe_newlink: already configured on team_slave_0 [ 500.080257][T18498] usb 2-1: device descriptor read/8, error -110 [ 500.190235][T18498] usb 2-1: new SuperSpeed USB device number 26 using vhci_hcd [ 500.351749][T18498] usb 2-1: enqueue for inactive port 0 [ 500.378549][T18498] usb 2-1: enqueue for inactive port 0 [ 500.393793][T18498] usb 2-1: enqueue for inactive port 0 [ 500.446857][T28436] bridge0: port 1(macsec1) entered blocking state [ 500.453440][T28436] bridge0: port 1(macsec1) entered disabled state [ 500.460424][T28436] macsec1: entered allmulticast mode [ 500.465802][T28436] bridge0: entered allmulticast mode [ 500.475005][T28436] macsec1: left allmulticast mode [ 500.480057][T28436] bridge0: left allmulticast mode [ 501.483645][T28456] SELinux: failed to load policy [ 501.508702][T28461] siw: device registration error -23 [ 501.522001][T28459] netlink: 'syz.1.8633': attribute type 1 has an invalid length. [ 501.630723][T28475] bridge0: port 1(macsec1) entered blocking state [ 501.637219][T28475] bridge0: port 1(macsec1) entered disabled state [ 501.644490][T28475] macsec1: entered allmulticast mode [ 501.649831][T28475] bridge0: entered allmulticast mode [ 501.655833][T28475] macsec1: left allmulticast mode [ 501.660936][T28475] bridge0: left allmulticast mode [ 501.674572][T28476] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 501.686681][T28476] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 501.708335][T28479] gretap1: entered promiscuous mode [ 501.714177][T28480] __nla_validate_parse: 4 callbacks suppressed [ 501.714255][T28480] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8638'. [ 501.775601][T28474] hsr0 speed is unknown, defaulting to 1000 [ 501.857342][T18498] usb usb2-port1: attempt power cycle [ 502.454142][T28501] FAULT_INJECTION: forcing a failure. [ 502.454142][T28501] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 502.467283][T28501] CPU: 0 UID: 0 PID: 28501 Comm: syz.2.8646 Not tainted syzkaller #0 PREEMPT(voluntary) [ 502.467314][T28501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 502.467362][T28501] Call Trace: [ 502.467369][T28501] [ 502.467393][T28501] __dump_stack+0x1d/0x30 [ 502.467416][T28501] dump_stack_lvl+0xe8/0x140 [ 502.467437][T28501] dump_stack+0x15/0x1b [ 502.467455][T28501] should_fail_ex+0x265/0x280 [ 502.467555][T28501] should_fail+0xb/0x20 [ 502.467574][T28501] should_fail_usercopy+0x1a/0x20 [ 502.467600][T28501] _copy_from_user+0x1c/0xb0 [ 502.467688][T28501] ___sys_sendmsg+0xc1/0x1d0 [ 502.467724][T28501] __x64_sys_sendmsg+0xd4/0x160 [ 502.467772][T28501] x64_sys_call+0x191e/0x2ff0 [ 502.467853][T28501] do_syscall_64+0xd2/0x200 [ 502.467887][T28501] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 502.467968][T28501] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 502.467999][T28501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.468021][T28501] RIP: 0033:0x7fd800b8ebe9 [ 502.468038][T28501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 502.468060][T28501] RSP: 002b:00007fd7ff5f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 502.468078][T28501] RAX: ffffffffffffffda RBX: 00007fd800dc5fa0 RCX: 00007fd800b8ebe9 [ 502.468128][T28501] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003 [ 502.468142][T28501] RBP: 00007fd7ff5f7090 R08: 0000000000000000 R09: 0000000000000000 [ 502.468156][T28501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 502.468170][T28501] R13: 00007fd800dc6038 R14: 00007fd800dc5fa0 R15: 00007ffd63b0b4a8 [ 502.468191][T28501] [ 502.880932][T28510] bridge0: port 1(macsec1) entered blocking state [ 502.887476][T28510] bridge0: port 1(macsec1) entered disabled state [ 502.971785][T28510] macsec1: entered allmulticast mode [ 502.977160][T28510] bridge0: entered allmulticast mode [ 502.992203][T28510] macsec1: left allmulticast mode [ 502.997331][T28510] bridge0: left allmulticast mode [ 503.120072][T28518] netlink: 'syz.1.8652': attribute type 13 has an invalid length. [ 503.221692][T28522] siw: device registration error -23 [ 503.251217][T28526] netlink: 'syz.3.8656': attribute type 16 has an invalid length. [ 503.259080][T28526] netlink: 'syz.3.8656': attribute type 17 has an invalid length. [ 503.301618][T28526] bridge0: entered promiscuous mode [ 503.317564][T28526] 8021q: adding VLAN 0 to HW filter on device bond0 [ 503.334378][T28526] 8021q: adding VLAN 0 to HW filter on device team0 [ 503.354803][T28526] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 503.379944][T28525] netlink: 'syz.4.8657': attribute type 13 has an invalid length. [ 503.431504][T28535] bridge0: port 1(macsec1) entered blocking state [ 503.438051][T28535] bridge0: port 1(macsec1) entered disabled state [ 503.444815][T28537] netlink: 'syz.3.8662': attribute type 10 has an invalid length. [ 503.452750][T28537] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8662'. [ 503.461977][T28535] macsec1: entered allmulticast mode [ 503.467271][T28535] bridge0: entered allmulticast mode [ 503.473271][T28535] macsec1: left allmulticast mode [ 503.478345][T28535] bridge0: left allmulticast mode [ 503.487553][T28537] veth1_vlan: left promiscuous mode [ 503.493962][T28537] batman_adv: batadv0: Adding interface: veth1_vlan [ 503.500610][T28537] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 503.527541][T28537] batman_adv: batadv0: Interface activated: veth1_vlan [ 503.667285][T28544] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 503.674580][T28544] IPv6: NLM_F_CREATE should be set when creating new route [ 503.700849][T28506] @+ invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 503.714400][T28506] CPU: 1 UID: 0 PID: 28506 Comm: @+ Not tainted syzkaller #0 PREEMPT(voluntary) [ 503.714511][T28506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 503.714526][T28506] Call Trace: [ 503.714532][T28506] [ 503.714541][T28506] __dump_stack+0x1d/0x30 [ 503.714565][T28506] dump_stack_lvl+0xe8/0x140 [ 503.714624][T28506] dump_stack+0x15/0x1b [ 503.714647][T28506] dump_header+0x81/0x220 [ 503.714679][T28506] oom_kill_process+0x342/0x400 [ 503.714730][T28506] out_of_memory+0x979/0xb80 [ 503.714763][T28506] try_charge_memcg+0x5e6/0x9e0 [ 503.714807][T28506] obj_cgroup_charge_pages+0xa6/0x150 [ 503.714853][T28506] __memcg_kmem_charge_page+0x9f/0x170 [ 503.714936][T28506] __alloc_frozen_pages_noprof+0x188/0x360 [ 503.714978][T28506] alloc_pages_mpol+0xb3/0x250 [ 503.715016][T28506] alloc_pages_noprof+0x90/0x130 [ 503.715154][T28506] __vmalloc_node_range_noprof+0x6f2/0xe00 [ 503.715206][T28506] __kvmalloc_node_noprof+0x30f/0x4e0 [ 503.715343][T28506] ? ip_set_alloc+0x1f/0x30 [ 503.715385][T28506] ? ip_set_alloc+0x1f/0x30 [ 503.715409][T28506] ? __kmalloc_cache_noprof+0x189/0x320 [ 503.715512][T28506] ip_set_alloc+0x1f/0x30 [ 503.715536][T28506] hash_netiface_create+0x282/0x740 [ 503.715574][T28506] ? __pfx_hash_netiface_create+0x10/0x10 [ 503.715603][T28506] ip_set_create+0x3c9/0x960 [ 503.715645][T28506] nfnetlink_rcv_msg+0x4c6/0x590 [ 503.715704][T28506] netlink_rcv_skb+0x120/0x220 [ 503.715790][T28506] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 503.715849][T28506] nfnetlink_rcv+0x16b/0x1690 [ 503.715943][T28506] ? _raw_spin_unlock+0x26/0x50 [ 503.715962][T28506] ? finish_task_switch+0xad/0x2b0 [ 503.715984][T28506] ? __schedule+0x6b9/0xb30 [ 503.716010][T28506] ? trace_reschedule_exit+0xd/0xc0 [ 503.716035][T28506] ? folios_put_refs+0x291/0x2d0 [ 503.716118][T28506] ? __rcu_read_unlock+0x4f/0x70 [ 503.716149][T28506] ? __perf_event_task_sched_in+0xa5b/0xac0 [ 503.716244][T28506] ? plist_check_list+0x1e4/0x210 [ 503.716274][T28506] ? perf_cgroup_switch+0x10c/0x480 [ 503.716305][T28506] ? _raw_spin_unlock+0x26/0x50 [ 503.716325][T28506] ? finish_task_switch+0xad/0x2b0 [ 503.716428][T28506] ? __schedule+0x6b9/0xb30 [ 503.716446][T28506] ? should_fail_ex+0x30/0x280 [ 503.716470][T28506] ? selinux_nlmsg_lookup+0x99/0x890 [ 503.716564][T28506] ? __rcu_read_unlock+0x34/0x70 [ 503.716589][T28506] ? __netlink_lookup+0x266/0x2a0 [ 503.716615][T28506] netlink_unicast+0x5c0/0x690 [ 503.716643][T28506] netlink_sendmsg+0x58b/0x6b0 [ 503.716687][T28506] ? __pfx_netlink_sendmsg+0x10/0x10 [ 503.716727][T28506] __sock_sendmsg+0x145/0x180 [ 503.716830][T28506] ____sys_sendmsg+0x31e/0x4e0 [ 503.716910][T28506] ___sys_sendmsg+0x17b/0x1d0 [ 503.716952][T28506] __x64_sys_sendmsg+0xd4/0x160 [ 503.716988][T28506] x64_sys_call+0x191e/0x2ff0 [ 503.717122][T28506] do_syscall_64+0xd2/0x200 [ 503.717172][T28506] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 503.717204][T28506] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 503.717237][T28506] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.717305][T28506] RIP: 0033:0x7fd800b8ebe9 [ 503.717325][T28506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 503.717349][T28506] RSP: 002b:00007fd7ff5f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 503.717375][T28506] RAX: ffffffffffffffda RBX: 00007fd800dc5fa0 RCX: 00007fd800b8ebe9 [ 503.717392][T28506] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003 [ 503.717409][T28506] RBP: 00007fd800c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 503.717425][T28506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 503.717490][T28506] R13: 00007fd800dc6038 R14: 00007fd800dc5fa0 R15: 00007ffd63b0b4a8 [ 503.717517][T28506] [ 503.717535][T28506] memory: usage 307200kB, limit 307200kB, failcnt 320 [ 504.090302][T28506] memory+swap: usage 307392kB, limit 9007199254740988kB, failcnt 0 [ 504.098234][T28506] kmem: usage 307184kB, limit 9007199254740988kB, failcnt 0 [ 504.105603][T28506] Memory cgroup stats for /syz2: [ 504.110617][T18498] usb usb2-port1: unable to enumerate USB device [ 504.123147][T28506] cache 4096 [ 504.126376][T28506] rss 12288 [ 504.129484][T28506] shmem 0 [ 504.132474][T28506] mapped_file 0 [ 504.135940][T28506] dirty 0 [ 504.138945][T28506] writeback 0 [ 504.142273][T28506] workingset_refault_anon 25 [ 504.146854][T28506] workingset_refault_file 273 [ 504.151624][T28506] swap 196608 [ 504.154911][T28506] swapcached 0 [ 504.158303][T28506] pgpgin 632652 [ 504.161792][T28506] pgpgout 632648 [ 504.165339][T28506] pgfault 747783 [ 504.168926][T28506] pgmajfault 19 [ 504.172415][T28506] inactive_anon 0 [ 504.176045][T28506] active_anon 0 [ 504.179564][T28506] inactive_file 0 [ 504.183247][T28506] active_file 4096 [ 504.186966][T28506] unevictable 12288 [ 504.190798][T28506] hierarchical_memory_limit 314572800 [ 504.196195][T28506] hierarchical_memsw_limit 9223372036854771712 [ 504.202369][T28506] total_cache 4096 [ 504.206085][T28506] total_rss 12288 [ 504.209750][T28506] total_shmem 0 [ 504.213240][T28506] total_mapped_file 0 [ 504.217249][T28506] total_dirty 0 [ 504.220803][T28506] total_writeback 0 [ 504.224671][T28506] total_workingset_refault_anon 25 [ 504.229775][T28506] total_workingset_refault_file 273 [ 504.235044][T28506] total_swap 196608 [ 504.238844][T28506] total_swapcached 0 [ 504.242779][T28506] total_pgpgin 632652 [ 504.246781][T28506] total_pgpgout 632648 [ 504.250863][T28506] total_pgfault 747783 [ 504.255170][T28506] total_pgmajfault 19 [ 504.259156][T28506] total_inactive_anon 0 [ 504.263323][T28506] total_active_anon 0 [ 504.267295][T28506] total_inactive_file 0 [ 504.271519][T28506] total_active_file 4096 [ 504.275755][T28506] total_unevictable 12288 [ 504.280071][T28506] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.8647,pid=28503,uid=0 [ 504.294785][T28506] Memory cgroup out of memory: Killed process 28503 (syz.2.8647) total-vm:93684kB, anon-rss:1136kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 504.429429][T28560] netlink: 'syz.3.8666': attribute type 13 has an invalid length. [ 504.481874][T28560] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 504.605925][T28506] @+ (28506) used greatest stack depth: 7512 bytes left [ 504.668590][T28577] bridge0: port 1(macsec1) entered blocking state [ 504.675255][T28577] bridge0: port 1(macsec1) entered disabled state [ 504.681919][T28577] macsec1: entered allmulticast mode [ 504.687214][T28577] bridge0: entered allmulticast mode [ 504.693382][T28577] macsec1: left allmulticast mode [ 504.698429][T28577] bridge0: left allmulticast mode [ 504.759467][T28580] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 504.759919][T28578] netlink: 'syz.2.8675': attribute type 13 has an invalid length. [ 504.766111][T28580] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 504.782278][T28580] vhci_hcd vhci_hcd.0: Device attached [ 504.831286][T28585] netlink: 'syz.4.8677': attribute type 10 has an invalid length. [ 504.839148][T28585] netlink: 40 bytes leftover after parsing attributes in process `syz.4.8677'. [ 504.865136][T28580] netlink: 'syz.0.8669': attribute type 10 has an invalid length. [ 504.870331][T28585] veth1_vlan: left promiscuous mode [ 504.878841][T28585] batman_adv: batadv0: Adding interface: veth1_vlan [ 504.885472][T28585] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 504.911224][T28585] batman_adv: batadv0: Interface activated: veth1_vlan [ 504.923337][T28580] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 505.050484][T18498] usb 2-1: SetAddress Request (30) to port 0 [ 505.063536][T18498] usb 2-1: new SuperSpeed USB device number 30 using vhci_hcd [ 505.232162][T28592] siw: device registration error -23 [ 505.272356][T28593] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 505.278921][T28593] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 505.287197][T28593] vhci_hcd vhci_hcd.0: Device attached [ 505.377663][T28593] netlink: 'syz.4.8678': attribute type 10 has an invalid length. [ 505.435361][T28593] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 505.444930][T28600] tipc: Enabling of bearer rejected, failed to enable media [ 505.512570][T28581] vhci_hcd: connection reset by peer [ 505.517968][ T12] vhci_hcd: stop threads [ 505.522321][ T12] vhci_hcd: release socket [ 505.526747][ T12] vhci_hcd: disconnect device [ 505.560449][T18494] usb 10-1: SetAddress Request (39) to port 0 [ 505.566693][T18494] usb 10-1: new SuperSpeed USB device number 39 using vhci_hcd [ 505.955151][T28594] vhci_hcd: connection reset by peer [ 505.981743][ T51] vhci_hcd: stop threads [ 505.986065][ T51] vhci_hcd: release socket [ 505.990648][ T51] vhci_hcd: disconnect device [ 506.269441][ T29] kauditd_printk_skb: 101 callbacks suppressed [ 506.269467][ T29] audit: type=1326 audit(2000000010.970:8935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28641 comm="syz.0.8691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76001ebe9 code=0x7ffc0000 [ 506.330316][ T29] audit: type=1326 audit(2000000010.970:8936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28641 comm="syz.0.8691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76001ebe9 code=0x7ffc0000 [ 506.353996][ T29] audit: type=1326 audit(2000000010.970:8937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28641 comm="syz.0.8691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7fb76001ebe9 code=0x7ffc0000 [ 506.377602][ T29] audit: type=1326 audit(2000000010.970:8938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28641 comm="syz.0.8691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76001ebe9 code=0x7ffc0000 [ 506.401194][ T29] audit: type=1326 audit(2000000010.970:8939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28641 comm="syz.0.8691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb76001ebe9 code=0x7ffc0000 [ 506.424694][ T29] audit: type=1326 audit(2000000010.970:8940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28641 comm="syz.0.8691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76001ebe9 code=0x7ffc0000 [ 506.448208][ T29] audit: type=1326 audit(2000000010.970:8941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28641 comm="syz.0.8691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb76001ebe9 code=0x7ffc0000 [ 506.471882][ T29] audit: type=1326 audit(2000000010.970:8942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28641 comm="syz.0.8691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76001ebe9 code=0x7ffc0000 [ 506.495506][ T29] audit: type=1326 audit(2000000010.980:8943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28641 comm="syz.0.8691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb76001ebe9 code=0x7ffc0000 [ 506.519024][ T29] audit: type=1326 audit(2000000010.980:8944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28641 comm="syz.0.8691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76001ebe9 code=0x7ffc0000 [ 506.562723][ T2025] bond0 (unregistering): Released all slaves [ 506.592214][ T2025] bond1 (unregistering): Released all slaves [ 506.600985][ T2025] bond2 (unregistering): Released all slaves [ 506.642269][ T2025] tipc: Left network mode [ 506.662430][T28649] tipc: Enabling of bearer rejected, failed to enable media [ 506.684160][T28650] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8692'. [ 506.709274][T28647] hsr0 speed is unknown, defaulting to 1000 [ 506.734093][T28618] hsr0 speed is unknown, defaulting to 1000 [ 506.770056][ T2025] hsr_slave_0: left promiscuous mode [ 506.786353][ T2025] hsr_slave_1: left promiscuous mode [ 506.812333][T28662] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 506.818963][T28662] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 506.826636][T28662] vhci_hcd vhci_hcd.0: Device attached [ 506.882926][T28662] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8698'. [ 506.892002][T28662] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8698'. [ 506.926859][T28663] vhci_hcd: connection closed [ 506.927264][ T1724] vhci_hcd: stop threads [ 506.936283][ T1724] vhci_hcd: release socket [ 506.940751][ T1724] vhci_hcd: disconnect device [ 506.951468][T28666] netlink: 'syz.3.8699': attribute type 16 has an invalid length. [ 506.959316][T28666] netlink: 'syz.3.8699': attribute type 17 has an invalid length. [ 506.981550][T28666] bridge0: left promiscuous mode [ 506.987872][T28666] 8021q: adding VLAN 0 to HW filter on device bond0 [ 506.996209][T28666] 8021q: adding VLAN 0 to HW filter on device team0 [ 507.005876][T28666] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 507.025087][T28618] chnl_net:caif_netlink_parms(): no params data found [ 507.099721][T28618] bridge0: port 1(bridge_slave_0) entered blocking state [ 507.107041][T28618] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.114289][T28618] bridge_slave_0: entered allmulticast mode [ 507.120955][T28618] bridge_slave_0: entered promiscuous mode [ 507.130094][T28618] bridge0: port 2(bridge_slave_1) entered blocking state [ 507.137568][T28618] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.145317][T28618] bridge_slave_1: entered allmulticast mode [ 507.152791][T28618] bridge_slave_1: entered promiscuous mode [ 507.175437][T28618] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 507.188502][T28618] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 507.229605][T28618] team0: Port device team_slave_0 added [ 507.238854][T28618] team0: Port device team_slave_1 added [ 507.270469][T28684] tipc: Enabling of bearer rejected, failed to enable media [ 507.301898][T28618] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 507.308904][T28618] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 507.334944][T28618] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 507.347526][T28618] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 507.354583][T28618] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 507.380562][T28618] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 507.413911][T28618] hsr_slave_0: entered promiscuous mode [ 507.420021][T28618] hsr_slave_1: entered promiscuous mode [ 507.938980][T28618] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 507.956894][T28618] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 507.977415][T28618] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 507.991298][T28618] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 508.053050][T28618] 8021q: adding VLAN 0 to HW filter on device bond0 [ 508.074574][T28618] 8021q: adding VLAN 0 to HW filter on device team0 [ 508.085445][ T1724] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.092561][ T1724] bridge0: port 1(bridge_slave_0) entered forwarding state [ 508.113476][ T2025] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.120615][ T2025] bridge0: port 2(bridge_slave_1) entered forwarding state [ 508.199653][T28618] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 508.283530][T28618] veth0_vlan: entered promiscuous mode [ 508.295047][T28618] veth1_vlan: entered promiscuous mode [ 508.322268][T28618] veth0_macvtap: entered promiscuous mode [ 508.328762][T28730] hsr0 speed is unknown, defaulting to 1000 [ 508.330368][T28618] veth1_macvtap: entered promiscuous mode [ 508.355469][T28739] batman_adv: batadv0: Removing interface: veth1_vlan [ 508.375102][T28618] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 508.390979][T28618] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 508.417214][ T1793] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 508.437291][ T1793] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 508.453267][ T1793] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 508.462189][ T1793] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 508.494653][T28750] netlink: 'syz.3.8720': attribute type 16 has an invalid length. [ 508.502595][T28750] netlink: 'syz.3.8720': attribute type 17 has an invalid length. [ 508.516088][T28750] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 508.539871][T28752] bridge0: entered promiscuous mode [ 508.547186][T28752] bridge0: port 3(macsec1) entered blocking state [ 508.553715][T28752] bridge0: port 3(macsec1) entered disabled state [ 508.561505][T28752] macsec1: entered allmulticast mode [ 508.566845][T28752] bridge0: entered allmulticast mode [ 508.573348][T28752] macsec1: left allmulticast mode [ 508.578432][T28752] bridge0: left allmulticast mode [ 508.584497][T28752] bridge0: left promiscuous mode [ 508.593889][T28758] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 508.601160][T28758] IPv6: NLM_F_CREATE should be set when creating new route [ 508.763481][T28776] bond0: (slave batadv_slave_0): Releasing backup interface [ 508.773774][T28776] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 508.780873][T28776] batman_adv: batadv0: Removing interface: veth1_vlan [ 508.884118][T28779] netlink: 'syz.4.8728': attribute type 10 has an invalid length. [ 508.892137][T28779] netlink: 40 bytes leftover after parsing attributes in process `syz.4.8728'. [ 508.966024][T28779] batman_adv: batadv0: Adding interface: veth1_vlan [ 508.972794][T28779] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.029897][T28779] batman_adv: batadv0: Interface activated: veth1_vlan [ 509.153828][T28786] FAULT_INJECTION: forcing a failure. [ 509.153828][T28786] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 509.167044][T28786] CPU: 1 UID: 0 PID: 28786 Comm: syz.0.8731 Not tainted syzkaller #0 PREEMPT(voluntary) [ 509.167069][T28786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 509.167116][T28786] Call Trace: [ 509.167124][T28786] [ 509.167134][T28786] __dump_stack+0x1d/0x30 [ 509.167159][T28786] dump_stack_lvl+0xe8/0x140 [ 509.167177][T28786] dump_stack+0x15/0x1b [ 509.167206][T28786] should_fail_ex+0x265/0x280 [ 509.167232][T28786] should_fail+0xb/0x20 [ 509.167248][T28786] should_fail_usercopy+0x1a/0x20 [ 509.167328][T28786] _copy_from_user+0x1c/0xb0 [ 509.167355][T28786] do_semtimedop+0x14e/0x220 [ 509.167411][T28786] __x64_sys_semop+0x41/0x50 [ 509.167443][T28786] x64_sys_call+0x2974/0x2ff0 [ 509.167469][T28786] do_syscall_64+0xd2/0x200 [ 509.167503][T28786] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 509.167534][T28786] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 509.167569][T28786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.167592][T28786] RIP: 0033:0x7fb76001ebe9 [ 509.167643][T28786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 509.167664][T28786] RSP: 002b:00007fb75ea7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000041 [ 509.167685][T28786] RAX: ffffffffffffffda RBX: 00007fb760255fa0 RCX: 00007fb76001ebe9 [ 509.167702][T28786] RDX: 0000000000000002 RSI: 00002000000000c0 RDI: 0000000000000000 [ 509.167717][T28786] RBP: 00007fb75ea7f090 R08: 0000000000000000 R09: 0000000000000000 [ 509.167733][T28786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 509.167748][T28786] R13: 00007fb760256038 R14: 00007fb760255fa0 R15: 00007ffc2fddcb48 [ 509.167816][T28786] [ 509.352542][T28789] netlink: 'syz.1.8732': attribute type 16 has an invalid length. [ 509.360589][T28789] netlink: 'syz.1.8732': attribute type 17 has an invalid length. [ 509.392673][T28789] bridge0: entered promiscuous mode [ 509.399158][T28789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 509.408759][T28789] 8021q: adding VLAN 0 to HW filter on device team0 [ 509.419768][T28789] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 509.468010][T28795] tipc: Enabling of bearer rejected, failed to enable media [ 509.517573][T28803] bridge0: port 1(macsec1) entered blocking state [ 509.524305][T28803] bridge0: port 1(macsec1) entered disabled state [ 509.548485][T28807] FAULT_INJECTION: forcing a failure. [ 509.548485][T28807] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 509.561865][T28807] CPU: 1 UID: 0 PID: 28807 Comm: syz.1.8740 Not tainted syzkaller #0 PREEMPT(voluntary) [ 509.561935][T28807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 509.561952][T28807] Call Trace: [ 509.561959][T28807] [ 509.561988][T28807] __dump_stack+0x1d/0x30 [ 509.562121][T28807] dump_stack_lvl+0xe8/0x140 [ 509.562141][T28807] dump_stack+0x15/0x1b [ 509.562157][T28807] should_fail_ex+0x265/0x280 [ 509.562184][T28807] should_fail+0xb/0x20 [ 509.562202][T28807] should_fail_usercopy+0x1a/0x20 [ 509.562287][T28807] _copy_from_user+0x1c/0xb0 [ 509.562316][T28807] __sys_bpf+0x178/0x7b0 [ 509.562356][T28807] __x64_sys_bpf+0x41/0x50 [ 509.562465][T28807] x64_sys_call+0x2aea/0x2ff0 [ 509.562486][T28807] do_syscall_64+0xd2/0x200 [ 509.562526][T28807] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 509.562549][T28807] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 509.562614][T28807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.562635][T28807] RIP: 0033:0x7f4005f1ebe9 [ 509.562651][T28807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 509.562751][T28807] RSP: 002b:00007f4004987038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 509.562783][T28807] RAX: ffffffffffffffda RBX: 00007f4006155fa0 RCX: 00007f4005f1ebe9 [ 509.562803][T28807] RDX: 0000000000000094 RSI: 0000200000000240 RDI: 0000000000000005 [ 509.562817][T28807] RBP: 00007f4004987090 R08: 0000000000000000 R09: 0000000000000000 [ 509.562829][T28807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 509.562841][T28807] R13: 00007f4006156038 R14: 00007f4006155fa0 R15: 00007ffe5b27a528 [ 509.562940][T28807] [ 509.739087][T28803] macsec1: entered allmulticast mode [ 509.744592][T28803] bridge0: entered allmulticast mode [ 509.750761][T28803] macsec1: left allmulticast mode [ 509.755815][T28803] bridge0: left allmulticast mode [ 509.871284][T28814] hsr0 speed is unknown, defaulting to 1000 [ 509.894567][T28827] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8744'. [ 510.022662][T28845] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8751'. [ 510.037136][T28847] tipc: Enabling of bearer rejected, failed to enable media [ 510.156396][T28859] FAULT_INJECTION: forcing a failure. [ 510.156396][T28859] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 510.169611][T28859] CPU: 0 UID: 0 PID: 28859 Comm: syz.1.8756 Not tainted syzkaller #0 PREEMPT(voluntary) [ 510.169649][T28859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 510.169660][T28859] Call Trace: [ 510.169666][T28859] [ 510.169673][T28859] __dump_stack+0x1d/0x30 [ 510.169697][T28859] dump_stack_lvl+0xe8/0x140 [ 510.169715][T28859] dump_stack+0x15/0x1b [ 510.169730][T28859] should_fail_ex+0x265/0x280 [ 510.169751][T28859] should_fail+0xb/0x20 [ 510.169789][T28859] should_fail_usercopy+0x1a/0x20 [ 510.169810][T28859] _copy_from_user+0x1c/0xb0 [ 510.169836][T28859] ___sys_sendmsg+0xc1/0x1d0 [ 510.169887][T28859] __x64_sys_sendmsg+0xd4/0x160 [ 510.169922][T28859] x64_sys_call+0x191e/0x2ff0 [ 510.169949][T28859] do_syscall_64+0xd2/0x200 [ 510.169998][T28859] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 510.170025][T28859] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 510.170089][T28859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.170109][T28859] RIP: 0033:0x7f4005f1ebe9 [ 510.170123][T28859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 510.170139][T28859] RSP: 002b:00007f4004987038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 510.170164][T28859] RAX: ffffffffffffffda RBX: 00007f4006155fa0 RCX: 00007f4005f1ebe9 [ 510.170180][T28859] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004 [ 510.170220][T28859] RBP: 00007f4004987090 R08: 0000000000000000 R09: 0000000000000000 [ 510.170234][T28859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 510.170248][T28859] R13: 00007f4006156038 R14: 00007f4006155fa0 R15: 00007ffe5b27a528 [ 510.170270][T28859] [ 510.170838][T18498] usb 2-1: device descriptor read/8, error -110 [ 510.450357][T18498] usb 2-1: new SuperSpeed USB device number 30 using vhci_hcd [ 510.471631][T18498] usb 2-1: enqueue for inactive port 0 [ 510.477348][T18498] usb 2-1: enqueue for inactive port 0 [ 510.492030][T18498] usb 2-1: enqueue for inactive port 0 [ 510.655369][T18494] usb 10-1: device descriptor read/8, error -110 [ 510.665800][T28864] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8757'. [ 510.687145][T28864] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8757'. [ 510.770722][T18494] usb 10-1: new SuperSpeed USB device number 39 using vhci_hcd [ 510.790382][T18494] usb 10-1: enqueue for inactive port 0 [ 510.796104][T18494] usb 10-1: enqueue for inactive port 0 [ 510.802368][T18494] usb 10-1: enqueue for inactive port 0 [ 510.963685][T28873] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 510.989143][T28885] siw: device registration error -23 [ 511.135648][T28895] netlink: 'syz.2.8767': attribute type 13 has an invalid length. [ 511.175710][T28895] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.182873][T28895] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.223376][T28895] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 511.233411][T28895] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 511.298363][ T1724] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.312327][ T1724] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.347324][ T1724] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.356908][ T1724] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.366607][T28900] tipc: Enabling of bearer rejected, failed to enable media [ 511.540753][T18498] usb usb2-port1: attempt power cycle [ 511.761056][ T29] kauditd_printk_skb: 220 callbacks suppressed [ 511.761072][ T29] audit: type=1400 audit(2000000016.420:9165): avc: denied { bind } for pid=28919 comm="syz.1.8775" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 511.786777][ T29] audit: type=1400 audit(2000000016.420:9166): avc: denied { listen } for pid=28919 comm="syz.1.8775" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 511.806401][ T29] audit: type=1400 audit(2000000016.420:9167): avc: denied { ioctl } for pid=28919 comm="syz.1.8775" path="socket:[110524]" dev="sockfs" ino=110524 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 511.883162][T18494] usb usb10-port1: attempt power cycle [ 511.963940][T28928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 511.972436][ T29] audit: type=1326 audit(2000000016.680:9168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28929 comm="syz.2.8780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a7d24ebe9 code=0x7ffc0000 [ 511.995991][ T29] audit: type=1326 audit(2000000016.680:9169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28929 comm="syz.2.8780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a7d24ebe9 code=0x7ffc0000 [ 512.019537][ T29] audit: type=1326 audit(2000000016.680:9170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28929 comm="syz.2.8780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5a7d24ebe9 code=0x7ffc0000 [ 512.043213][ T29] audit: type=1326 audit(2000000016.680:9171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28929 comm="syz.2.8780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a7d24ebe9 code=0x7ffc0000 [ 512.066802][ T29] audit: type=1326 audit(2000000016.680:9172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28929 comm="syz.2.8780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5a7d24ebe9 code=0x7ffc0000 [ 512.090397][ T29] audit: type=1326 audit(2000000016.680:9173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28929 comm="syz.2.8780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a7d24ebe9 code=0x7ffc0000 [ 512.113997][ T29] audit: type=1326 audit(2000000016.680:9174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28929 comm="syz.2.8780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5a7d24ebe9 code=0x7ffc0000 [ 512.120331][T28928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 512.262932][T28939] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8783'. [ 512.272235][T28939] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8783'. [ 512.297308][T28941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8784'. [ 512.371158][T28950] netlink: 'syz.0.8787': attribute type 16 has an invalid length. [ 512.379034][T28950] netlink: 'syz.0.8787': attribute type 17 has an invalid length. [ 512.403293][T28950] 8021q: adding VLAN 0 to HW filter on device bond0 [ 512.411726][T28950] 8021q: adding VLAN 0 to HW filter on device team0 [ 512.422621][T28950] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 512.485717][T28955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 512.494320][T28955] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 512.762120][T28971] netlink: 'syz.4.8790': attribute type 13 has an invalid length. [ 512.770860][T28971] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 513.316760][T28980] netlink: 'syz.3.8797': attribute type 16 has an invalid length. [ 513.343361][T28980] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 513.413089][T28993] FAULT_INJECTION: forcing a failure. [ 513.413089][T28993] name failslab, interval 1, probability 0, space 0, times 0 [ 513.425817][T28993] CPU: 0 UID: 0 PID: 28993 Comm: syz.3.8799 Not tainted syzkaller #0 PREEMPT(voluntary) [ 513.425846][T28993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 513.425905][T28993] Call Trace: [ 513.425913][T28993] [ 513.425921][T28993] __dump_stack+0x1d/0x30 [ 513.425950][T28993] dump_stack_lvl+0xe8/0x140 [ 513.425973][T28993] dump_stack+0x15/0x1b [ 513.425993][T28993] should_fail_ex+0x265/0x280 [ 513.426020][T28993] ? audit_log_d_path+0x8d/0x150 [ 513.426116][T28993] should_failslab+0x8c/0xb0 [ 513.426190][T28993] __kmalloc_cache_noprof+0x4c/0x320 [ 513.426220][T28993] audit_log_d_path+0x8d/0x150 [ 513.426254][T28993] audit_log_d_path_exe+0x42/0x70 [ 513.426313][T28993] audit_log_task+0x1e9/0x250 [ 513.426349][T28993] audit_seccomp+0x61/0x100 [ 513.426380][T28993] ? __seccomp_filter+0x68c/0x10d0 [ 513.426400][T28993] __seccomp_filter+0x69d/0x10d0 [ 513.426499][T28993] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 513.426549][T28993] ? vfs_write+0x7e8/0x960 [ 513.426599][T28993] ? __rcu_read_unlock+0x4f/0x70 [ 513.426667][T28993] ? __fget_files+0x184/0x1c0 [ 513.426702][T28993] __secure_computing+0x82/0x150 [ 513.426757][T28993] syscall_trace_enter+0xcf/0x1e0 [ 513.426784][T28993] do_syscall_64+0xac/0x200 [ 513.426895][T28993] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 513.426937][T28993] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 513.426967][T28993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.426993][T28993] RIP: 0033:0x7f95a87bebe9 [ 513.427010][T28993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 513.427104][T28993] RSP: 002b:00007f95a721f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 513.427146][T28993] RAX: ffffffffffffffda RBX: 00007f95a89f5fa0 RCX: 00007f95a87bebe9 [ 513.427164][T28993] RDX: 0000000000000006 RSI: 0000200000000280 RDI: 0000000000000006 [ 513.427265][T28993] RBP: 00007f95a721f090 R08: 0000000000000000 R09: 0000000000000000 [ 513.427314][T28993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 513.427326][T28993] R13: 00007f95a89f6038 R14: 00007f95a89f5fa0 R15: 00007fffb0d51a48 [ 513.427350][T28993] [ 513.430696][T18498] usb usb2-port1: unable to enumerate USB device [ 513.487697][T28981] hsr0 speed is unknown, defaulting to 1000 [ 513.729977][T28981] chnl_net:caif_netlink_parms(): no params data found [ 513.740748][T18494] usb usb10-port1: unable to enumerate USB device [ 513.780703][T28981] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.787796][T28981] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.796246][T28981] bridge_slave_0: entered allmulticast mode [ 513.803238][T28981] bridge_slave_0: entered promiscuous mode [ 513.813297][T28981] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.820453][T28981] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.838161][T28981] bridge_slave_1: entered allmulticast mode [ 513.853612][T28981] bridge_slave_1: entered promiscuous mode [ 513.877163][T28981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 513.888208][T28981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 513.914246][T28981] team0: Port device team_slave_0 added [ 513.921686][T28981] team0: Port device team_slave_1 added [ 513.939637][T28981] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 513.946643][T28981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 513.972671][T28981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 513.985483][T28981] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 513.992522][T28981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 514.018677][T28981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 514.052638][T28981] hsr_slave_0: entered promiscuous mode [ 514.058725][T28981] hsr_slave_1: entered promiscuous mode [ 514.065848][T28981] debugfs: 'hsr0' already exists in 'hsr' [ 514.071726][T28981] Cannot create hsr debugfs directory [ 514.232328][ T2025] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 514.243367][ T2025] bond0 (unregistering): Released all slaves [ 514.276462][ T2025] bond1 (unregistering): Released all slaves [ 514.289207][T29018] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8806'. [ 514.290195][ T2025] bond2 (unregistering): Released all slaves [ 514.307372][ T2025] bond3 (unregistering): Released all slaves [ 514.326239][T29018] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8806'. [ 514.369280][ T2025] tipc: Left network mode [ 514.418646][T29024] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 514.425942][T29024] IPv6: NLM_F_CREATE should be set when creating new route [ 514.502951][ T2025] hsr_slave_0: left promiscuous mode [ 514.509994][ T2025] hsr_slave_1: left promiscuous mode [ 514.515868][ T2025] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 514.523082][ T2025] batman_adv: batadv0: Removing interface: veth1_vlan [ 515.141516][T28981] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 515.149614][ T2025] IPVS: stop unused estimator thread 0... [ 515.182963][T28981] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 515.199267][T28981] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 515.208971][T28981] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 515.287376][T28981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 515.305136][T28981] 8021q: adding VLAN 0 to HW filter on device team0 [ 515.315077][ T2025] bridge0: port 1(bridge_slave_0) entered blocking state [ 515.322238][ T2025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 515.353432][T28981] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 515.364402][T28981] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 515.389480][ T2025] bridge0: port 2(bridge_slave_1) entered blocking state [ 515.396825][ T2025] bridge0: port 2(bridge_slave_1) entered forwarding state [ 515.487613][T28981] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 515.567787][T29077] validate_nla: 1 callbacks suppressed [ 515.567826][T29077] netlink: 'syz.1.8822': attribute type 10 has an invalid length. [ 515.581382][T29077] netlink: 156 bytes leftover after parsing attributes in process `syz.1.8822'. [ 515.626756][T29077] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8822'. [ 515.686864][T28981] veth0_vlan: entered promiscuous mode [ 515.704744][T28981] veth1_vlan: entered promiscuous mode [ 515.734123][T29095] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 515.740776][T29095] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 515.747567][T28981] veth0_macvtap: entered promiscuous mode [ 515.748991][T29095] vhci_hcd vhci_hcd.0: Device attached [ 515.772491][T28981] veth1_macvtap: entered promiscuous mode [ 515.787228][T29094] bridge0: port 3(macsec1) entered blocking state [ 515.793747][T29094] bridge0: port 3(macsec1) entered disabled state [ 515.821744][T29094] macsec1: entered allmulticast mode [ 515.827103][T29094] bridge0: entered allmulticast mode [ 515.849132][T29094] macsec1: left allmulticast mode [ 515.854259][T29094] bridge0: left allmulticast mode [ 515.875501][T29095] netlink: 'syz.4.8819': attribute type 10 has an invalid length. [ 515.878683][T28981] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 515.895053][T29095] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 515.907241][T28981] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 515.927848][ T37] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.954818][ T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.977660][ T2025] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.997302][ T2025] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.040229][ T36] usb 10-1: SetAddress Request (43) to port 0 [ 516.046622][ T36] usb 10-1: new SuperSpeed USB device number 43 using vhci_hcd [ 516.230326][T29096] vhci_hcd: connection reset by peer [ 516.241588][ T1724] vhci_hcd: stop threads [ 516.245886][ T1724] vhci_hcd: release socket [ 516.250343][ T1724] vhci_hcd: disconnect device [ 516.832507][T29130] netlink: 'syz.2.8834': attribute type 13 has an invalid length. [ 516.895403][ T29] kauditd_printk_skb: 76 callbacks suppressed [ 516.895418][ T29] audit: type=1326 audit(2000000021.600:9251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29131 comm="syz.3.8835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 516.963696][ T29] audit: type=1326 audit(2000000021.640:9252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29131 comm="syz.3.8835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 516.987396][ T29] audit: type=1326 audit(2000000021.640:9253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29131 comm="syz.3.8835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 517.011304][ T29] audit: type=1326 audit(2000000021.640:9254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29131 comm="syz.3.8835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 517.036455][ T29] audit: type=1326 audit(2000000021.670:9255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29135 comm="syz.3.8838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 517.060227][ T29] audit: type=1326 audit(2000000021.670:9256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29135 comm="syz.3.8838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f95a87bd457 code=0x7ffc0000 [ 517.083857][ T29] audit: type=1326 audit(2000000021.670:9257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29135 comm="syz.3.8838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 517.107459][ T29] audit: type=1326 audit(2000000021.670:9258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29135 comm="syz.3.8838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 517.131082][ T29] audit: type=1326 audit(2000000021.670:9259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29135 comm="syz.3.8838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 517.154665][ T29] audit: type=1326 audit(2000000021.670:9260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29135 comm="syz.3.8838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 517.209359][T29144] netlink: 'syz.4.8840': attribute type 16 has an invalid length. [ 517.217421][T29144] netlink: 'syz.4.8840': attribute type 17 has an invalid length. [ 517.259544][T29138] netlink: 'syz.1.8837': attribute type 13 has an invalid length. [ 517.271608][T29144] 8021q: adding VLAN 0 to HW filter on device bond0 [ 517.280080][T29144] 8021q: adding VLAN 0 to HW filter on device team0 [ 517.294554][T29144] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 517.345197][T29154] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8843'. [ 517.471302][T29161] bridge_slave_0: left allmulticast mode [ 517.477054][T29161] bridge_slave_0: left promiscuous mode [ 517.482955][T29161] bridge0: port 1(bridge_slave_0) entered disabled state [ 517.499310][T29161] bridge_slave_1: left allmulticast mode [ 517.505287][T29161] bridge_slave_1: left promiscuous mode [ 517.511036][T29161] bridge0: port 2(bridge_slave_1) entered disabled state [ 517.523242][T29161] bond0: (slave bond_slave_0): Releasing backup interface [ 517.536986][T29161] bond0: (slave bond_slave_1): Releasing backup interface [ 517.552158][T29163] netlink: 'syz.0.8846': attribute type 10 has an invalid length. [ 517.560101][T29163] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8846'. [ 517.577460][T29161] team0: Port device team_slave_0 removed [ 517.594022][T29161] team0: Port device team_slave_1 removed [ 517.607903][T29161] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 517.615533][T29161] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 517.626913][T29161] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 517.634469][T29161] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 517.672352][T29163] batman_adv: batadv0: Adding interface: veth1_vlan [ 517.679107][T29163] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 517.706449][T29163] batman_adv: batadv0: Interface activated: veth1_vlan [ 517.718066][T29182] netlink: 152 bytes leftover after parsing attributes in process `syz.2.8855'. [ 517.847169][T29206] FAULT_INJECTION: forcing a failure. [ 517.847169][T29206] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 517.860311][T29206] CPU: 0 UID: 0 PID: 29206 Comm: syz.4.8864 Not tainted syzkaller #0 PREEMPT(voluntary) [ 517.860340][T29206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 517.860356][T29206] Call Trace: [ 517.860363][T29206] [ 517.860371][T29206] __dump_stack+0x1d/0x30 [ 517.860461][T29206] dump_stack_lvl+0xe8/0x140 [ 517.860486][T29206] dump_stack+0x15/0x1b [ 517.860505][T29206] should_fail_ex+0x265/0x280 [ 517.860526][T29206] should_fail+0xb/0x20 [ 517.860587][T29206] should_fail_usercopy+0x1a/0x20 [ 517.860679][T29206] _copy_from_user+0x1c/0xb0 [ 517.860711][T29206] ___sys_sendmsg+0xc1/0x1d0 [ 517.860752][T29206] __x64_sys_sendmsg+0xd4/0x160 [ 517.860856][T29206] x64_sys_call+0x191e/0x2ff0 [ 517.860883][T29206] do_syscall_64+0xd2/0x200 [ 517.860917][T29206] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 517.860945][T29206] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 517.861033][T29206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.861054][T29206] RIP: 0033:0x7f8d96e2ebe9 [ 517.861073][T29206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 517.861096][T29206] RSP: 002b:00007f8d95897038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 517.861116][T29206] RAX: ffffffffffffffda RBX: 00007f8d97065fa0 RCX: 00007f8d96e2ebe9 [ 517.861128][T29206] RDX: 0000000004000840 RSI: 0000200000000480 RDI: 0000000000000004 [ 517.861220][T29206] RBP: 00007f8d95897090 R08: 0000000000000000 R09: 0000000000000000 [ 517.861232][T29206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 517.861245][T29206] R13: 00007f8d97066038 R14: 00007f8d97065fa0 R15: 00007fff6bd96da8 [ 517.861269][T29206] [ 518.058633][T29212] netlink: 'syz.2.8860': attribute type 13 has an invalid length. [ 518.097156][T29221] veth0_to_team: entered promiscuous mode [ 518.187535][T29209] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8867'. [ 518.296119][T29239] FAULT_INJECTION: forcing a failure. [ 518.296119][T29239] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 518.309311][T29239] CPU: 1 UID: 0 PID: 29239 Comm: syz.3.8877 Not tainted syzkaller #0 PREEMPT(voluntary) [ 518.309338][T29239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 518.309382][T29239] Call Trace: [ 518.309390][T29239] [ 518.309399][T29239] __dump_stack+0x1d/0x30 [ 518.309425][T29239] dump_stack_lvl+0xe8/0x140 [ 518.309494][T29239] dump_stack+0x15/0x1b [ 518.309516][T29239] should_fail_ex+0x265/0x280 [ 518.309586][T29239] should_fail+0xb/0x20 [ 518.309609][T29239] should_fail_usercopy+0x1a/0x20 [ 518.309638][T29239] _copy_from_user+0x1c/0xb0 [ 518.309730][T29239] sock_do_ioctl+0xe6/0x220 [ 518.309766][T29239] sock_ioctl+0x41b/0x610 [ 518.309799][T29239] ? __pfx_sock_ioctl+0x10/0x10 [ 518.309829][T29239] __se_sys_ioctl+0xcb/0x140 [ 518.309875][T29239] __x64_sys_ioctl+0x43/0x50 [ 518.309897][T29239] x64_sys_call+0x1816/0x2ff0 [ 518.309925][T29239] do_syscall_64+0xd2/0x200 [ 518.310013][T29239] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 518.310045][T29239] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 518.310145][T29239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.310176][T29239] RIP: 0033:0x7f95a87bebe9 [ 518.310196][T29239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 518.310219][T29239] RSP: 002b:00007f95a721f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 518.310243][T29239] RAX: ffffffffffffffda RBX: 00007f95a89f5fa0 RCX: 00007f95a87bebe9 [ 518.310322][T29239] RDX: 0000200000000040 RSI: 0000000000008914 RDI: 0000000000000003 [ 518.310338][T29239] RBP: 00007f95a721f090 R08: 0000000000000000 R09: 0000000000000000 [ 518.310414][T29239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 518.310427][T29239] R13: 00007f95a89f6038 R14: 00007f95a89f5fa0 R15: 00007fffb0d51a48 [ 518.310451][T29239] [ 518.495843][T29242] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8874'. [ 518.543011][T29247] netlink: 'syz.3.8880': attribute type 10 has an invalid length. [ 518.550900][T29247] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8880'. [ 518.565202][T29247] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 518.601973][T29232] hsr0 speed is unknown, defaulting to 1000 [ 518.730992][T29254] netlink: 'syz.1.8882': attribute type 10 has an invalid length. [ 518.738902][T29254] netlink: 40 bytes leftover after parsing attributes in process `syz.1.8882'. [ 518.761857][T29254] veth1_vlan: left promiscuous mode [ 518.767899][T29254] batman_adv: batadv0: Adding interface: veth1_vlan [ 518.774599][T29254] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 518.801656][T29254] batman_adv: batadv0: Interface activated: veth1_vlan [ 518.858480][T29256] veth0_to_team: entered promiscuous mode [ 519.099246][T29276] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8891'. [ 519.108214][T29276] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8891'. [ 519.140615][T29274] bridge0: left promiscuous mode [ 519.146789][T29274] 8021q: adding VLAN 0 to HW filter on device bond0 [ 519.161188][T29274] 8021q: adding VLAN 0 to HW filter on device team0 [ 519.181535][T29280] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 519.188107][T29280] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 519.195951][T29280] vhci_hcd vhci_hcd.0: Device attached [ 519.205338][T29274] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 519.211995][T29284] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621 [ 519.262562][T29281] vhci_hcd: connection closed [ 519.262823][ T51] vhci_hcd: stop threads [ 519.271945][ T51] vhci_hcd: release socket [ 519.276429][ T51] vhci_hcd: disconnect device [ 519.317941][T29295] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8898'. [ 519.384337][T29301] can0: slcan on ttyS3. [ 519.471704][T29307] tipc: Enabled bearer , priority 0 [ 519.479318][T29307] syzkaller0: MTU too low for tipc bearer [ 519.485268][T29307] tipc: Disabling bearer [ 519.491246][T29300] can0 (unregistered): slcan off ttyS3. [ 519.546915][T29305] hsr0 speed is unknown, defaulting to 1000 [ 519.696446][T29330] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 519.703766][T29330] IPv6: NLM_F_CREATE should be set when creating new route [ 519.825563][T29332] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 519.832885][T29332] IPv6: NLM_F_CREATE should be set when creating new route [ 519.977781][T29359] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 519.985138][T29359] IPv6: NLM_F_CREATE should be set when creating new route [ 520.026643][T29364] bridge0: entered promiscuous mode [ 520.035485][T29364] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 520.042775][T29364] IPv6: NLM_F_CREATE should be set when creating new route [ 520.064114][T29369] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 520.098256][T29373] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 520.104916][T29373] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 520.112596][T29373] vhci_hcd vhci_hcd.0: Device attached [ 520.124954][T29374] vhci_hcd: connection closed [ 520.125144][ T51] vhci_hcd: stop threads [ 520.134164][ T51] vhci_hcd: release socket [ 520.138583][ T51] vhci_hcd: disconnect device [ 521.052212][T29402] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 521.059492][T29402] IPv6: NLM_F_CREATE should be set when creating new route [ 521.120381][ T36] usb 10-1: device descriptor read/8, error -110 [ 521.241047][ T36] usb 10-1: new SuperSpeed USB device number 43 using vhci_hcd [ 521.290275][ T36] usb 10-1: enqueue for inactive port 0 [ 521.335449][ T36] usb 10-1: enqueue for inactive port 0 [ 521.372097][ T36] usb 10-1: enqueue for inactive port 0 [ 521.424561][T29419] 9pnet_fd: Insufficient options for proto=fd [ 521.666481][T29421] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 521.673043][T29421] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 521.681227][T29421] vhci_hcd vhci_hcd.0: Device attached [ 521.723550][T29421] validate_nla: 3 callbacks suppressed [ 521.723564][T29421] netlink: 'syz.4.8942': attribute type 10 has an invalid length. [ 521.850423][ T36] usb 10-1: SetAddress Request (44) to port 0 [ 521.867371][ T36] usb 10-1: new SuperSpeed USB device number 44 using vhci_hcd [ 522.239889][T29422] vhci_hcd: connection reset by peer [ 522.271467][ T37] vhci_hcd: stop threads [ 522.275743][ T37] vhci_hcd: release socket [ 522.280238][ T37] vhci_hcd: disconnect device [ 522.340413][ T3396] usb usb6-port1: attempt power cycle [ 522.489850][ T29] kauditd_printk_skb: 178 callbacks suppressed [ 522.489867][ T29] audit: type=1326 audit(2000000027.190:9437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29437 comm="syz.3.8949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 522.559864][ T29] audit: type=1326 audit(2000000027.190:9438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29437 comm="syz.3.8949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 522.583452][ T29] audit: type=1326 audit(2000000027.190:9439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29437 comm="syz.3.8949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 522.607084][ T29] audit: type=1326 audit(2000000027.190:9440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29437 comm="syz.3.8949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 522.630638][ T29] audit: type=1326 audit(2000000027.200:9441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29437 comm="syz.3.8949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 522.654189][ T29] audit: type=1326 audit(2000000027.200:9442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29437 comm="syz.3.8949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 522.677632][ T29] audit: type=1326 audit(2000000027.200:9443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29437 comm="syz.3.8949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 522.701667][ T29] audit: type=1326 audit(2000000027.200:9444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29437 comm="syz.3.8949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 522.725145][ T29] audit: type=1326 audit(2000000027.200:9445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29437 comm="syz.3.8949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 522.748692][ T29] audit: type=1326 audit(2000000027.200:9446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29437 comm="syz.3.8949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f95a87bebe9 code=0x7ffc0000 [ 522.953039][T29449] bond0: (slave batadv_slave_0): Releasing backup interface [ 522.963269][T29449] batman_adv: batadv0: Removing interface: veth1_vlan [ 522.983977][T29449] netlink: 'syz.4.8952': attribute type 10 has an invalid length. [ 522.991877][T29449] __nla_validate_parse: 15 callbacks suppressed [ 522.991890][T29449] netlink: 40 bytes leftover after parsing attributes in process `syz.4.8952'. [ 523.009029][T29449] batman_adv: batadv0: Adding interface: veth1_vlan [ 523.015753][T29449] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 523.043501][T29449] batman_adv: batadv0: Interface activated: veth1_vlan [ 523.063821][T29454] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8954'. [ 523.074298][T29454] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 523.081631][T29454] IPv6: NLM_F_CREATE should be set when creating new route [ 523.122740][T29461] netlink: 'syz.4.8957': attribute type 16 has an invalid length. [ 523.156186][T29467] tipc: Enabled bearer , priority 0 [ 523.333375][T29476] netlink: 'syz.3.8964': attribute type 10 has an invalid length. [ 523.341258][T29476] netlink: 156 bytes leftover after parsing attributes in process `syz.3.8964'. [ 523.351067][T29476] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8964'. [ 523.430235][T29478] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 523.436873][T29478] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 523.445107][T29478] vhci_hcd vhci_hcd.0: Device attached [ 523.475427][T29478] netlink: 'syz.1.8963': attribute type 10 has an invalid length. [ 523.487349][T29478] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 523.525412][T29483] netlink: 'syz.3.8965': attribute type 10 has an invalid length. [ 523.533271][T29483] netlink: 156 bytes leftover after parsing attributes in process `syz.3.8965'. [ 523.543197][T29483] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8965'. [ 523.633656][T29487] netlink: 'syz.3.8967': attribute type 10 has an invalid length. [ 523.641558][T29487] netlink: 156 bytes leftover after parsing attributes in process `syz.3.8967'. [ 523.652533][T29487] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8967'. [ 523.740266][ T3401] usb 4-1: SetAddress Request (27) to port 0 [ 523.750343][ T3401] usb 4-1: new SuperSpeed USB device number 27 using vhci_hcd [ 523.814282][T29491] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8969'. [ 523.844091][T29491] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 523.861967][T29489] tipc: New replicast peer: 255.255.255.255 [ 523.868072][T29489] tipc: Enabled bearer , priority 10 [ 523.900315][T29494] netlink: 'syz.0.8970': attribute type 16 has an invalid length. [ 523.954773][T29496] tipc: Started in network mode [ 523.959855][T29496] tipc: Node identity ee28c5c96eda, cluster identity 4711 [ 523.967257][T29496] tipc: Enabled bearer , priority 0 [ 523.974695][T29495] tipc: Resetting bearer [ 523.988889][T29495] tipc: Disabling bearer [ 523.998978][T29504] FAULT_INJECTION: forcing a failure. [ 523.998978][T29504] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 524.012187][T29504] CPU: 0 UID: 0 PID: 29504 Comm: syz.4.8975 Not tainted syzkaller #0 PREEMPT(voluntary) [ 524.012257][T29504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 524.012273][T29504] Call Trace: [ 524.012280][T29504] [ 524.012361][T29504] __dump_stack+0x1d/0x30 [ 524.012385][T29504] dump_stack_lvl+0xe8/0x140 [ 524.012409][T29504] dump_stack+0x15/0x1b [ 524.012430][T29504] should_fail_ex+0x265/0x280 [ 524.012457][T29504] should_fail+0xb/0x20 [ 524.012479][T29504] should_fail_usercopy+0x1a/0x20 [ 524.012545][T29504] _copy_to_user+0x20/0xa0 [ 524.012669][T29504] simple_read_from_buffer+0xb5/0x130 [ 524.012695][T29504] proc_fail_nth_read+0x10e/0x150 [ 524.012810][T29504] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 524.012854][T29504] vfs_read+0x1a8/0x770 [ 524.012873][T29504] ? __rcu_read_unlock+0x4f/0x70 [ 524.012898][T29504] ? __fget_files+0x184/0x1c0 [ 524.012992][T29504] ksys_read+0xda/0x1a0 [ 524.013041][T29504] __x64_sys_read+0x40/0x50 [ 524.013134][T29504] x64_sys_call+0x27bc/0x2ff0 [ 524.013183][T29504] do_syscall_64+0xd2/0x200 [ 524.013208][T29504] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 524.013229][T29504] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 524.013327][T29504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.013346][T29504] RIP: 0033:0x7f8d96e2d5fc [ 524.013359][T29504] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 524.013374][T29504] RSP: 002b:00007f8d95897030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 524.013390][T29504] RAX: ffffffffffffffda RBX: 00007f8d97065fa0 RCX: 00007f8d96e2d5fc [ 524.013451][T29504] RDX: 000000000000000f RSI: 00007f8d958970a0 RDI: 0000000000000006 [ 524.013462][T29504] RBP: 00007f8d95897090 R08: 0000000000000000 R09: 0000000000000000 [ 524.013553][T29504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 524.013563][T29504] R13: 00007f8d97066038 R14: 00007f8d97065fa0 R15: 00007fff6bd96da8 [ 524.013581][T29504] [ 524.219390][T29505] netlink: 'syz.3.8974': attribute type 13 has an invalid length. [ 524.223652][T18498] tipc: Node number set to 1214683811 [ 524.246732][T29479] vhci_hcd: connection reset by peer [ 524.257934][ T37] vhci_hcd: stop threads [ 524.262225][ T37] vhci_hcd: release socket [ 524.266644][ T37] vhci_hcd: disconnect device [ 524.346497][T29515] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 524.353764][T29515] IPv6: NLM_F_CREATE should be set when creating new route [ 524.450519][ T3396] usb usb6-port1: unable to enumerate USB device [ 524.458044][T29388] vhci_hcd: default hub control req: 1000 v0000 i0000 l0 [ 524.465928][T29519] FAULT_INJECTION: forcing a failure. [ 524.465928][T29519] name failslab, interval 1, probability 0, space 0, times 0 [ 524.475804][T29518] hsr0 speed is unknown, defaulting to 1000 [ 524.478676][T29519] CPU: 1 UID: 0 PID: 29519 Comm: syz.4.8977 Not tainted syzkaller #0 PREEMPT(voluntary) [ 524.478836][T29519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 524.478853][T29519] Call Trace: [ 524.478862][T29519] [ 524.478872][T29519] __dump_stack+0x1d/0x30 [ 524.478898][T29519] dump_stack_lvl+0xe8/0x140 [ 524.478922][T29519] dump_stack+0x15/0x1b [ 524.478996][T29519] should_fail_ex+0x265/0x280 [ 524.479042][T29519] should_failslab+0x8c/0xb0 [ 524.479075][T29519] kmem_cache_alloc_lru_noprof+0x55/0x310 [ 524.479114][T29519] ? shmem_alloc_inode+0x34/0x50 [ 524.479165][T29519] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 524.479195][T29519] shmem_alloc_inode+0x34/0x50 [ 524.479221][T29519] alloc_inode+0x3d/0x170 [ 524.479252][T29519] new_inode+0x1d/0xe0 [ 524.479284][T29519] shmem_get_inode+0x244/0x750 [ 524.479352][T29519] __shmem_file_setup+0x113/0x210 [ 524.479397][T29519] shmem_file_setup+0x3b/0x50 [ 524.479442][T29519] __se_sys_memfd_create+0x2c3/0x590 [ 524.479473][T29519] __x64_sys_memfd_create+0x31/0x40 [ 524.479518][T29519] x64_sys_call+0x2abe/0x2ff0 [ 524.479546][T29519] do_syscall_64+0xd2/0x200 [ 524.479660][T29519] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 524.479693][T29519] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 524.479756][T29519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.479785][T29519] RIP: 0033:0x7f8d96e2ebe9 [ 524.479806][T29519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 524.479830][T29519] RSP: 002b:00007f8d95854e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 524.479855][T29519] RAX: ffffffffffffffda RBX: 0000000000000a29 RCX: 00007f8d96e2ebe9 [ 524.479913][T29519] RDX: 00007f8d95854ef0 RSI: 0000000000000000 RDI: 00007f8d96eb27e8 [ 524.479982][T29519] RBP: 0000200000001800 R08: 00007f8d95854bb7 R09: 00007f8d95854e40 [ 524.479999][T29519] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000640 [ 524.480016][T29519] R13: 00007f8d95854ef0 R14: 00007f8d95854eb0 R15: 00002000000003c0 [ 524.480041][T29519] [ 524.703616][T29520] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8981'. [ 524.910242][ T10] tipc: Node number set to 4267577798 [ 525.248240][T29550] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 525.255467][T29550] batman_adv: batadv0: Removing interface: veth1_vlan [ 525.312745][T29550] netlink: 'syz.4.8991': attribute type 10 has an invalid length. [ 525.332698][T29550] batman_adv: batadv0: Adding interface: veth1_vlan [ 525.339357][T29550] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 525.365517][T29550] batman_adv: batadv0: Interface activated: veth1_vlan [ 525.373729][T29556] dummy0: entered allmulticast mode [ 525.379408][T29556] dummy0: left allmulticast mode [ 525.394417][T29556] 9pnet: Could not find request transport: xen [ 525.478942][T29559] tipc: Enabled bearer , priority 0 [ 525.497088][T29559] tipc: Disabling bearer [ 525.517728][T29561] hsr0 speed is unknown, defaulting to 1000 [ 525.913513][T29572] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 525.920128][T29572] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 525.928366][T29572] vhci_hcd vhci_hcd.0: Device attached [ 526.097215][T29577] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 526.151151][T29577] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 526.210258][T18498] usb 6-1: SetAddress Request (46) to port 0 [ 526.217452][T18498] usb 6-1: new SuperSpeed USB device number 46 using vhci_hcd [ 526.233696][T29581] hsr0 speed is unknown, defaulting to 1000 [ 526.389220][T29591] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 526.404577][T29593] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 526.413794][T29591] tipc: Resetting bearer [ 526.489958][T29573] vhci_hcd: connection reset by peer [ 526.503741][ T37] vhci_hcd: stop threads [ 526.508032][ T37] vhci_hcd: release socket [ 526.512515][ T37] vhci_hcd: disconnect device [ 526.667243][T29599] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 526.715018][T29600] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 526.722459][T29600] batman_adv: batadv0: Removing interface: veth1_vlan [ 526.740449][T29601] batman_adv: batadv0: Adding interface: veth1_vlan [ 526.747101][T29601] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 526.778046][T29601] batman_adv: batadv0: Interface activated: veth1_vlan [ 526.871201][T29603] hsr0 speed is unknown, defaulting to 1000 [ 526.970368][ T36] usb 10-1: device descriptor read/8, error -110 [ 527.080221][ T36] usb 10-1: new SuperSpeed USB device number 44 using vhci_hcd [ 527.100279][ T36] usb 10-1: enqueue for inactive port 0 [ 527.105905][ T36] usb 10-1: enqueue for inactive port 0 [ 527.115365][T29612] bond0: (slave batadv_slave_0): Releasing backup interface [ 527.120272][ T36] usb 10-1: enqueue for inactive port 0 [ 527.128998][T29612] batman_adv: batadv0: Removing interface: veth1_vlan [ 527.230352][ T36] usb usb10-port1: attempt power cycle [ 527.252714][T29612] 9pnet_fd: Insufficient options for proto=fd [ 527.264440][T29612] validate_nla: 4 callbacks suppressed [ 527.264457][T29612] netlink: 'syz.1.9009': attribute type 10 has an invalid length. [ 527.280584][T29612] batman_adv: batadv0: Adding interface: veth1_vlan [ 527.287220][T29612] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 527.314852][T29612] batman_adv: batadv0: Interface activated: veth1_vlan [ 527.607291][T29619] hsr0 speed is unknown, defaulting to 1000 [ 527.654991][ T29] kauditd_printk_skb: 76 callbacks suppressed [ 527.655009][ T29] audit: type=1326 audit(2000000032.360:9523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29625 comm="syz.2.9015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a7d24ebe9 code=0x7ffc0000 [ 527.704268][T29632] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 527.710227][ T29] audit: type=1326 audit(2000000032.400:9524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29625 comm="syz.2.9015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=332 compat=0 ip=0x7f5a7d24ebe9 code=0x7ffc0000 [ 527.735238][ T29] audit: type=1326 audit(2000000032.400:9525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29625 comm="syz.2.9015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a7d24ebe9 code=0x7ffc0000 [ 527.735279][ T29] audit: type=1326 audit(2000000032.400:9526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29625 comm="syz.2.9015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a7d24ebe9 code=0x7ffc0000 [ 527.735642][T29634] FAULT_INJECTION: forcing a failure. [ 527.735642][T29634] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 527.735674][T29634] CPU: 0 UID: 0 PID: 29634 Comm: syz.2.9017 Not tainted syzkaller #0 PREEMPT(voluntary) [ 527.735760][T29634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 527.735827][T29634] Call Trace: [ 527.735835][T29634] [ 527.735853][T29634] __dump_stack+0x1d/0x30 [ 527.735879][T29634] dump_stack_lvl+0xe8/0x140 [ 527.735955][T29634] dump_stack+0x15/0x1b [ 527.735977][T29634] should_fail_ex+0x265/0x280 [ 527.736003][T29634] should_fail+0xb/0x20 [ 527.736026][T29634] should_fail_usercopy+0x1a/0x20 [ 527.736072][T29634] _copy_from_user+0x1c/0xb0 [ 527.736101][T29634] memdup_user_nul+0x5f/0xe0 [ 527.736187][T29634] sel_commit_bools_write+0xd2/0x270 [ 527.736221][T29634] vfs_writev+0x403/0x8b0 [ 527.736249][T29634] ? __pfx_sel_commit_bools_write+0x10/0x10 [ 527.736324][T29634] ? mutex_lock+0xd/0x30 [ 527.736355][T29634] do_writev+0xe7/0x210 [ 527.736394][T29634] __x64_sys_writev+0x45/0x50 [ 527.736425][T29634] x64_sys_call+0x1e9a/0x2ff0 [ 527.736530][T29634] do_syscall_64+0xd2/0x200 [ 527.736568][T29634] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 527.736601][T29634] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 527.736637][T29634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 527.736721][T29634] RIP: 0033:0x7f5a7d24ebe9 [ 527.736739][T29634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 527.736761][T29634] RSP: 002b:00007f5a7bcaf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 527.736784][T29634] RAX: ffffffffffffffda RBX: 00007f5a7d485fa0 RCX: 00007f5a7d24ebe9 [ 527.736797][T29634] RDX: 0000000000000001 RSI: 00002000000025c0 RDI: 0000000000000005 [ 527.736809][T29634] RBP: 00007f5a7bcaf090 R08: 0000000000000000 R09: 0000000000000000 [ 527.736821][T29634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 527.736883][T29634] R13: 00007f5a7d486038 R14: 00007f5a7d485fa0 R15: 00007ffee45b25c8 [ 527.736907][T29634] [ 527.882776][T29639] 9pnet_fd: Insufficient options for proto=fd [ 527.884202][T29639] netlink: 'syz.0.9018': attribute type 10 has an invalid length. [ 527.904898][T29636] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 527.991411][T29644] netlink: 'syz.3.9021': attribute type 10 has an invalid length. [ 527.997335][T29636] batman_adv: batadv0: Removing interface: veth1_vlan [ 528.005356][T29644] __nla_validate_parse: 11 callbacks suppressed [ 528.005373][T29644] netlink: 156 bytes leftover after parsing attributes in process `syz.3.9021'. [ 528.081478][T29639] batman_adv: batadv0: Adding interface: veth1_vlan [ 528.088121][T29639] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 528.116051][T29639] batman_adv: batadv0: Interface activated: veth1_vlan [ 528.184202][T29658] 9pnet_fd: Insufficient options for proto=fd [ 528.192562][T29658] netlink: 'syz.3.9026': attribute type 10 has an invalid length. [ 528.200484][T29658] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9026'. [ 528.221656][T29658] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 528.243252][T29666] netlink: 'syz.0.9029': attribute type 16 has an invalid length. [ 528.251145][T29666] netlink: 'syz.0.9029': attribute type 17 has an invalid length. [ 528.275622][T29663] netlink: 'syz.1.9028': attribute type 10 has an invalid length. [ 528.283538][T29663] netlink: 156 bytes leftover after parsing attributes in process `syz.1.9028'. [ 528.307520][T29666] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 528.367360][T29673] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9032'. [ 528.381226][T29678] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9033'. [ 528.436033][T29684] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9037'. [ 528.445065][T29684] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9037'. [ 528.478237][T29691] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 528.536482][T29695] tipc: Started in network mode [ 528.541496][T29695] tipc: Node identity c274bcc4c489, cluster identity 4711 [ 528.548826][T29695] tipc: Enabled bearer , priority 0 [ 528.569936][T29694] tipc: Resetting bearer [ 528.585382][T29694] tipc: Disabling bearer [ 528.592339][T29703] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 528.599422][T29703] batman_adv: batadv0: Removing interface: veth1_vlan [ 528.637583][T29707] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9045'. [ 528.658456][T29705] hsr0 speed is unknown, defaulting to 1000 [ 528.666341][T29709] netlink: 'syz.0.9043': attribute type 13 has an invalid length. [ 528.722877][ T29] audit: type=1326 audit(2000000033.430:9527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29711 comm="syz.1.9047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4005f1ebe9 code=0x7ffc0000 [ 528.759133][T29713] netlink: 'syz.2.9046': attribute type 13 has an invalid length. [ 528.769484][ T29] audit: type=1326 audit(2000000033.430:9528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29711 comm="syz.1.9047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4005f1ebe9 code=0x7ffc0000 [ 528.777615][T29715] netlink: 20 bytes leftover after parsing attributes in process `syz.1.9048'. [ 528.793323][ T29] audit: type=1326 audit(2000000033.430:9529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29711 comm="syz.1.9047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4005f1ebe9 code=0x7ffc0000 [ 528.825907][ T29] audit: type=1326 audit(2000000033.430:9530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29711 comm="syz.1.9047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4005f1ebe9 code=0x7ffc0000 [ 528.849513][ T29] audit: type=1326 audit(2000000033.430:9531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29711 comm="syz.1.9047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4005f1ebe9 code=0x7ffc0000 [ 528.873068][ T29] audit: type=1326 audit(2000000033.430:9532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29711 comm="syz.1.9047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4005f1ebe9 code=0x7ffc0000 [ 528.897070][ T3401] usb 4-1: device descriptor read/8, error -110 [ 528.931714][T29709] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 528.982089][ T1724] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.010217][ T3401] usb 4-1: new SuperSpeed USB device number 27 using vhci_hcd [ 529.029273][ T1724] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.038537][ T1724] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.040332][ T3401] usb 4-1: enqueue for inactive port 0 [ 529.053075][ T1724] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.065522][ T3401] usb 4-1: enqueue for inactive port 0 [ 529.082457][ T3401] usb 4-1: enqueue for inactive port 0 [ 529.122007][T29730] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 529.128700][T29730] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 529.136514][T29730] vhci_hcd vhci_hcd.0: Device attached [ 529.140914][ T36] usb usb10-port1: unable to enumerate USB device [ 529.148762][T29731] vhci_hcd: connection closed [ 529.148905][ T2025] vhci_hcd: stop threads [ 529.158015][ T2025] vhci_hcd: release socket [ 529.162609][ T2025] vhci_hcd: disconnect device [ 529.198099][T29735] tipc: Enabled bearer , priority 0 [ 529.205476][T29734] tipc: Resetting bearer [ 529.220108][T29734] tipc: Disabling bearer [ 529.368056][T29739] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9055'. [ 529.630523][T29761] tipc: Enabled bearer , priority 0 [ 529.638328][T29760] tipc: Resetting bearer [ 529.652422][T29760] tipc: Disabling bearer [ 529.745644][T29773] netlink: 'syz.2.9068': attribute type 16 has an invalid length. [ 529.786837][T29773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 529.796939][T29773] 8021q: adding VLAN 0 to HW filter on device team0 [ 529.807518][T29773] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 529.824574][T29768] tipc: Enabled bearer , priority 0 [ 529.839804][T29775] tipc: Disabling bearer [ 529.883317][T29779] FAULT_INJECTION: forcing a failure. [ 529.883317][T29779] name failslab, interval 1, probability 0, space 0, times 0 [ 529.896093][T29779] CPU: 1 UID: 0 PID: 29779 Comm: +}[@ Not tainted syzkaller #0 PREEMPT(voluntary) [ 529.896130][T29779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 529.896145][T29779] Call Trace: [ 529.896151][T29779] [ 529.896157][T29779] __dump_stack+0x1d/0x30 [ 529.896182][T29779] dump_stack_lvl+0xe8/0x140 [ 529.896270][T29779] dump_stack+0x15/0x1b [ 529.896287][T29779] should_fail_ex+0x265/0x280 [ 529.896344][T29779] should_failslab+0x8c/0xb0 [ 529.896375][T29779] __kvmalloc_node_noprof+0x123/0x4e0 [ 529.896413][T29779] ? traverse+0x9d/0x3a0 [ 529.896591][T29779] traverse+0x9d/0x3a0 [ 529.896708][T29779] ? path_openat+0x1bf8/0x2170 [ 529.896735][T29779] seq_read_iter+0x853/0x940 [ 529.896843][T29779] ? _parse_integer+0x27/0x40 [ 529.896867][T29779] seq_read+0x270/0x2b0 [ 529.896900][T29779] ? __pfx_seq_read+0x10/0x10 [ 529.896993][T29779] vfs_readv+0x3fb/0x690 [ 529.897039][T29779] __x64_sys_preadv+0xfd/0x1c0 [ 529.897067][T29779] x64_sys_call+0x282a/0x2ff0 [ 529.897121][T29779] do_syscall_64+0xd2/0x200 [ 529.897168][T29779] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 529.897197][T29779] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 529.897224][T29779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.897274][T29779] RIP: 0033:0x7f5a7d24ebe9 [ 529.897315][T29779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 529.897333][T29779] RSP: 002b:00007f5a7bcaf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 529.897351][T29779] RAX: ffffffffffffffda RBX: 00007f5a7d485fa0 RCX: 00007f5a7d24ebe9 [ 529.897363][T29779] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003 [ 529.897416][T29779] RBP: 00007f5a7bcaf090 R08: 0000000000000000 R09: 0000000000000000 [ 529.897428][T29779] R10: 000000000000012e R11: 0000000000000246 R12: 0000000000000001 [ 529.897440][T29779] R13: 00007f5a7d486038 R14: 00007f5a7d485fa0 R15: 00007ffee45b25c8 [ 529.897460][T29779] [ 530.157968][T29789] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 530.164537][T29789] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 530.172252][T29789] vhci_hcd vhci_hcd.0: Device attached [ 530.186751][T29790] vhci_hcd: connection closed [ 530.187122][ T37] vhci_hcd: stop threads [ 530.196162][ T37] vhci_hcd: release socket [ 530.200706][ T37] vhci_hcd: disconnect device [ 530.255035][T29797] tipc: Enabling of bearer rejected, already enabled [ 530.301183][ T3401] usb usb4-port1: attempt power cycle [ 530.332778][T29803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 530.341746][T29803] 8021q: adding VLAN 0 to HW filter on device team0 [ 530.354932][T29803] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 530.448834][T29815] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 530.456162][T29815] IPv6: NLM_F_CREATE should be set when creating new route [ 530.516407][T29822] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 530.523046][T29822] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 530.530959][T29822] vhci_hcd vhci_hcd.0: Device attached [ 530.561492][T29823] vhci_hcd: connection closed [ 530.561687][ T37] vhci_hcd: stop threads [ 530.571291][ T37] vhci_hcd: release socket [ 530.575727][ T37] vhci_hcd: disconnect device [ 530.583066][T29826] tipc: Enabled bearer , priority 0 [ 530.590614][T29825] tipc: Resetting bearer [ 530.602524][T29825] tipc: Disabling bearer [ 530.801579][T29843] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 530.808889][T29843] IPv6: NLM_F_CREATE should be set when creating new route [ 530.922222][T29852] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 531.490240][T18498] usb 6-1: device descriptor read/8, error -110 [ 531.576475][T29881] FAULT_INJECTION: forcing a failure. [ 531.576475][T29881] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 531.589753][T29881] CPU: 1 UID: 0 PID: 29881 Comm: syz.0.9115 Not tainted syzkaller #0 PREEMPT(voluntary) [ 531.589786][T29881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 531.589808][T29881] Call Trace: [ 531.589814][T29881] [ 531.589821][T29881] __dump_stack+0x1d/0x30 [ 531.589893][T29881] dump_stack_lvl+0xe8/0x140 [ 531.589918][T29881] dump_stack+0x15/0x1b [ 531.589940][T29881] should_fail_ex+0x265/0x280 [ 531.589962][T29881] should_fail+0xb/0x20 [ 531.589979][T29881] should_fail_usercopy+0x1a/0x20 [ 531.590007][T29881] strncpy_from_user+0x25/0x230 [ 531.590046][T29881] ? kmem_cache_alloc_noprof+0x186/0x310 [ 531.590083][T29881] ? getname_flags+0x80/0x3b0 [ 531.590112][T29881] getname_flags+0xae/0x3b0 [ 531.590186][T29881] __x64_sys_rename+0x33/0x70 [ 531.590219][T29881] x64_sys_call+0x1f9/0x2ff0 [ 531.590245][T29881] do_syscall_64+0xd2/0x200 [ 531.590279][T29881] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 531.590444][T29881] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 531.590480][T29881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.590507][T29881] RIP: 0033:0x7ff80d18ebe9 [ 531.590525][T29881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 531.590604][T29881] RSP: 002b:00007ff80bbef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 531.590628][T29881] RAX: ffffffffffffffda RBX: 00007ff80d3c5fa0 RCX: 00007ff80d18ebe9 [ 531.590643][T29881] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 531.590659][T29881] RBP: 00007ff80bbef090 R08: 0000000000000000 R09: 0000000000000000 [ 531.590673][T29881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 531.590754][T29881] R13: 00007ff80d3c6038 R14: 00007ff80d3c5fa0 R15: 00007fff8f0f3258 [ 531.590848][T29881] [ 531.775283][T18498] usb 6-1: new SuperSpeed USB device number 46 using vhci_hcd [ 531.841106][T18498] usb 6-1: enqueue for inactive port 0 [ 531.846642][T18498] usb 6-1: enqueue for inactive port 0 [ 531.852349][T18498] usb 6-1: enqueue for inactive port 0 [ 531.977057][T29907] veth1_vlan: left promiscuous mode [ 531.983205][T29907] batman_adv: batadv0: Adding interface: veth1_vlan [ 531.989872][T29907] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 532.015944][T29907] batman_adv: batadv0: Interface activated: veth1_vlan [ 532.114088][T29920] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 532.660645][ T3401] usb usb4-port1: unable to enumerate USB device [ 532.696568][T29953] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 532.818143][ T29] kauditd_printk_skb: 77 callbacks suppressed [ 532.818163][ T29] audit: type=1326 audit(2000000037.520:9610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29954 comm="syz.0.9139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff80d18ebe9 code=0x7ffc0000 [ 532.848187][ T29] audit: type=1326 audit(2000000037.520:9611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29954 comm="syz.0.9139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff80d18ebe9 code=0x7ffc0000 [ 532.871873][ T29] audit: type=1326 audit(2000000037.530:9612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29954 comm="syz.0.9139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7ff80d18ebe9 code=0x7ffc0000 [ 532.895475][ T29] audit: type=1326 audit(2000000037.530:9613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29954 comm="syz.0.9139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff80d18ebe9 code=0x7ffc0000 [ 532.919008][ T29] audit: type=1326 audit(2000000037.530:9614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29954 comm="syz.0.9139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff80d18ebe9 code=0x7ffc0000 [ 532.942789][ T29] audit: type=1326 audit(2000000037.530:9615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29954 comm="syz.0.9139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff80d18ebe9 code=0x7ffc0000 [ 532.966503][ T29] audit: type=1326 audit(2000000037.530:9616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29954 comm="syz.0.9139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff80d18ebe9 code=0x7ffc0000 [ 532.990014][ T29] audit: type=1400 audit(2000000037.530:9617): avc: denied { create } for pid=29954 comm="syz.0.9139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 533.009851][ T29] audit: type=1326 audit(2000000037.530:9618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29954 comm="syz.0.9139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff80d18ebe9 code=0x7ffc0000 [ 533.033811][ T29] audit: type=1326 audit(2000000037.530:9619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29954 comm="syz.0.9139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff80d18ebe9 code=0x7ffc0000 [ 533.108802][T18498] usb usb6-port1: attempt power cycle [ 533.122703][ T51] bond0 (unregistering): Released all slaves [ 533.131208][ T51] bond1 (unregistering): Released all slaves [ 533.139031][T29924] hsr0 speed is unknown, defaulting to 1000 [ 533.141142][T29966] batman_adv: batadv0: Removing interface: veth1_vlan [ 533.157249][T29966] 9pnet_fd: Insufficient options for proto=fd [ 533.169123][ T51] tipc: Disabling bearer [ 533.174466][ T51] tipc: Left network mode [ 533.180123][T29966] validate_nla: 6 callbacks suppressed [ 533.185733][T29966] netlink: 'syz.4.9143': attribute type 10 has an invalid length. [ 533.193671][T29966] __nla_validate_parse: 26 callbacks suppressed [ 533.193686][T29966] netlink: 40 bytes leftover after parsing attributes in process `syz.4.9143'. [ 533.232797][T29966] batman_adv: batadv0: Adding interface: veth1_vlan [ 533.239469][T29966] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 533.300446][T29966] batman_adv: batadv0: Interface activated: veth1_vlan [ 533.315171][ T51] hsr_slave_0: left promiscuous mode [ 533.322657][ T51] hsr_slave_1: left promiscuous mode [ 533.389345][ T2025] smc: removing ib device syz! [ 533.428198][T29924] chnl_net:caif_netlink_parms(): no params data found [ 533.530986][T29924] bridge0: port 1(bridge_slave_0) entered blocking state [ 533.538124][T29924] bridge0: port 1(bridge_slave_0) entered disabled state [ 533.588422][T29924] bridge_slave_0: entered allmulticast mode [ 533.616034][T29924] bridge_slave_0: entered promiscuous mode [ 533.639892][T29924] bridge0: port 2(bridge_slave_1) entered blocking state [ 533.647041][T29924] bridge0: port 2(bridge_slave_1) entered disabled state [ 533.671986][T29999] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9154'. [ 533.681156][T29999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9154'. [ 533.726672][T30001] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 533.767605][T29924] bridge_slave_1: entered allmulticast mode [ 533.781074][T29924] bridge_slave_1: entered promiscuous mode [ 533.837888][T29924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 533.869062][T29924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 533.974658][T29924] team0: Port device team_slave_0 added [ 534.004454][T29924] team0: Port device team_slave_1 added [ 534.268140][T29924] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 534.275289][T29924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 534.301217][T29924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 534.678518][T30015] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9159'. [ 534.714236][T29924] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 534.721283][T29924] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 534.747214][T29924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 534.777187][T29924] hsr_slave_0: entered promiscuous mode [ 534.783281][T29924] hsr_slave_1: entered promiscuous mode [ 534.789182][T29924] debugfs: 'hsr0' already exists in 'hsr' [ 534.795037][T29924] Cannot create hsr debugfs directory [ 534.995967][T30037] netlink: 'syz.2.9166': attribute type 16 has an invalid length. [ 535.003947][T30037] netlink: 'syz.2.9166': attribute type 17 has an invalid length. [ 535.027979][T30039] tipc: Enabled bearer , priority 0 [ 535.043327][T30037] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 535.071892][T30029] tipc: Resetting bearer [ 535.095395][T30029] tipc: Disabling bearer [ 535.115004][T30047] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9170'. [ 535.125920][T30047] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 535.211917][T30059] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 535.214560][T29924] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 535.218473][T30059] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 535.218539][T30059] vhci_hcd vhci_hcd.0: Device attached [ 535.242529][T29924] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 535.249410][T30060] vhci_hcd: connection closed [ 535.251500][ T2025] vhci_hcd: stop threads [ 535.260512][ T2025] vhci_hcd: release socket [ 535.264941][ T2025] vhci_hcd: disconnect device [ 535.278896][T29924] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 535.295211][T29924] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 535.339760][T29924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 535.352684][T29924] 8021q: adding VLAN 0 to HW filter on device team0 [ 535.364828][ T2025] bridge0: port 1(bridge_slave_0) entered blocking state [ 535.372143][ T2025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 535.384783][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 535.391963][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 535.560724][T18498] usb usb6-port1: unable to enumerate USB device [ 535.706378][T29924] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 535.862143][T29924] veth0_vlan: entered promiscuous mode [ 535.870524][T29924] veth1_vlan: entered promiscuous mode [ 535.887114][T29924] veth0_macvtap: entered promiscuous mode [ 535.895039][T29924] veth1_macvtap: entered promiscuous mode [ 535.908643][T29924] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 535.919758][T30092] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9188'. [ 535.923897][T29924] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 535.940009][ T51] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 535.957390][ T51] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 535.974888][ T51] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 535.992655][ T51] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 536.072992][T30104] tipc: Started in network mode [ 536.078018][T30104] tipc: Node identity ce3ee580fe25, cluster identity 4711 [ 536.085348][T30104] tipc: Enabled bearer , priority 0 [ 536.152074][T30109] tipc: Enabled bearer , priority 0 [ 536.160692][T30103] tipc: Resetting bearer [ 536.191195][T30103] tipc: Disabling bearer [ 536.223072][T30109] tipc: Disabling bearer [ 536.238409][T30115] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 536.245562][T30115] batman_adv: batadv0: Removing interface: veth1_vlan [ 536.258717][T30115] 9pnet_fd: Insufficient options for proto=fd [ 536.268505][T30115] netlink: 'syz.4.9186': attribute type 10 has an invalid length. [ 536.276458][T30115] netlink: 40 bytes leftover after parsing attributes in process `syz.4.9186'. [ 536.299575][T30115] batman_adv: batadv0: Adding interface: veth1_vlan [ 536.306358][T30115] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 536.334092][T30115] batman_adv: batadv0: Interface activated: veth1_vlan [ 536.363026][T30129] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9191'. [ 536.365788][T30121] hsr0 speed is unknown, defaulting to 1000 [ 536.439279][T30131] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9195'. [ 536.454873][T30144] netlink: 'syz.2.9197': attribute type 16 has an invalid length. [ 536.463155][T30144] netlink: 'syz.2.9197': attribute type 17 has an invalid length. [ 536.501974][T30118] hsr0 speed is unknown, defaulting to 1000 [ 536.509235][T30144] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 536.596676][T30157] tipc: Enabled bearer , priority 0 [ 536.607008][T30156] tipc: Resetting bearer [ 536.619060][T30156] tipc: Disabling bearer [ 536.649271][T30165] netlink: 'syz.4.9202': attribute type 16 has an invalid length. [ 536.657318][T30165] netlink: 'syz.4.9202': attribute type 17 has an invalid length. [ 536.668067][ T51] tipc: Resetting bearer [ 536.709861][T30170] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 536.716486][T30170] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 536.724223][T30170] vhci_hcd vhci_hcd.0: Device attached [ 536.735361][T30171] vhci_hcd: connection closed [ 536.735467][ T2025] vhci_hcd: stop threads [ 536.744532][ T2025] vhci_hcd: release socket [ 536.748961][ T2025] vhci_hcd: disconnect device [ 536.791636][ T51] tipc: Disabling bearer [ 536.842175][ T51] bond0 (unregistering): Released all slaves [ 536.850456][ T51] bond1 (unregistering): Released all slaves [ 536.858714][ T51] bond2 (unregistering): Released all slaves [ 536.867141][ T51] bond3 (unregistering): Released all slaves [ 536.886565][T30165] 8021q: adding VLAN 0 to HW filter on device bond0 [ 536.896413][T30165] 8021q: adding VLAN 0 to HW filter on device team0 [ 536.906517][T30165] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 536.924454][T30118] chnl_net:caif_netlink_parms(): no params data found [ 536.936751][ T51] tipc: Left network mode [ 536.963330][ T51] hsr_slave_0: left promiscuous mode [ 536.969509][ T51] hsr_slave_1: left promiscuous mode [ 537.067920][T30118] bridge0: port 1(bridge_slave_0) entered blocking state [ 537.075231][T30118] bridge0: port 1(bridge_slave_0) entered disabled state [ 537.082971][T30118] bridge_slave_0: entered allmulticast mode [ 537.089649][T30118] bridge_slave_0: entered promiscuous mode [ 537.097664][T30118] bridge0: port 2(bridge_slave_1) entered blocking state [ 537.104886][T30118] bridge0: port 2(bridge_slave_1) entered disabled state [ 537.112092][T30118] bridge_slave_1: entered allmulticast mode [ 537.118968][T30118] bridge_slave_1: entered promiscuous mode [ 537.153182][T30118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 537.168919][T30118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 537.194111][T30118] team0: Port device team_slave_0 added [ 537.203000][T30118] team0: Port device team_slave_1 added [ 537.222655][T30118] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 537.229647][T30118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 537.255683][T30118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 537.267044][T30118] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 537.274165][T30118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 537.300396][T30118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 537.311221][T30191] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9209'. [ 537.358284][T30118] hsr_slave_0: entered promiscuous mode [ 537.372105][T30118] hsr_slave_1: entered promiscuous mode [ 537.378685][T30118] debugfs: 'hsr0' already exists in 'hsr' [ 537.384578][T30118] Cannot create hsr debugfs directory [ 537.389864][T30203] 9pnet_fd: Insufficient options for proto=fd [ 537.397839][T30203] netlink: 'syz.4.9215': attribute type 10 has an invalid length. [ 537.436377][T30197] tipc: Enabled bearer , priority 0 [ 537.450573][T30196] tipc: Resetting bearer [ 537.461494][T30196] tipc: Disabling bearer [ 537.473112][T30206] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 537.478662][T30207] netlink: 'syz.2.9214': attribute type 13 has an invalid length. [ 537.480275][T30206] batman_adv: batadv0: Removing interface: veth1_vlan [ 537.527525][T30207] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 537.535598][T30206] batman_adv: batadv0: Adding interface: veth1_vlan [ 537.542284][T30206] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 537.568648][T30206] batman_adv: batadv0: Interface activated: veth1_vlan [ 537.775268][T30230] tipc: Enabled bearer , priority 0 [ 537.782890][T30229] tipc: Resetting bearer [ 537.795258][T30229] tipc: Disabling bearer [ 538.262713][T30118] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 538.272247][T30118] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 538.281401][T30118] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 538.305768][T30246] bridge_slave_0: left allmulticast mode [ 538.311551][T30246] bridge_slave_0: left promiscuous mode [ 538.317304][T30246] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.326622][T30246] bridge_slave_1: left allmulticast mode [ 538.332508][T30246] bridge_slave_1: left promiscuous mode [ 538.338319][T30246] bridge0: port 2(bridge_slave_1) entered disabled state [ 538.342472][T30249] validate_nla: 1 callbacks suppressed [ 538.342490][T30249] netlink: 'syz.3.9230': attribute type 10 has an invalid length. [ 538.358892][T30249] __nla_validate_parse: 3 callbacks suppressed [ 538.358907][T30249] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9230'. [ 538.378414][T30246] bond0: (slave bond_slave_0): Releasing backup interface [ 538.390074][T30246] bond0: (slave bond_slave_1): Releasing backup interface [ 538.403656][T30246] team0: Port device team_slave_0 removed [ 538.413272][T30246] team0: Port device team_slave_1 removed [ 538.420117][T30246] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 538.428038][T30246] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 538.437166][T30246] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 538.444663][T30246] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 538.448306][T30250] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9231'. [ 538.476044][T30118] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 538.492689][T30249] batman_adv: batadv0: Adding interface: veth1_vlan [ 538.499342][T30249] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 538.526411][T30249] batman_adv: batadv0: Interface activated: veth1_vlan [ 538.594185][ T29] kauditd_printk_skb: 120 callbacks suppressed [ 538.594206][ T29] audit: type=1326 audit(2000000043.280:9740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30257 comm="syz.4.9234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d96e2ebe9 code=0x7ffc0000 [ 538.624136][ T29] audit: type=1326 audit(2000000043.280:9741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30257 comm="syz.4.9234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d96e2ebe9 code=0x7ffc0000 [ 538.647900][ T29] audit: type=1326 audit(2000000043.280:9742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30257 comm="syz.4.9234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8d96e2ebe9 code=0x7ffc0000 [ 538.671439][ T29] audit: type=1326 audit(2000000043.280:9743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30257 comm="syz.4.9234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d96e2ebe9 code=0x7ffc0000 [ 538.695037][ T29] audit: type=1326 audit(2000000043.280:9744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30257 comm="syz.4.9234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d96e2ebe9 code=0x7ffc0000 [ 538.718612][ T29] audit: type=1326 audit(2000000043.280:9745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30257 comm="syz.4.9234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8d96e2ebe9 code=0x7ffc0000 [ 538.742239][ T29] audit: type=1326 audit(2000000043.280:9746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30257 comm="syz.4.9234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d96e2ebe9 code=0x7ffc0000 [ 538.765792][ T29] audit: type=1326 audit(2000000043.280:9747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30257 comm="syz.4.9234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8d96e2ebe9 code=0x7ffc0000 [ 538.789324][ T29] audit: type=1326 audit(2000000043.280:9748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30257 comm="syz.4.9234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d96e2ebe9 code=0x7ffc0000 [ 538.812838][ T29] audit: type=1326 audit(2000000043.280:9749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30257 comm="syz.4.9234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8d96e2ebe9 code=0x7ffc0000 [ 538.843566][T30264] tipc: Enabled bearer , priority 0 [ 538.845107][T30263] tipc: Resetting bearer [ 538.851275][T30263] tipc: Disabling bearer [ 538.888976][T30118] 8021q: adding VLAN 0 to HW filter on device bond0 [ 538.903888][T30118] 8021q: adding VLAN 0 to HW filter on device team0 [ 538.927860][ T2025] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.935086][ T2025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 538.945987][ T2025] bridge0: port 2(bridge_slave_1) entered blocking state [ 538.953105][ T2025] bridge0: port 2(bridge_slave_1) entered forwarding state [ 539.104964][T30297] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9247'. [ 539.149687][T30118] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 539.422826][T30312] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 539.430064][T30312] batman_adv: batadv0: Removing interface: veth1_vlan [ 539.482710][T30312] netlink: 'syz.4.9249': attribute type 10 has an invalid length. [ 539.490772][T30312] netlink: 40 bytes leftover after parsing attributes in process `syz.4.9249'. [ 539.543116][T30118] veth0_vlan: entered promiscuous mode [ 539.574879][T30312] batman_adv: batadv0: Adding interface: veth1_vlan [ 539.581714][T30312] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 539.628147][T30312] batman_adv: batadv0: Interface activated: veth1_vlan [ 539.636550][T30118] veth1_vlan: entered promiscuous mode [ 539.679036][T30318] tipc: Enabled bearer , priority 0 [ 539.687153][T30317] tipc: Resetting bearer [ 539.698958][T30317] tipc: Disabling bearer [ 539.745755][T30118] veth0_macvtap: entered promiscuous mode [ 539.753749][T30118] veth1_macvtap: entered promiscuous mode [ 539.768058][T30118] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 539.781128][T30322] hsr0 speed is unknown, defaulting to 1000 [ 539.788617][T30118] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 539.813655][ T1724] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.829474][T30325] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9253'. [ 539.861198][ T1724] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.887731][ T1724] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.932315][ T2025] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.947915][T30336] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 539.955115][T30336] batman_adv: batadv0: Removing interface: veth1_vlan [ 539.983645][T30336] netlink: 'syz.4.9257': attribute type 10 has an invalid length. [ 539.991549][T30336] netlink: 40 bytes leftover after parsing attributes in process `syz.4.9257'. [ 540.002316][T30336] batman_adv: batadv0: Adding interface: veth1_vlan [ 540.009007][T30336] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 540.036215][T30336] batman_adv: batadv0: Interface activated: veth1_vlan [ 540.178224][T30354] tipc: Enabled bearer , priority 0 [ 540.187324][T30353] tipc: Resetting bearer [ 540.199958][T30353] tipc: Disabling bearer [ 540.249324][T30351] hsr0 speed is unknown, defaulting to 1000 [ 540.277893][T30363] tipc: Enabled bearer , priority 0 [ 540.287542][T30363] tipc: Disabling bearer [ 540.343246][T30366] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 540.350426][T30366] batman_adv: batadv0: Removing interface: veth1_vlan [ 540.370459][T30351] chnl_net:caif_netlink_parms(): no params data found [ 540.405439][T30366] netlink: 'syz.3.9264': attribute type 10 has an invalid length. [ 540.413384][T30366] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9264'. [ 540.437517][T30366] batman_adv: batadv0: Adding interface: veth1_vlan [ 540.444409][T30366] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 540.472709][T30366] batman_adv: batadv0: Interface activated: veth1_vlan [ 540.524567][T30351] bridge0: port 1(bridge_slave_0) entered blocking state [ 540.531971][T30351] bridge0: port 1(bridge_slave_0) entered disabled state [ 540.540085][T30351] bridge_slave_0: entered allmulticast mode [ 540.547795][T30351] bridge_slave_0: entered promiscuous mode [ 540.577550][T30351] bridge0: port 2(bridge_slave_1) entered blocking state [ 540.584777][T30351] bridge0: port 2(bridge_slave_1) entered disabled state [ 540.594073][T30351] bridge_slave_1: entered allmulticast mode [ 540.701107][T30351] bridge_slave_1: entered promiscuous mode [ 541.072103][ T1724] bond0 (unregistering): Released all slaves [ 541.083495][T30351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 541.109906][T30403] tipc: Enabled bearer , priority 0 [ 541.117771][T30351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 541.128959][ T51] tipc: Resetting bearer [ 541.136051][T30386] tipc: Resetting bearer [ 541.149068][T30386] tipc: Disabling bearer [ 541.161911][ T1724] tipc: Left network mode [ 541.170770][T30351] team0: Port device team_slave_0 added [ 541.177769][T30351] team0: Port device team_slave_1 added [ 541.194355][ T1724] hsr_slave_0: left promiscuous mode [ 541.200762][ T1724] hsr_slave_1: left promiscuous mode [ 541.206638][ T1724] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 541.213998][ T1724] batman_adv: batadv0: Removing interface: veth1_vlan [ 541.302598][T30412] netlink: 36 bytes leftover after parsing attributes in process `syz.0.9279'. [ 541.411045][T30351] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 541.418168][T30351] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 541.444209][T30351] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 541.461341][T30351] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 541.468358][T30351] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 541.494415][T30351] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 541.546077][T30351] hsr_slave_0: entered promiscuous mode [ 541.552390][T30351] hsr_slave_1: entered promiscuous mode [ 541.558355][T30351] debugfs: 'hsr0' already exists in 'hsr' [ 541.564159][T30351] Cannot create hsr debugfs directory [ 541.684916][T30438] tipc: Enabled bearer , priority 0 [ 542.083470][T30351] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 542.102222][T30351] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 542.111582][T30433] tipc: Resetting bearer [ 542.121149][T30453] netlink: 'syz.1.9296': attribute type 16 has an invalid length. [ 542.129101][T30453] netlink: 'syz.1.9296': attribute type 17 has an invalid length. [ 542.141758][T30433] tipc: Disabling bearer [ 542.148819][T30351] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 542.190783][T30453] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 542.207761][T30351] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 542.303761][T30351] 8021q: adding VLAN 0 to HW filter on device bond0 [ 542.319294][T30351] 8021q: adding VLAN 0 to HW filter on device team0 [ 542.334568][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.341718][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 542.353829][T30481] netlink: 36 bytes leftover after parsing attributes in process `syz.1.9306'. [ 542.358348][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.369962][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 542.381912][T30481] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 542.389158][T30481] IPv6: NLM_F_CREATE should be set when creating new route [ 542.403212][T30351] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 542.413643][T30351] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 542.459819][T30483] tipc: Enabled bearer , priority 0 [ 542.491088][T30482] tipc: Resetting bearer [ 542.505849][T30482] tipc: Disabling bearer [ 542.527258][T30351] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 542.535869][T30496] netlink: 'syz.0.9311': attribute type 16 has an invalid length. [ 542.543837][T30496] netlink: 'syz.0.9311': attribute type 17 has an invalid length. [ 542.575823][T30496] bridge0: left promiscuous mode [ 542.587588][T30496] 8021q: adding VLAN 0 to HW filter on device bond0 [ 542.596322][T30496] 8021q: adding VLAN 0 to HW filter on device team0 [ 542.596447][T30504] 9pnet_fd: Insufficient options for proto=fd [ 542.609262][T30504] ================================================================== [ 542.617368][T30504] BUG: KCSAN: data-race in console_flush_all / console_flush_all [ 542.617397][T30504] [ 542.617404][T30504] write to 0xffffffff86a20b98 of 8 bytes by task 30496 on cpu 1: [ 542.635189][T30504] console_flush_all+0x35a/0x730 [ 542.640160][T30504] console_unlock+0xa1/0x330 [ 542.644766][T30504] vprintk_emit+0x388/0x650 [ 542.649298][T30504] vprintk_default+0x26/0x30 [ 542.653919][T30504] vprintk+0x1d/0x30 [ 542.657838][T30504] _printk+0x79/0xa0 [ 542.661757][T30504] chnl_net_open+0x2a9/0x560 [ 542.666370][T30504] __dev_open+0x2d5/0x530 [ 542.670732][T30504] __dev_change_flags+0x163/0x400 [ 542.675780][T30504] netif_change_flags+0x5a/0xd0 [ 542.680636][T30504] do_setlink+0x9d2/0x2810 [ 542.685088][T30504] rtnl_newlink+0xd8b/0x12d0 [ 542.689728][T30504] rtnetlink_rcv_msg+0x5fe/0x6d0 [ 542.694688][T30504] netlink_rcv_skb+0x120/0x220 [ 542.699474][T30504] rtnetlink_rcv+0x1c/0x30 [ 542.703902][T30504] netlink_unicast+0x5c0/0x690 [ 542.708669][T30504] netlink_sendmsg+0x58b/0x6b0 [ 542.713452][T30504] __sock_sendmsg+0x145/0x180 [ 542.718145][T30504] ____sys_sendmsg+0x31e/0x4e0 [ 542.722915][T30504] ___sys_sendmsg+0x17b/0x1d0 [ 542.727598][T30504] __x64_sys_sendmsg+0xd4/0x160 [ 542.732454][T30504] x64_sys_call+0x191e/0x2ff0 [ 542.737132][T30504] do_syscall_64+0xd2/0x200 [ 542.741643][T30504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 542.747537][T30504] [ 542.749874][T30504] read to 0xffffffff86a20b98 of 8 bytes by task 30504 on cpu 0: [ 542.757500][T30504] console_flush_all+0x563/0x730 [ 542.762447][T30504] console_unlock+0xa1/0x330 [ 542.767068][T30504] vprintk_emit+0x388/0x650 [ 542.771600][T30504] vprintk_default+0x26/0x30 [ 542.776214][T30504] vprintk+0x1d/0x30 [ 542.780123][T30504] _printk+0x79/0xa0 [ 542.784049][T30504] p9_fd_create+0x20c/0x280 [ 542.788595][T30504] p9_client_create+0x60b/0xbc0 [ 542.793469][T30504] v9fs_session_init+0xf7/0xde0 [ 542.798324][T30504] v9fs_mount+0x67/0x5c0 [ 542.802574][T30504] legacy_get_tree+0x75/0xd0 [ 542.807165][T30504] vfs_get_tree+0x54/0x1d0 [ 542.811589][T30504] do_new_mount+0x207/0x5e0 [ 542.816108][T30504] path_mount+0x4a4/0xb20 [ 542.820450][T30504] __se_sys_mount+0x28f/0x2e0 [ 542.825144][T30504] __x64_sys_mount+0x67/0x80 [ 542.829781][T30504] x64_sys_call+0x2b4d/0x2ff0 [ 542.834465][T30504] do_syscall_64+0xd2/0x200 [ 542.838985][T30504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 542.844884][T30504] [ 542.847209][T30504] value changed: 0x0000000000003b33 -> 0x0000000000003b35 [ 542.854316][T30504] [ 542.856633][T30504] Reported by Kernel Concurrency Sanitizer on: [ 542.862822][T30504] CPU: 0 UID: 0 PID: 30504 Comm: syz.1.9314 Not tainted syzkaller #0 PREEMPT(voluntary) [ 542.872644][T30504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 542.882708][T30504] ================================================================== [ 542.890958][T30496] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 542.907844][T30504] netlink: 'syz.1.9314': attribute type 10 has an invalid length. [ 542.915742][T30504] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9314'. [ 542.926150][T30504] batman_adv: batadv0: Adding interface: veth1_vlan [ 542.932923][T30504] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 542.958818][T30504] batman_adv: batadv0: Interface activated: veth1_vlan [ 543.059291][T30351] veth0_vlan: entered promiscuous mode [ 543.067216][T30351] veth1_vlan: entered promiscuous mode [ 543.085196][T30351] veth0_macvtap: entered promiscuous mode [ 543.092587][T30351] veth1_macvtap: entered promiscuous mode [ 543.103027][T30351] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 543.114500][T30351] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 543.126012][ T37] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.134892][ T37] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.143836][ T37] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.152876][ T37] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0