last executing test programs: 1m41.657289605s ago: executing program 0 (id=1342): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x9, 0x690bb, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7a, 0x0, @perf_config_ext={0x8001, 0xf}, 0x0, 0x2e, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x6}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="5c01000010000100feffffff00010000fe880000000000000000000000000001fc010000000000000000000000000001000107144e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f000001fe0000000000000000000000000000000000000092010000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00010000ddfffffdffffffffffffff02000000fcffffff000000002abd700004350000020001002000000000000000480003006465666c617465"], 0x15c}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 1m41.549607941s ago: executing program 0 (id=1347): perf_event_open(&(0x7f0000001100)={0x5, 0x80, 0x19, 0xa, 0xb, 0xfb, 0x0, 0x3c, 0xc002, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x11ac4b, 0xfe, 0x7fffffff, 0x7, 0x9, 0x41, 0x7, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2) 1m41.528538902s ago: executing program 0 (id=1348): perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x46, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40040, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x528, 0x2, @perf_config_ext={0x4949ee09, 0x2}, 0x409, 0x3ffffffc, 0x0, 0x8, 0x103fb, 0xffff, 0x5, 0x0, 0x0, 0x0, 0x400000000000009}, 0x0, 0x1, 0xffffffffffffffff, 0xb) r0 = socket$netlink(0x10, 0x3, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000000), r0) r1 = socket(0x8000000010, 0x2, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) (async) ptrace(0x10, r2) ptrace$peeksig(0x4209, r2, &(0x7f0000000140)={0x1, 0x1}, 0x0) write(r1, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000002481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) (async) write(r1, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000002481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) 1m41.38758494s ago: executing program 0 (id=1351): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) chroot(&(0x7f0000000000)='./file0/../file0\x00') mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f0000000040)='sysfs\x00', 0x10, 0x0) r0 = socket(0x840000000002, 0x3, 0x100) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000001900)=@raw={'raw\x00', 0x8, 0x3, 0x338, 0x1c0, 0xe138, 0x198, 0x1c0, 0x198, 0x2a0, 0x358, 0x358, 0x2a0, 0x358, 0x3, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x2000, 'pimreg\x00', 'veth0_to_bond\x00'}, 0x0, 0x158, 0x1c0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "0d0004000000000000000404fff0cf81dfd28c89544e14cd3e01dd24289831867846c88621039b284c3ff45c42995560a99952bed40cf5a8c1df6cdbdb7e2378d5afd35f4c16827f55b3af494e39e8fb330200000000000032b6a99a8d87298e88a94cb519f5c17631af916a0002000000000000000000000000000000000049", 0x8}}, @inet=@rpfilter={{0x28}, {0xc}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x98, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x398) 1m41.329683774s ago: executing program 0 (id=1354): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)={[{0x2d, 'perf_event'}]}, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a58000000060a010400000000000000000a0000010900010073797a31000000002c0004802800018007000100637400001c0002800500030001000000080002400000000c08000140000000090900020073797a320000000014000000110001"], 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) write$tun(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc83c00fe8000000000000000000000000000aaff02000000000088000000000000000188"], 0xffe) 1m40.988007833s ago: executing program 0 (id=1363): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in, @in6=@private2={0xfc, 0x2, '\x00', 0x1}}, {@in6=@loopback, 0x0, 0x32}, @in6=@private2, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000}, {}, {0x0, 0xc08}}}}, 0xf8}}, 0x0) 1m40.987922693s ago: executing program 32 (id=1363): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in, @in6=@private2={0xfc, 0x2, '\x00', 0x1}}, {@in6=@loopback, 0x0, 0x32}, @in6=@private2, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000}, {}, {0x0, 0xc08}}}}, 0xf8}}, 0x0) 6.313043277s ago: executing program 2 (id=3545): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000007c0)=ANY=[@ANYBLOB="3811000010003306fcffffff0000000000000000000000000000000000000000ffffffff0000000000000000000000004e22000000008001000080003b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb000000000000000000000000000000003c000000fe80000000000000000000000000000b07000000000000000000ffffffffffffff800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070090000000000000000000000000000000000002cbd7000000000000a0004000000000000000000481001"], 0x1138}}, 0x40040) 6.26110367s ago: executing program 2 (id=3549): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010ffffffffffffffd000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000116608ffff0000100018000000000000000000000000000a009500000000000000360a020000000001180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94) 6.198313143s ago: executing program 2 (id=3553): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@newlink={0x54, 0x10, 0xffffffffffffffff, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x1414, 0x2021}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x24, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x3}, @IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_DATA={0x10, 0x5, 0x0, 0x1, [{0xa, 0x4, @broadcast}]}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24004941}, 0x8000002) 6.165193225s ago: executing program 2 (id=3556): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x20, 0x3, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x9}, [@CTA_TUPLE_REPLY={0x4}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}]}, 0x20}, 0x1, 0x0, 0x0, 0x18002}, 0x20000010) ioprio_set$pid(0x2, 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x10b841, 0x0) pwritev2(r1, &(0x7f0000000600)=[{&(0x7f0000000580)="e5", 0x1}], 0x1, 0x1, 0xfffffffb, 0x1a) perf_event_open$cgroup(&(0x7f0000000180)={0x5, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, @perf_bp={0x0, 0x8}, 0x4010, 0x0, 0x0, 0x0, 0x3, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x40002, 0x0, 0x1, 0x0, &(0x7f0000000080)) syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./bus/file0\x00', 0x80008, 0x0, 0x0, 0x0, &(0x7f0000000000)) r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f00000001c0)=0x10) rename(&(0x7f0000000100)='./bus/file0\x00', &(0x7f0000000080)='./mnt\x00') sendmsg$nl_generic(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x380000}, 0xc, &(0x7f0000000040)={&(0x7f0000000200)={0xe0, 0x23, 0x300, 0x70bd2c, 0x25dfdbfe, {0x1d}, [@generic="d43e4623ee9a8e3d23186e9af4d164a9e8adb2b9604c8827ad4babb0b8f34ec6c1834b8c72f47d8ad364251dc2fb3f1549486d8c5e109e731ff40f24827ce50744368a00a04ed7fe4dc42c432b5dc4e50428b71564dac182ed163353d1ff4294c252b234df37a77ac55584751ca40a2c67ea7865441bba829d67b2c5f161922222c8b732f3c1106e17f549525463577a6be6f99afe99a8aca58255d8ed8127e4acb0f070c38d90c405cabcfc013d7b69ce20512662777617617b53164a7d8ac1f710eea0358caaad35f557ee"]}, 0xe0}, 0x1, 0x0, 0x0, 0x804}, 0x8080) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) inotify_rm_watch(0xffffffffffffffff, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)={0x34, r5, 0x1, 0x400000, 0x25dfdbfc, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x1c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}]}]}, 0x34}}, 0x2000c050) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SFACILITIES(r6, 0x89e3, &(0x7f0000000300)={0x64, 0x34b, 0x9, 0x9, 0x0, 0x8100}) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x20, 0x3, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x9}, [@CTA_TUPLE_REPLY={0x4}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}]}, 0x20}, 0x1, 0x0, 0x0, 0x18002}, 0x20000010) (async) ioprio_set$pid(0x2, 0x0, 0x0) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x10b841, 0x0) (async) pwritev2(r1, &(0x7f0000000600)=[{&(0x7f0000000580)="e5", 0x1}], 0x1, 0x1, 0xfffffffb, 0x1a) (async) perf_event_open$cgroup(&(0x7f0000000180)={0x5, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, @perf_bp={0x0, 0x8}, 0x4010, 0x0, 0x0, 0x0, 0x3, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x40002, 0x0, 0x1, 0x0, &(0x7f0000000080)) (async) syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./bus/file0\x00', 0x80008, 0x0, 0x0, 0x0, &(0x7f0000000000)) (async) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) (async) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f00000001c0)=0x10) (async) rename(&(0x7f0000000100)='./bus/file0\x00', &(0x7f0000000080)='./mnt\x00') (async) sendmsg$nl_generic(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x380000}, 0xc, &(0x7f0000000040)={&(0x7f0000000200)={0xe0, 0x23, 0x300, 0x70bd2c, 0x25dfdbfe, {0x1d}, [@generic="d43e4623ee9a8e3d23186e9af4d164a9e8adb2b9604c8827ad4babb0b8f34ec6c1834b8c72f47d8ad364251dc2fb3f1549486d8c5e109e731ff40f24827ce50744368a00a04ed7fe4dc42c432b5dc4e50428b71564dac182ed163353d1ff4294c252b234df37a77ac55584751ca40a2c67ea7865441bba829d67b2c5f161922222c8b732f3c1106e17f549525463577a6be6f99afe99a8aca58255d8ed8127e4acb0f070c38d90c405cabcfc013d7b69ce20512662777617617b53164a7d8ac1f710eea0358caaad35f557ee"]}, 0xe0}, 0x1, 0x0, 0x0, 0x804}, 0x8080) (async) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async) inotify_rm_watch(0xffffffffffffffff, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) (async) sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)={0x34, r5, 0x1, 0x400000, 0x25dfdbfc, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x1c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}]}]}, 0x34}}, 0x2000c050) (async) syz_init_net_socket$x25(0x9, 0x5, 0x0) (async) ioctl$SIOCX25SFACILITIES(r6, 0x89e3, &(0x7f0000000300)={0x64, 0x34b, 0x9, 0x9, 0x0, 0x8100}) (async) 6.114793129s ago: executing program 2 (id=3560): set_mempolicy(0x3, &(0x7f0000000080)=0x1ff, 0x5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value=0x3f00}, 0x94) 5.834932224s ago: executing program 2 (id=3573): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="a0010000100001000000000000000000fc010000000000000000000000000000ac1414bb00000000000000000000000000000000000000000000000400000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000fc01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000ff07000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000001c001700000000000000000000000001003924ad324f0e4f410000004c001400636d61632861657329"], 0x1a0}}, 0x0) 5.834828474s ago: executing program 33 (id=3573): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="a0010000100001000000000000000000fc010000000000000000000000000000ac1414bb00000000000000000000000000000000000000000000000400000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000fc01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000ff07000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000001c001700000000000000000000000001003924ad324f0e4f410000004c001400636d61632861657329"], 0x1a0}}, 0x0) 2.004175945s ago: executing program 5 (id=3616): newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x6000) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000001900010000000000000000008020"], 0x1c}, 0x1, 0x0, 0x0, 0x4080}, 0x0) (async) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800718, &(0x7f00000002c0), 0x0, 0x482, &(0x7f00000004c0)="$eJzs281rHOUfAPDvTLKb9teX5FfqS2vVaBGCYtKmVXvwolQQqSjooR5jsi2h20aaKLYWm4p4EqSgZ/Eo+hd4E0HUk+DVkycpFO2lrafIzM6km202ac0mmyafD8zs8+w8s/N895mXZ+bZDWDTGsxmScT2iPg9Ivob2YUFBhsvN65dGL957cJ4EnNzb/yV5OWuX7swXhYt19tWZIbSiPTjpNjIQtPnzp8aq9drZ4v8yMzpd0amz51/+r3TYydrJ2tnRo8cOXzo4HPPjj7TkTizuK7v/XBq356X37r86vjxy2///G1W3+3F8uY4OmUwC/zvuVzrsic6vbEu25HP+/J50tvlynDHeiIia65Kfvz3R0/carz+eOmjrlYOWFXZtamv/eLZOWADS+JOS1aazhnAva+80Gf3v+W0Bt2OdePqC40boCzuG8XUWNIbaVGmMn9/23mDEXF89p8vsylW6TkEAECzT8e/OFaNvvjg5jevZH2P/vkladyfv/6Rz3cWYygDEfH/iNhVdI52R8R9EXnZByLiwRXW5/b+T3plhR+5pKz/93wxtrWw/1f2/mKgp8jtyOOvJCcm67UDxXcyFJW+LH9wiW18f/S3z9ota+7/ZVO2/bIvWNTjSm/LA7qJsZmxqKwk6luuXorY27tY/Mn8SEASEXsiYu+yn5Y2Z3aWicknv97Xbo0i/iyaNvEvoQPjTHNfZeHNZvHPRkv8paR5fHLytvHJkS1Rrx0YKfeK2/3y6yevt9v+8u2/uq7WGq9N7d9aZCBpHq+d7uz2/+P+n1aTN/Nx5mox5vj+2MzM2YMR1eRYnq8WZfP3R2+tW+bL8tn+P7R/8eN/V7FOFv9DEZHtxA9HxCMR8WhR98ci4vGI2L9EjD+9uHz8kXap/S9FTCx6/pvf/1va/+4TPad+/K7d9u+s/Q/nqaHinfz8t4zFqpOdLloruJLvDgAAAO4Vaf4b+CQdnk+n6fBw4zf8u+N/aX1qeuapE1Pvnplo/FZ+ICpp+aSrv3geWp9s3Fs3VJKjUa+NFs+Ky+elh4rnxp/3bM3zw+NT9YmuRg5sa3P8Z/7s6XbtgFW2ddF3R6trXhGgC1rH0dOF2YuvhZMBbFT+rw2b1zLHf7pW9QDWnus/bF6LHf8XW/LGAmBjcv2HzcvxD5tU+kO3awB0kes/bEor+V//Kia23EXh6jqpc8cS67VR8kREmUjXRX0kVinR7TMTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//6pQ2oo=") 1.851982463s ago: executing program 5 (id=3618): r0 = socket$kcm(0x10, 0x0, 0x10) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x1}, 0x106200, 0x10004, 0x20da, 0x5, 0xa, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', 0x189002, 0x40) write$cgroup_devices(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='>', @ANYRES64=r0], 0x22) r2 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x200, 0x2}, &(0x7f0000010080), &(0x7f0000000000)) openat$cgroup_ro(r1, &(0x7f0000000200)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000b40)=[{0x0}, {0x0}], 0x2) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r4, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r5, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@newqdisc={0x5c, 0x24, 0xf1d, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x1}, @qdisc_kind_options=@q_bfifo={{0xa}, {0x8, 0x2, 0x5cc}}, @TCA_INGRESS_BLOCK={0x8}, @TCA_RATE={0x6, 0x5, {0x9, 0x2}}]}, 0x5c}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r7) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x3c, 0x2c, 0x73f, 0x600, 0x25dfcbfb, {0x0, 0x0, 0x0, r8, {}, {0xfff2, 0xffff}, {0xffff, 0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0xfff2, 0xe}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r2, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) socket(0x2, 0x80805, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$inet(0x2, 0x5, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) socket$nl_generic(0x10, 0x3, 0x10) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) 1.627970576s ago: executing program 5 (id=3624): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) munmap(&(0x7f000045e000/0x1000)=nil, 0x1000) munmap(&(0x7f00007b2000/0x3000)=nil, 0x3000) madvise(&(0x7f0000492000/0x2000)=nil, 0x2000, 0x12) syz_clone(0x200000, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x34, r1, 0x431, 0x70bd28, 0x259fdbfc, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_TX={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4c810}, 0x20000000) mlockall(0x7) 1.501217034s ago: executing program 5 (id=3626): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a20000000000a01040000000000000000010080040900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000098000000060a010400000000000000000100000008000b400000000070000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000380001800c0001006269747769736500280002800800034000000004080001400000001408000240000000120800064000000000040005800900010073797a30"], 0x10c}, 0x1, 0x13}, 0x0) 1.413692018s ago: executing program 5 (id=3627): r0 = fsopen(&(0x7f00000014c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x86) fchdir(r1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85) lseek(r2, 0x101, 0x1) getdents64(r2, 0x0, 0x4f) r3 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r3, &(0x7f0000000600)={0xa0000013}) perf_event_open(&(0x7f0000001300)={0x2, 0x80, 0x27, 0x6, 0x0, 0x0, 0x0, 0x9, 0x690bb, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x0, @perf_config_ext={0xb, 0xdae}, 0x100010, 0x32, 0x43a1bd76, 0x7, 0x9, 0x1, 0x2, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x1) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)={0x14, 0x25, 0x21, 0x0, 0x0, {0x7}}, 0x14}}, 0x0) r7 = syz_open_dev$sg(&(0x7f0000000000), 0x3, 0x200000) ppoll(&(0x7f0000000040)=[{r7, 0x1}], 0x1, 0x0, 0x0, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="9c0100001900010025bd7000ffdbdf251d01020008000500f9f7fdfe15000300000000c005030000a4887e803004673603"], 0x19c}}, 0x0) gettid() timer_create(0x0, 0x0, &(0x7f0000000040)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000040)=[{0x6, 0x5, 0x7, 0x7ffc0001}]}) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0xb, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0xd07, 0x40}, 0x100b28, 0x6, 0x0, 0x1, 0x8, 0x10001, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0) close_range(r3, r4, 0x0) 1.126553765s ago: executing program 1 (id=3629): r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = getpgid(0x0) ptrace(0x4207, r1) bind$tipc(r0, &(0x7f0000000200)=@name={0x1e, 0x2, 0x3, {{0x43}, 0x3}}, 0x10) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x200, 0xfffffffd}}, 0x10) socket$tipc(0x1e, 0x5, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x20, r4, 0xc4fc9e906872338b, 0x70bd2a, 0x0, {{0x15}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x40084) r5 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x2}, 0x10) r6 = socket$tipc(0x1e, 0x2, 0x0) r7 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000000514210626bd7000000000000800010000000000080008"], 0x20}}, 0x0) sendmsg$tipc(r6, &(0x7f00000003c0)={&(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40008c4}, 0x0) 840.283991ms ago: executing program 1 (id=3630): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000009c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x368, 0x140, 0x12, 0x60a, 0x0, 0x202, 0x298, 0x2e8, 0x2e8, 0x298, 0x2c0, 0x4, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @dev}, @mcast2, [], [], 'veth1_to_bond\x00', 'xfrm0\x00'}, 0x0, 0x118, 0x140, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x1, 0x8b, 0xd2, 0x4, 0x4, 0x4, 0xa216}}, @common=@inet=@socket2={{0x28}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff}, {0xffffffffffffffff}}}}, {{@ipv6={@private2, @loopback, [], [], 'vxcan1\x00', 'geneve0\x00'}, 0x0, 0x138, 0x158, 0x0, {0x1000000}, [@common=@srh1={{0x90}, {0x3c, 0x1, 0xd1, 0x1, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}, @private0, @dev={0xfe, 0x80, '\x00', 0x22}, [0xff, 0xffffff00, 0x0, 0xffff00], [0xffffff00, 0x0, 0xff, 0xffffffff], [0xff000000, 0xffffffff, 0xff, 0xff000000], 0x900, 0x804}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c8) 830.511352ms ago: executing program 4 (id=3631): syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0xc004, &(0x7f00000001c0)=ANY=[@ANYBLOB="616c6c6f775f7574696d653d30303030303030303030303030303030303030303030372c646f74732c646f74732c6e6f636173652c646f74732c636865636b3d72656c617865642c646f74732c6e6f646f74732c646f74732c0032884758fdd2e7a17e3c116a014262927783807ed4e210440ddebdf7d64a629cc9e873202c6d1e1d7dbabad279cb290d8a6c81b9ee715a035afdc5af3e15b932174f5ecf4f009847fbc0e187d20fe47e50595251e835b306e05bc51afba211073e289eb4992c644a8275495b12a862be4d726e3efbbeb1eb175e92b262c4ee4cee83e529784e53c874b73bb376876e2f3b2e647330e12c337d3a8b8cacccd9d86bc4c2f3b8971a79fb8f69af7b1d19592bf6a7186f7d4322045a99eaa207c407ab52aeadaaf1d089c278fccfb2138f80b7957bda6aed12f62e76729a69d803baab2172d2ba2ecf7a2205f939299f920513473efbbd", @ANYRES64=0x0], 0x0, 0x180, &(0x7f0000000480)="$eJzs2z9rU1EYB+D3NjHt1aWzOFxwcQrq5KhIBfGComTQSaG6tFIwy9Upn8LZLyhIJyePpDemWlKKDfdcMc8zhAM/kvc9J38OJ3Be33h/sH80fXf07Dh2iiKG96OKH0XsxlYMojULAOB/8j2l+JZSStuzKL9ESqnvjgCArtn/AWDzXLj/3+upMQCgM87/ALB5Xrx89eRBXe89r6qdiK+zZtJMIsqYP849elzv3a5O7J4+67hpJoNlfqfNqz/zK3F1kd9dmY/i1s02n2cPn9Zn8mux3/30AQAAYCOMq6WV5/vx+Ly8Hf32/8CZ8/swrg+zTQMA+AvTj58O3hwevv2QYVCeVCwuU7TM0+H08zrL8mtNu+lwa/Hq+d6vwaVrFYtes7X6LwxS6q16F5+6zD9EQHanX/q+OwEAAAAAAAAAAAAAAM6z5lWhUUSsiCJGF90s2M4+VQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFj6GQAA//91/TrO") (async) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0xa0900, 0x0) r1 = socket(0x10, 0x3, 0x0) (async) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) write(0xffffffffffffffff, 0x0, 0x0) (async) connect$can_j1939(r1, &(0x7f0000000100)={0x1d, 0x0, 0x1, {0x0, 0xf0, 0x4}, 0xff}, 0x18) (async) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, 0x0, 0x0) (async) fsync(r0) (async) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$inet(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000340)=[@ip_ttl={{0x14}}], 0x18}, 0x11) (async) setsockopt$inet_tcp_int(r2, 0x6, 0x4, &(0x7f0000000180)=0x7, 0x4) setsockopt$inet_tcp_int(r2, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) (async) connect$inet(r2, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) (async) sendto$inet(r2, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4) (async) socket$phonet(0x23, 0x2, 0x1) close_range(r2, r2, 0x0) 759.537226ms ago: executing program 6 (id=3583): perf_event_open(&(0x7f0000001100)={0x5, 0x80, 0x19, 0xa, 0xb, 0xfb, 0x0, 0x3c, 0xc002, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x11ac4b, 0x0, 0x7fffffff, 0x7, 0x9, 0x41, 0x7, 0x0, 0x0, 0x600, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2) 644.081683ms ago: executing program 1 (id=3633): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x44f81}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @gre={{0x8}, {0x4}}}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x80c0) 643.403013ms ago: executing program 6 (id=3634): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = open_tree(0xffffffffffffffff, &(0x7f0000000180)='\x00', 0x89901) move_mount(r1, 0x0, 0xffffffffffffffff, 0x0, 0x46) close(0xffffffffffffffff) ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000800)=0xfff) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x2, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0xa}, 0x4, 0x0, 0x11000, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x200, 0x0) socket$packet(0x11, 0x2, 0x300) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x2, &(0x7f0000000100)=[{0x7}, {0x6, 0x2}]}) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r3, 0x0, 0x0) connect$inet(r3, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) socket$rds(0x15, 0x5, 0x0) unshare(0x22020c00) creat(&(0x7f00000000c0)='./file0\x00', 0x60) socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r4, 0x1, 0x22, &(0x7f0000000200)=""/159, &(0x7f0000000080)=0x9f) sendto$inet6(r2, &(0x7f0000000440)="c3d4adb2068a9a36ba46eb4ec91822cdd3238658d3420e57ec78a2ccac7c8d6bec447af3a3fd1131458cabeca0e2ccf6e1ebdd821eca504d5f69d7364d1243721eecba8c5a61fd9123271f4dccd9454f22206b900aae4ad3d0a12be600987159fbd45aa6ba9253", 0x67, 0x10048080, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x300, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0xac}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, &(0x7f0000000000)) r5 = io_uring_setup(0x3454, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f0000000780)=[{&(0x7f0000000500)=""/144, 0x90}, {&(0x7f0000000140)=""/3, 0x3}, {&(0x7f00000005c0)=""/217, 0xd9}, {&(0x7f00000006c0)=""/149, 0x95}, {&(0x7f0000000300)=""/16, 0x10}], 0x5) syz_emit_ethernet(0x5e, &(0x7f0000001900)=ANY=[@ANYBLOB="0180c2000003aaaaaaaaaaaa84dd607862840028020120010000000000000000000000000000fe80000000000000008c297b45c148939b04000000000000071800000000040000d60400000000000000000000000000000003042215fffb"], 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="24000000700039022abd7000fbdbdf2507000000fccf205066b96f0c428fe18bcff757624c45ec99f5cd2ee094c83fe8b26fc6be6c447116855faa9875f6ca1236daad3bf51136609e2428a0752fe1479168f2e8d0d39adb6853206cf0f1cc1435936f04d7ecd02834f59f6809cf7f8b3d551ed97fd8b19d09a738452a140d67fb8a82c183c36c196b4242a07c37a36441d841318ac0d462ba63cd5f291119bdc8eca49731a0139c1a1e8d72f9a174d1b55a8197caa84065ff40c01b4a1cda2bfcf6278a2a00d81b4a7a", @ANYRES32, @ANYBLOB="0c0001800800010040000400"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0) 643.007433ms ago: executing program 1 (id=3635): perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1d459d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x3}, 0x6025, 0x4005, 0xb, 0x0, 0x1, 0x1000, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x3b5, &(0x7f0000000780)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x37f, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0xf8, 0xfffffffc, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, '\x00'/12}, {0x18, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x18, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4610001394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "00000000001f00000000000200000000000000000000000000008879e66485201a0015ca837400000000000000000000001c0000000000"}, {0xe, 0x14, "5e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c"}, {0x3, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81"}]}}}}}}, 0x0) 639.839743ms ago: executing program 4 (id=3636): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x2f}}, 0x10, 0x0}, 0x300060c1) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f00000001c0)=0x4, 0x4) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000300)=0xa, 0x4) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001000030700"/20, @ANYRES32=0x0, @ANYBLOB="1501000000000000240012800b0001006272696467650000140002800800010007000000080002000302"], 0x4c}}, 0x0) 524.259699ms ago: executing program 3 (id=3638): syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x414401, 0x0) sendto$inet6(r0, &(0x7f0000000200)="6633ab9d45ab20fb7f54f062ecfab8546f19afabcf4be8c0d7fd998f49e579b896b32f7b0c5f00004d0646bbe015843288546f7f1518b65a1aefd2e47b940dcc5ddcb387ecc2ab1c92605904be9cfa6b8a163a5410f977bfc99afe87f3243bb689dd1cb8eecbcc79ca8eb16334ff5a8b1e782c6fcdfe9d343708d640f4c5d38135372dd2d30419a72e9c12df5e9bd4e2771acefc78b59ad2efb94a3d97026038d42c3ad6181bb1be4a4448543a61542c7c0615624dd2554e0d12da32b4cf5a7c51ef6edb71d499bdf0d0b4e284902c3ecfc5962f517a0e16bb37867c13a516821c6611f6655aea486ab8ec0f7ddb16838be0fd094935a92a53f51589f26cbccec07d468b34626398c87bde67cac6491f5b6eca9977ceb189430923de5d846595cd5850ca50005c3aa2a86ee12ce647b582d13e83f7b00343eaf7475d9e59160a109bca79963e918b7c24548ad6c787b72f2a2d32758a829a242ce98dfe5822aa0dcf5f0d1b3761f34632e37591822ebc599f79bd1bc86515e4fa1999fddb85cb63a343084f0f13d313dd336c05000b8c6a06b0b160a8443887769a113cbba128236bf6a889a7d904fd79d3", 0x1ab, 0x20000000, &(0x7f0000000080)={0xa, 0x4e20, 0xb, @mcast2, 0x1}, 0x1c) r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x230001, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev}, 0x2}}, 0x2e) close(r2) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3}) r5 = socket$pppl2tp(0x18, 0x1, 0x1) unshare(0x2c020400) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000580)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) syncfs(r6) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syslog(0x4, &(0x7f0000000000)=""/123, 0x7b) r7 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r7, 0x80044940, &(0x7f00000010c0)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$msdos(&(0x7f00000003c0), &(0x7f0000000340)='.\x00', 0x126a4b5, &(0x7f0000004140)=ANY=[@ANYRES16=r13, @ANYRES64=r11, @ANYRES16=r10, @ANYRES16=r13, @ANYRESDEC=r12, @ANYRES16=r9, @ANYRES16, @ANYBLOB="9a7f40ad4c7145903a868b9020e1e8899ed5747db23004fc9d248900abcaa6b065cf0800930a71dcd8b8955d93c78b9d4e5e06d8d5c9ac9b75d177754d6eba23e6d2be546c0dfecdf61baf732950a5729c01fbdc11e36cb411be200a9135657acd97d21ee46aac313ebdddd9265af16558dd3e5ba4836659a6abfe08aad84276acf949bdaa34bdf7f7b2dfb2fe8b9d6d225dcecebeb6e15f649994728842bd99fc94897d24315ac2d17bf6c2acfbfa8464d80f36304f88b906b78ab359be3479db5b0e7555f04416807c2202d6551f2425440be741dbe053e0bfeb845623e722a9293843f1cf0a71119dcadf7e353af4da52aed3086d6e5a095774248be9a1b1418dec1c03a2cb0ece0840ebeaaf7b67867da45943b700e2d6dad775ae6f33e55aa86ca84c336c91e3b7d7224f7a9a10d5b45a6ce0769d875415bea136b5508e5e0a88290792da3b11b2284a3d757c301cec78b55d3fcfa073615ccb089f66c5b9a5c84f6c1bb78c3370c4687eab260711fa05525687c7709e15cddea061f70798cbf940ad929eb80f33ad8bb4fcd322dd0558f111d7d01351147976b425a27e573402490055054cf3d80bebde6a89f3086170633740f08780aac3a73f17eaeda8deb642c2887962596b4d78c0ffffb28d0e64073b0641f89cf83a69afaaea03ba6070838fdbdaccb81630a6fdaa77fc10146013b9fd79e965a320daf81c1a51f032a3f462f2740e579eb116cad80b4e233326bf94fea52184517accf608b1fbfb395942869841b9ca0f314beff6b2dc0a74d7599012274b24775f0382e72907c1f0c571b994f048c0266feb775d893fec84e5733cd66a96cd45b60f63743b17b05d99c427a2d00a27fef17cadf128059a2e227b80701755b0bc706f32255c8cd619fa995cc7649f28337361a62cff46669fa4cf095a2d148987a9fafa6e1fb9f59b5ac5ff10a4c62e0187a3c75a983f7f5211142c6c09170a13e29c2044e5568bda8055cee4722e445e83ea01307c42cbe63a5bc529e1200e5874f7500275abacd6cc0e3bf8fd38ab7bab39f54d180d60892e2e3a713a3e654c89b8e9ba4474909991844514c04b655c66ccd6f2a17e29ff69d343ebac7ac5e1510ad4ff52e6a932a97bb0d814259da6545022152dd63f06219a1d66ec2278b694876ed6195b0543b8c9289b8438e8ee57dd38bcdb045a6fc4cede28effaa0354afbd4190fcbccd9a0e91508e4399e0e30a0bfdedcc19454b6dd7c2785a6e4fe74a0ece1d683ad07d76eafec02fb0d88debfeacd3531413185da0ffa4fb9b5e6d5a916f7bb5d51efc8ab61e4953fc6b2d1e670769f3ca56d51b804ceb118278acc90422e1f51e448a27d2fe4f93c88cf7c6148474bf650902dd6dd96541044113d244cf938150ec426e7ed63e1f153bbe328f4232552b104c8dee60b0c4e4c25f2605e97cc6f4263d32e8340be2d167137682373ae4cd501fdc9c5359b40f52803a5e4c0e04a5de0412c5cbd4d05e6135a1209d4b2dff50d39e481f1d1b01ed71004fb0c18e736af8ab176f833a439a85c9132e6d2296f665771c6a284eadc08c94ffa520dcc37fd6426c152364699514b15d4df6732fff39834e8ba29688b19db27a970d9d7fbee973c76bee04fb6164963969ebde0f785606781d63726736d8b60a713d5f72207a23f6f00420fdf24d14c069f36a7e236620481cc7a63857cc1355bac8d4f9a3f32785ad4d9d81719077a816b33b98006c322ee473aa9f8f83fae86a4d421104b298a9e42357c44b773e3504b3f9eb5b29330411b776b78fdb6dd9713dd1aee0cc9c7ee8bd23a50d4c8babaf6d74bc25377009a8c57c941f80e58ac08c93a275656cbad3864df9e791305d66103ab30983b07553ede5b5d5b0aab157f805eb6c11c75dd7f297c2cc9110551131a797164dec422b13799f1c261464c765a62c201eb9c8686eee94642d59f429cd137cba0d1a8126dcdfc28ea5c201526c61164a86f480dfde0c60fdf6afd3cd64719de1d89b5a362e058054a9db73aaffac324b04e8903060e1f14ca4ac31c82183066e6d581685efbe3452a20a665166b03808220770d66051971b61d8114376e22a4511cae9fdf7bbed68bb9f45b57eee1c15775730ef1434731d7b82a7cbcd6155396263984edfcea62196189da0ba9908d7d5ef514d75a3e1d4ae42654365083873fc4ce969fa4fac51d640be8d948bb9464d1a7e494c8df98bd5a569ff7fe1aca542c34610148a8f1dc9d60ff0f761270577f286a362f32164184ffce3ad132637e9f0381e9ce76a11f296f9d1e835cdc44926104e1df4d0a282a84b9fbc23064bfcab0d221c6e3124ae8ba6022e62f170dcc2d655f73b40f83fd65f5c705bc1f9e8df13adeadff9e1fe4660a55be7dc969cfffaed607190162dcd09d0cd86a297b22142b88f0eb28dd1a45152a4f4f2dca0d96d39fa594349040f486cd486af619b7083236cf90324cddc6f1ed0f6a103c8d936d7f2f31d420ef50931838e66721bff7494617b6b4bc385f3e51b3f81cf5d6953ac7fddc0f3466682911b38bc7f082e0c18e3ae0badf7f3fd3e186ebc2bab71fa26f77bb14cd97e6761c93c8c25887c0ef1f3dc1d8d86ce0fb73190f66f4deca77977e8d6064bfeeac3fad2bc50488c144e2a1a82fcc1e1c12ac54bf3e2d468e8f53241e4a6ad9e466746a45b053452ded5caa20461881d78d8235e986ba8b77e83601655d2650bf1b64ce17c75314216b43bbd1101a2e12e57525bb7d3b136a70635bdac8af24367a24ce2fe2a72ef2b0e56ff8dc62a82946f86f9b6b1418a89b1971372dfe7d5ce2e6611befff721f04a19bce7f90b1551a4cdead136662c50513fdde6f9d4a199c3907ed8799f231f54dd8347c71d829ff8ddc5d96b5aac2fe58652c81ff7f54e2568119dff2763ef435aa420630dacc7e9414340ee8688f46c7a8ab96d860937641042b3cdf6857ff1d2d4e47cec1f23e65fe541f38cb96b132666f999002e89cd1896ca58c2e63b87382e1a6c1ee9afa56cf3ba923fa9c989e20bff313f37252632fdcff03fbdd2d334ee93baf75c1bdae30feaa81fb2ac1b63c42dda06f20ce8c9d003eb3efed7931def342fb874fce92763f6f477c7f589b75d2129419fc4cb7a8893a1d3f94533ed9fdf9f21fc254fd80aa74750833d390327a2107e761240928d35a36c5eaca61fd848116b8dd7ec8157928bc2dd87f7756aa517cf6a61d2009fd4ba0579ca3b3129cfd5403546f5ab6d0575799a008fc67da9658427636d8f806d9b8cad64aee438d0a9b45957f31a5afe3ed894add9acadfd347246099c6ff0b4ec6f19ac61557daf8739e528185ab1468ca72d6d72e4f026e371e540b774b6576df3014dcc9e91b2cd1f0403a4fcaa6627b22682bb54f92150c2917acaee1972b2b03bc2bd37fdb9e7352c654d94ef196b7229e4da5ee62b7d395ecdd5177f2563242ea49ff78151a4a816a94e89b03f41c7e6684f8be3e5802e9338e7cbd3b43f708c062f944a59f31b02ca9a177e6b681accee8785d2467d2d78636be4330febaa3f6907db07992a2de74e459f3ae8ee6adae20cbc75aabd2d5d3424de0ddcc3ddd981c3a4966c57f8fdb1c42db87395f0bc800ff8ddb4c228a7d793d8a997885494a8578f5433d3f82886ea573641bf16065efbc25718c88f7277ce04c94af560d8deb7968496f849d3fad78741272b08bf7aec3f3c777428d3b8b897333ae5afb6823af63cb7347601ee2e8d4e21b21a12e6d42f66a1aac26d296bc68a998d8ba179ed5f756c2efd8a7acc0e3f08093bb4a83d37f15b4fe07c90858058ad1ff0e21bb7bf4363079c5d452dba5972b21c8f41daf6f11a51d321d3c1d544190238036d907d965ff469ce4895eb7675f3e94a15f83b837b892a40390d87d76e9b15eda02366299d3dd93943466bceeb2f9e465adccc08e1a02c3ac01815931627ed327e0ffbe09563221a365b88c4f2449bd3634920d5bfbde7cdc92c4cb16a579f35f07dafc87ce6ce4de7bf9e8ff0e80b81cdab8f2164a25a0a6929679ce9ae0dc2ac7ed41a787446676f091597551dc2e8c054224bac6652bba5fb675c0b2c94d2faac160f11b7b96fc96415aca8a47fa03658b8afa24b6bd97f7dbeead9ae5f7ec1cb0d000055f41a5043c6c4c97212398b168b5cb9ee650726eabcc31b6712e815fdaae77885350884fb36d6d5444d5e5500a7d636d4eced14b9d411c765b36a4be06ca9be2965d6d6c06c3b6bcb38babeb2999ee71295d48926bf6e39363fabf74de5e57aa0b59f9dddeca142d0c50ab7ff198196c69c971e6ab591220f4e42d6525e2dbd99b6c57949c854e4ee0e4581f9e3e160b3f66b01f23f4d0472c0a1f307837ac8dac0a257d09ab82975148dcd764fe6359a5f21b9cbe2ae7b9b277489a8b3285b8289a84ff854508b4488ffcf68f47ec7a5c18a8c3d06e26b32f754ac74ea8e93a554147fd3b3daf1fbe924e2e389cac13a5f80f3a21dbd250d3917f7b5acfc739a63f2b3d6b3f099efb4be7a842215c89fc87bd8550d11ba2a4af0f111ab124503b26feeae3be3ee24168dd4553a226b9168edb11c3e61bc850adf995b4d6f1aace6db0b91f805c3d1789a3e6b470e5470968f429d5b05c8f76ca2981e37f5bde4ad00a09755c76774ead7d93f3f41255b1d56152e3699b133b2e0b277427c992323d1b4d8c438434e9e901ddd43788f80cb9a975e9dd1671ce16be5ff8033d5da824f00fd78b540edbcd69a2e9aff03e31af9afefb809434f52b4a1239fdd241ed3a268258addde19d1724155a1a4c877bd59b0659b7a786886f6ffcb5999d1f9c007d615020926f7165a9ddd4aaa3c7b631d30cc951e328131d99282ac06a18f88373092320ea5308f06c376e711aecda4cd1c2b639d9ea7a2613d4e9eaa9a0ef72774fdec622f7d131b45135d577897bf686b460a371083070139ea544bda15012251d6c8e7163c25412841faefba76765648ca7cd1b423403a654b6b5754588ae6c309621477db20f7c9236af1e422ebd3fb6d6a712e7a6d00d58416b7d65a53a2514bf51bedfe9207f16a4d79418600389b98ea8b9e06b8da708a86f191e567925af39a09ac9fd7902e8f8e77567baf1b75c05ba1eb7089b424801405afc982a8d79c80fada184a1ab3bab526a3b0a5e20d2dc6bcdd2c5cb7c49f735f3e8f4d36a388ca805876ae08f0e3acca5dd864c1fa1552068bf799095221480374fd2dcaeddb74be93470eff4fe278e190f0a131f32340ada9cca518af769f42943875f4c5707beee2179771da21cd66405b9973648bd047a516d1cf902fa1f0fcdcbc3f4c1f20fc22f9a7e9f4c3a52576399604c46f83ede44f542d06d54e6e8a1e693a2cfcbb16c178d1bace976133e72cc4533bd02b1c4ec2cc22097435aff5a682ca7227414895450831560fa682493f4814ce8fbdb190f8ce2b533ed9582638511bda93aeae5d0690f745b788db622864ba3fb60952f119427fbe66754c5c038c5fb2cb87c326d65862e353c14950bd1fa7c70e36323e9cf90c81f6275e59c7926acac1560a0b6bbc7a850817f2effa19d485315a219d49e293f871278294d02765cf72caa2f438de3337ed205bf68ff6ddaaa5e4b80de5fba022dfcf9cf074a319678df11eb77b3ef66e512b67ba5182265a60eaf457691e973d23cbaf6000537f886695074ebb616f9cdad9de7c6fe9ecfbd13d537d64c34a7c90ca56b50e60d6a7067e391e63561793edf6ed3c2eeb8555909a59ce73da1f096d41fb42de44494128324a9", @ANYRESHEX=0x0, @ANYRES32=r8], 0x5, 0x0, &(0x7f0000000000)) ioctl$BTRFS_IOC_TREE_SEARCH(r2, 0xd0009411, &(0x7f0000000700)={{r8, 0xffffffffffffffff, 0x1, 0x957, 0x8000000000000000, 0x2, 0xc, 0x5, 0xd507, 0x80000000, 0x1, 0x8001, 0x10001, 0x6, 0x80000001}}) r14 = socket$nl_route(0x10, 0x3, 0x0) r15 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r15, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r14, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x0, {0x0, 0x0, 0x0, r16, {0x0, 0xfff2}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e000f00"}}}]}, 0x48}}, 0x0) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x12}}, 0x2, 0x0, 0x0, 0x2}}, 0x2e) ioctl$PPPIOCGL2TPSTATS(r2, 0x8004745a, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000100)={0x6, 0x9, 0x1c, 0x6, 0x9, 0xdc, 0xec4a}, 0xc) 524.095469ms ago: executing program 1 (id=3639): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, 0x0, 0x844) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="a00000000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c0002800500010000000000440001800c00028005000100000000002c00018014000300ff0200000000000000000000f3ffff0014000400200100000000000000000000000000010600034000010000080007400000000004000d"], 0xa0}, 0x1, 0x0, 0x0, 0xfff5}, 0x0) 523.937899ms ago: executing program 1 (id=3640): syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, 0x0, 0x0) bind$inet6(r0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x89f1, 0x0) sendmmsg$inet6(r0, &(0x7f0000001040)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}, {{&(0x7f0000000480)={0xa, 0x4e21, 0x5, @dev={0xfe, 0x80, '\x00', 0x43}, 0x200}, 0x1c, &(0x7f0000000540)=[{&(0x7f00000006c0)="c1394dbea312dd0bdcdb0105f7934da80a2225f669524f804f840d8d8c7a1188ec6bd758d85f6f3bd02b3e78412a4b03597ae133426d8c4f73da8b764edff7aed7ab34b278028f2f8151ceaf7515f304f2dd017524d23835d787d5f7d3d3f9b946d30560b5232fb3afb760568adcceb292dd1ed1fcca6e94311c02afa3b6143ebc3800178240d80b18b8ce6fdb2a72d1f0a85935cbecbdf150631a22bf8d540bfe7dd018814da340ab6157d9a63a42f31e48772f41691479de1d3831c84cfd93dce00616476d110af79d7d025b6742f61432757475eb4f621ce1743845280662d12c6fefca6279a75dad37a0", 0xec}, {&(0x7f00000007c0)="23bd6f85c966bc6ca4ce585588dcaca14cf1ac618d66d28ff98c3ce809d415ba27a38b93023f70d8aeb5c87f91855323c06d81e245485d44528138d845bcbbfe932ab3beaa394470fd0076c7d37217eb908a9f2c13c220116aa20ffd15d5206e6fa0ee303ef73aba068db853a8c0addd2726d0fb0b14bc33fffdeff20f4c6928a0f3eb3001bc47d99d9934b42723bc0ccd9f5aff077b2f803ec1a37825df2335c7393534227c15d5", 0xa8}, {&(0x7f0000000880)="551ece9f3905fa8bcb7598fafb065181fba969c90f05e67766f5e50e35159a236c79043ba70d3b969c6edaf2fcc2a4a764994a228104dbb47024de9669ce076c96c8144fb8211838d67033fbbe03330cd0367edb5980c8dd1a22d1131cc57c88e3f5501df3db4be6368952b2b89b6f22279956fa26e1b23617533f13a319c8e7201ec2fe4d3953091b094720e6a4012a84e0350c07f1051c8df882e8497129633769d761db36", 0xa6}, {&(0x7f0000000940)="f9b585693680e942b76f1c043be9a093691797a8280a2f654f6a450d30a8eeacd450d54697e18fbe4b3b0d56e84a4cc6655d643d82830a7d7f895ef1150cca4409612c82a9c9d8adf6526fbf6548818e4174077ff3194d1ac704d7d10d726de7ac250b44", 0x64}], 0x4, &(0x7f00000009c0)=[@hopopts={{0x40, 0x29, 0x36, {0x62, 0x5, '\x00', [@ra={0x5, 0x2, 0x8000}, @hao={0xc9, 0x10, @mcast1}, @hao={0xc9, 0x10, @empty}]}}}], 0x40}}], 0x2, 0x0) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000080), 0x4) ioctl$EXT4_IOC_GETFSUUID(0xffffffffffffffff, 0x8008662c, &(0x7f0000000340)) socket$nl_route(0x10, 0x3, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETOFFLOAD(r2, 0x400454c9, 0xba98575a95aeb71d) syslog(0x0, 0x0, 0x0) socket$inet(0x2, 0x0, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f00000000c0), 0x12) readv(r4, &(0x7f0000000140)=[{&(0x7f0000000240)=""/211, 0xd3}, {0x0}], 0x2) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000440)={0x0, @multicast1, @broadcast}, &(0x7f0000000380)=0x3) 431.592525ms ago: executing program 4 (id=3641): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f00000003000000001400020002000000ffffffff00000000000000000d0001007564703a73"], 0x54}}, 0x0) 357.291409ms ago: executing program 5 (id=3642): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e0000000000000005000000"], 0x48) 208.020617ms ago: executing program 3 (id=3643): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0xc4}, 0x1, 0x1000000, 0x0, 0x40488d5}, 0x4010) geteuid() getpeername$llc(0xffffffffffffffff, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000200)=0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x3, &(0x7f0000000000)=[{0x20, 0x10, 0x4, 0xfffff010}, {0x30, 0x0, 0xfd, 0x5ae9}, {0x6, 0x0, 0x7, 0x2}]}, 0x10) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00') r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000240)={0x80000011}) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents64(r5, &(0x7f0000000380)=""/45, 0x2d) ppoll(&(0x7f00000000c0)=[{r4, 0x2}], 0x1, &(0x7f00000001c0)={0x0, 0x3938700}, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000a80)="2a73ed35", 0x732a}], 0x1}}], 0x400000000000292, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0xc4}, 0x1, 0x1000000, 0x0, 0x40488d5}, 0x4010) (async) geteuid() (async) getpeername$llc(0xffffffffffffffff, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000200)=0x10) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) (async) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x3, &(0x7f0000000000)=[{0x20, 0x10, 0x4, 0xfffff010}, {0x30, 0x0, 0xfd, 0x5ae9}, {0x6, 0x0, 0x7, 0x2}]}, 0x10) (async) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0) (async) syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00') (async) epoll_create1(0x0) (async) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000240)={0x80000011}) (async) syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') (async) getdents64(r5, &(0x7f0000000380)=""/45, 0x2d) (async) ppoll(&(0x7f00000000c0)=[{r4, 0x2}], 0x1, &(0x7f00000001c0)={0x0, 0x3938700}, 0x0, 0x0) (async) sendmmsg$inet(r1, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000a80)="2a73ed35", 0x732a}], 0x1}}], 0x400000000000292, 0x0) (async) 207.716158ms ago: executing program 4 (id=3644): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000010000305000000090000f3ffffff0000", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e6400000000140002800800130001000000080014"], 0x44}}, 0x0) 126.429433ms ago: executing program 3 (id=3645): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000007c0)={0x400000000000000, 0x0, &(0x7f0000000700)={&(0x7f0000001900)=ANY=[@ANYBLOB="020f000015000000000000000000000005000500000000000a00000000000000000000000000000000432e0000000000000000000000000008001200000002000000f1edc4ea00000600000000000000000000000000000000000000034000000000000000000000fc01000000000000000000000000810005000600000000000a00000000000000ff0200000000000000000000000000010000000000000000010018"], 0xa8}}, 0x40080) 126.140662ms ago: executing program 4 (id=3646): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x44f81}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gre={{0x8}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_IGNORE_DF={0x5, 0x13, 0x1}, @IFLA_GRE_PMTUDISC={0x5}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_HWID={0x6, 0x18, 0xf9a}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x80c0) 91.767734ms ago: executing program 3 (id=3647): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010fffffffffffffff800851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000116608ffff0000100018000000000000000000000000000a009500000000000000360a020000000001180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94) 86.911605ms ago: executing program 4 (id=3648): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) memfd_create(&(0x7f0000000300)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x01\x83y\xf3\xb2\xe6b$\a\x00\x00\x00\x00\x00\x01\x00\x00\xf7\xffg\xf5\x12oP\b\x00\x00\x00LR\xa1\x00\x00\x17\x1f$^\xe1\x00\x04\x00\x00\x00\x00\a\xff;\xeb\xf1\xd0\xce\xe5\x19\x12\b\x01\xd9\xae>/\x05\x00\xce\xd5O\xcc\b\x9e\x19\x19#\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xdcc\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x05\x00\xfd\xc7\x00\x00\x00\x00\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4h$h\x0ew\x00&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x01\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xff\x06\xe7j\x9fTJ;T\xf3\xfa\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?P\xac\x86\x13b\xa8D\x0f\x93\xab\x1c\x11\x00\xc5\x8d\x82\x00\x00\x00\x00\x00\x00\x00\x0f\x81\xf3\x05\xa3{\x96\xf9\xba\x9em\xe9\"\x03\x933P\xbb\xd6\x9b\f\xa7\x8f9\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10\x00\xb9\xe6\xff\x04K%yH\xe5\xf4\x8b\x03Ca8\x1e\xe9\\#\xf8O\fw\xd9\xf5cF\xcc\x1a2ex\xb4\x0fi$\x97\x81.\x02\x04m\xfbT2\xd4\"\x1e\xf0\x16\x0f\x97\xe6j}J\xca\xb8)f\xd5\xfd>\x9bU\xb0\x03Zt0\xc0b\xad\xef@o\xc1\xd6\x17T\f\xc30\xe28\xe3&:1\x9c\t\xa7\x80\x1b:\xbb\x04\xd7\xd1\x06\xa0\xe9\xbah\xb6\xb2\xea/{Q\xca\x14\x13\x9ajWt\xc9\xecd\r\xd5)\x1d\xaf\n\xc0\xc1\x1d}DY\x95&\xe7\xf4U\xff\xcd&\a\x9f\x1bg\xe5|~\xc1\xc5n\x12%ur\xa1\x9e`\xc2\x01\b,\x18\xaf\xccD\xdeag\xc6\xf3\xd6\x94\x9d\xae\x8bl\xee\x7fu\xe5bu\x84\x04\xb3@\xa1\xf7\xc6\x13\xf9I\xfa\x12\xfc\x96\",aT\xfd\"\x01\x92\xb1\xbf\x8a\x15\x88\xfd\x8f\x88\x87\x82\x9c:L\xd2\xb8\xfa5\x066\x82\xf3_LUr\xfa\xd2\x99d \x97c9G\x99\xe3\xcc$\x96cu\x97\xe7\xc7a\tm\xe8F\xc7j\xf8\x98\x81\xe7\xf7\xab3F\xf4u\xdaav\xd21\v\x99HG\xdfx\x1cPl\t#\xc1\x8e\xddW\x00\x00\x00\x8fw\xa9A\xf7m\xeec\xb6\\\xa4T\xeej\xe2\xba\xb2V\xaca\xc6|\xae]\xdb\x10\xb3\x80z\xd5\n\xa3u\xfb\b\x03\xe5\xca;\xe5uH<\x9a\x12\x84(\x9f\xd2\xe1k\x955;J\xa4\x81Lm\x90\x1a\xfdI}\xb0\xa1\xfa9\x17\xd1\xa2\xc7\xca\x98\xaeS\x92Ew`\xd2\x02\xda\xc9\xd4\xea\x02\x1d\xd3\xd5\x81\xdb\xd9~\xd6-:\xee\xe8\t\xf7\xe6\xf1\x88\x86\xb0\x04\x9ep\xb1\x93\x16\xf9\xdb\x15\x8a\xa3h<\xaf\xa0\xb5\xb0\x05ir\xff\xff\xff\xff\x00\x00\x00\x00\x83\x91\xad\x11\xf4\xbcz\x9b\x8bp]o\au\x175I\x1d\xe2\x97\xb6\x06\xdc\x14\x9b>\xd7F\xdb?\xc7%0n/\xf5S\xb5\xe8\xa5\xd1\xddN\xf9ir\xd1r\xf4L\t3\xadDz\\\xf4`\x13\xf7)\x91w\a\xcc+E\xdd\xe9\xdbb\x9c\xff\x98\x03\xb7\x0e=\xba\xa3um\xde\xff$|\xb7\x86j+\x00\x00\x00\x00\x00\x00\x00Z\xef\xd6\xf4Zs\xfc\ro\x03\xabB\x18\xdc\a\xe3\r\x00\x00\x00\x00\x00\x00\xb2\xc9\xe4\x14A\x92P\x83o\xdb\x1d{E\xe8\xec\x85\xd4\xd2\x19\x18\xfd\xfcc~Y\x8f\xb3\x1d<\x91O\xe7\x04\x11\x1f\xbdz\xf1J\xc2\xb2\xdfH\xa7\xa7\xb80I\xc7P\xe9\n\xc8\xd6\x82\xc0\x1d\x82\x83$ky\xea\x9c5\xf3kF\xf5\xf3\xb2\xf4\r\xe3\xfe\xe0\xef8@|\xf9\x80\v\xf2\x91\xae\xc2', 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) write$binfmt_register(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e24, @private=0xa010100}]}, &(0x7f0000000080)=0x10) fcntl$dupfd(r0, 0x406, r1) r4 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond0\x00'}) socket$netlink(0x10, 0x3, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0xfffffffffffffffb}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20d00, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) acct(&(0x7f0000000040)='./file0\x00') 178.5µs ago: executing program 3 (id=3649): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000050000000000000080000000850000007500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000018000007b8af8"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e"], 0x0, 0x35}, 0x28) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_inet_SIOCSIFBRDADDR(r1, 0x891a, &(0x7f0000000300)={'veth0_to_bridge\x00', {0x2, 0x4e20, @empty}}) mbind(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x8002, &(0x7f0000000180)=0x3ff, 0xb, 0x0) mbind(&(0x7f0000ff8000/0x8000)=nil, 0x8000, 0x2, &(0x7f0000000180)=0x3ff, 0xd, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) 0s ago: executing program 3 (id=3650): r0 = socket(0x2, 0x80805, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000}, 0x10121, 0x0, 0x0, 0x0, 0x0, 0xd, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async, rerun: 32) r1 = socket$inet(0x2, 0x80001, 0x84) (rerun: 32) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000140)={r2, @in6={{0xa, 0x4e21, 0x5, @empty, 0x2}}, 0x6bfb, 0x4}, &(0x7f0000000500)=0x90) (async, rerun: 64) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x50, r4, 0x1, 0x4, 0x1, {}, [@IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge_slave_1\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x48c1}, 0x0) kernel console output (not intermixed with test programs): dmsg+0xc1/0x1e0 [ 160.194517][T12049] __x64_sys_sendmsg+0xd4/0x160 [ 160.194611][T12049] x64_sys_call+0x17ba/0x3000 [ 160.194638][T12049] do_syscall_64+0xc0/0x2a0 [ 160.194740][T12049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.194843][T12049] RIP: 0033:0x7f5e80f3aeb9 [ 160.194950][T12049] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 160.195014][T12049] RSP: 002b:00007f5e7f997028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 160.195080][T12049] RAX: ffffffffffffffda RBX: 00007f5e811b5fa0 RCX: 00007f5e80f3aeb9 [ 160.195135][T12049] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 160.195178][T12049] RBP: 00007f5e7f997090 R08: 0000000000000000 R09: 0000000000000000 [ 160.195220][T12049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 160.195333][T12049] R13: 00007f5e811b6038 R14: 00007f5e811b5fa0 R15: 00007ffcd6f130a8 [ 160.195398][T12049] [ 160.386981][T12058] FAULT_INJECTION: forcing a failure. [ 160.386981][T12058] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 160.400472][T12058] CPU: 1 UID: 0 PID: 12058 Comm: syz.1.2952 Not tainted syzkaller #0 PREEMPT(voluntary) [ 160.400508][T12058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 160.400525][T12058] Call Trace: [ 160.400531][T12058] [ 160.400539][T12058] __dump_stack+0x1d/0x30 [ 160.400616][T12058] dump_stack_lvl+0x95/0xd0 [ 160.400645][T12058] dump_stack+0x15/0x1b [ 160.400671][T12058] should_fail_ex+0x263/0x280 [ 160.400742][T12058] should_fail+0xb/0x20 [ 160.400774][T12058] should_fail_usercopy+0x1a/0x20 [ 160.400875][T12058] _copy_from_user+0x1c/0xb0 [ 160.400913][T12058] __sys_bpf+0x183/0x7b0 [ 160.400972][T12058] __x64_sys_bpf+0x41/0x50 [ 160.401002][T12058] x64_sys_call+0x28e1/0x3000 [ 160.401034][T12058] do_syscall_64+0xc0/0x2a0 [ 160.401074][T12058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.401143][T12058] RIP: 0033:0x7f51ff5baeb9 [ 160.401161][T12058] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 160.401179][T12058] RSP: 002b:00007f51fe017028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 160.401240][T12058] RAX: ffffffffffffffda RBX: 00007f51ff835fa0 RCX: 00007f51ff5baeb9 [ 160.401296][T12058] RDX: 0000000000000094 RSI: 0000200000000680 RDI: 0000000000000005 [ 160.401309][T12058] RBP: 00007f51fe017090 R08: 0000000000000000 R09: 0000000000000000 [ 160.401324][T12058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 160.401339][T12058] R13: 00007f51ff836038 R14: 00007f51ff835fa0 R15: 00007ffd561ab438 [ 160.401365][T12058] [ 160.579385][ T12] hsr_slave_0: left promiscuous mode [ 160.585890][ T12] hsr_slave_1: left promiscuous mode [ 160.592351][T12056] netlink: 'syz.5.2951': attribute type 10 has an invalid length. [ 160.602985][ T29] kauditd_printk_skb: 58 callbacks suppressed [ 160.603003][ T29] audit: type=1400 audit(2000005215.174:3136): avc: denied { write } for pid=12055 comm="syz.5.2951" path="socket:[37528]" dev="sockfs" ino=37528 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 160.620354][ T12] batman_adv: batadv0: Removing interface: ipvlan2 [ 160.658030][ T12] batman_adv: batadv0: Removing interface: ipvlan3 [ 160.658712][T12062] blktrace: Concurrent blktraces are not allowed on sg0 [ 160.675378][ T12] veth1_macvtap: left promiscuous mode [ 160.687567][ T12] veth0_macvtap: left promiscuous mode [ 160.693187][ T12] veth1_vlan: left promiscuous mode [ 160.717774][ T12] veth0_vlan: left promiscuous mode [ 161.057072][T11973] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.064328][T11973] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.082914][T11973] bridge_slave_0: entered allmulticast mode [ 161.100393][T11973] bridge_slave_0: entered promiscuous mode [ 161.135098][T11973] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.142301][T11973] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.164571][T11973] bridge_slave_1: entered allmulticast mode [ 161.172753][T11973] bridge_slave_1: entered promiscuous mode [ 161.180121][T12134] rtc_cmos 00:00: Alarms can be up to one day in the future [ 161.209186][ T12] IPVS: stop unused estimator thread 0... [ 161.224402][T11973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 161.251089][T11973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 161.297359][T11973] team0: Port device team_slave_0 added [ 161.304965][T11973] team0: Port device team_slave_1 added [ 161.322419][T11973] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 161.329478][T11973] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 161.356321][T11973] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 161.367803][ T7980] rtc_cmos 00:00: Alarms can be up to one day in the future [ 161.374103][T11973] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 161.375610][ T7980] rtc_cmos 00:00: Alarms can be up to one day in the future [ 161.382257][T11973] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 161.382294][T11973] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 161.421189][T11973] hsr_slave_0: entered promiscuous mode [ 161.427858][ T7980] rtc_cmos 00:00: Alarms can be up to one day in the future [ 161.428341][ T7980] rtc_cmos 00:00: Alarms can be up to one day in the future [ 161.436542][T11973] hsr_slave_1: entered promiscuous mode [ 161.442693][ T7980] rtc rtc0: __rtc_set_alarm: err=-22 [ 161.468558][T11973] debugfs: 'hsr0' already exists in 'hsr' [ 161.474346][T11973] Cannot create hsr debugfs directory [ 161.567658][T12163] syzkaller1: entered promiscuous mode [ 161.573210][T12163] syzkaller1: entered allmulticast mode [ 161.708918][T12185] bond5: option packets_per_slave: invalid value (1635017058) [ 161.716451][T12185] bond5: option packets_per_slave: allowed values 0 - 65535 [ 161.724569][T12185] bond5 (unregistering): Released all slaves [ 161.841716][ T29] audit: type=1400 audit(2000005216.425:3137): avc: denied { create } for pid=12199 comm="syz.4.2984" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=bluetooth_socket permissive=1 [ 161.882336][ T29] audit: type=1400 audit(2000005216.425:3138): avc: denied { read } for pid=12199 comm="syz.4.2984" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=netlink_route_socket permissive=1 [ 161.903226][ T29] audit: type=1400 audit(2000005216.425:3139): avc: denied { getattr } for pid=12199 comm="syz.4.2984" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=netlink_route_socket permissive=1 [ 161.924379][ T29] audit: type=1400 audit(2000005216.425:3140): avc: denied { create } for pid=12199 comm="syz.4.2984" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=netlink_generic_socket permissive=1 [ 161.945605][ T29] audit: type=1400 audit(2000005216.445:3141): avc: denied { create } for pid=12199 comm="syz.4.2984" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=rds_socket permissive=1 [ 161.965764][ T29] audit: type=1400 audit(2000005216.445:3142): avc: denied { bind } for pid=12199 comm="syz.4.2984" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=rds_socket permissive=1 [ 161.985729][ T29] audit: type=1400 audit(2000005216.445:3143): avc: denied { getopt } for pid=12199 comm="syz.4.2984" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=rds_socket permissive=1 [ 162.080598][ T29] audit: type=1400 audit(2000005216.665:3144): avc: denied { accept } for pid=12208 comm="syz.2.2986" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 162.102719][T12204] __nla_validate_parse: 3 callbacks suppressed [ 162.102738][T12204] netlink: 399 bytes leftover after parsing attributes in process `syz.1.2980'. [ 162.118037][T12204] openvswitch: netlink: ufid size 36 bytes exceeds the range (1, 16) [ 162.158194][T12215] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 162.215546][T11973] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 162.224014][T12219] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2988'. [ 162.266726][T11973] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 162.286088][T11973] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 162.319067][T11973] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 162.401780][T12238] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2992'. [ 162.452592][T11973] 8021q: adding VLAN 0 to HW filter on device bond0 [ 162.480043][T11973] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.497224][ T2199] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.504417][ T2199] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.547892][ T2199] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.555131][ T2199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.592064][T12248] xt_hashlimit: size too large, truncated to 1048576 [ 162.675143][T11973] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 162.685580][T11973] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 162.805265][T11973] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 162.991836][T11973] veth0_vlan: entered promiscuous mode [ 163.020055][T11973] veth1_vlan: entered promiscuous mode [ 163.033974][T12287] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2999'. [ 163.057796][T12278] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2999'. [ 163.090335][T11973] veth0_macvtap: entered promiscuous mode [ 163.126299][T11973] veth1_macvtap: entered promiscuous mode [ 163.155066][T11973] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.175522][T11973] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.204038][ T8406] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.221610][ T8406] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.239718][ T8406] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.249425][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.269717][T12336] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3009'. [ 163.330628][ T29] audit: type=1400 audit(2000005217.915:3145): avc: denied { bind } for pid=12338 comm="syz.3.2932" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 163.402655][T12343] 9p: Bad value for 'wfdno' [ 163.570754][T12352] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3015'. [ 163.605247][T12360] FAULT_INJECTION: forcing a failure. [ 163.605247][T12360] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 163.618530][T12360] CPU: 1 UID: 0 PID: 12360 Comm: syz.1.3018 Not tainted syzkaller #0 PREEMPT(voluntary) [ 163.618570][T12360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 163.618588][T12360] Call Trace: [ 163.618597][T12360] [ 163.618607][T12360] __dump_stack+0x1d/0x30 [ 163.618758][T12360] dump_stack_lvl+0x95/0xd0 [ 163.618805][T12360] dump_stack+0x15/0x1b [ 163.618831][T12360] should_fail_ex+0x263/0x280 [ 163.618869][T12360] should_fail+0xb/0x20 [ 163.618902][T12360] should_fail_usercopy+0x1a/0x20 [ 163.619062][T12360] _copy_to_user+0x20/0xa0 [ 163.619083][T12360] simple_read_from_buffer+0xb5/0x130 [ 163.619232][T12360] proc_fail_nth_read+0x10e/0x150 [ 163.619270][T12360] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 163.619300][T12360] vfs_read+0x1ab/0x7f0 [ 163.619318][T12360] ? __rcu_read_unlock+0x4e/0x70 [ 163.619396][T12360] ? __fget_files+0x184/0x1c0 [ 163.619419][T12360] ? mutex_lock+0x57/0x90 [ 163.619473][T12360] ksys_read+0xdc/0x1a0 [ 163.619499][T12360] __x64_sys_read+0x40/0x50 [ 163.619524][T12360] x64_sys_call+0x2889/0x3000 [ 163.619566][T12360] do_syscall_64+0xc0/0x2a0 [ 163.619626][T12360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.619655][T12360] RIP: 0033:0x7f51ff57b78e [ 163.619675][T12360] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 163.619700][T12360] RSP: 002b:00007f51fe016fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 163.619727][T12360] RAX: ffffffffffffffda RBX: 00007f51fe0176c0 RCX: 00007f51ff57b78e [ 163.619808][T12360] RDX: 000000000000000f RSI: 00007f51fe0170a0 RDI: 0000000000000004 [ 163.619820][T12360] RBP: 00007f51fe017090 R08: 0000000000000000 R09: 0000000000000000 [ 163.619833][T12360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 163.619846][T12360] R13: 00007f51ff836038 R14: 00007f51ff835fa0 R15: 00007ffd561ab438 [ 163.619903][T12360] [ 164.015518][T12390] gretap0: refused to change device tx_queue_len [ 164.022733][T12355] chnl_net:caif_netlink_parms(): no params data found [ 164.079430][T12395] syzkaller1: entered promiscuous mode [ 164.085048][T12395] syzkaller1: entered allmulticast mode [ 164.092122][T12355] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.099379][T12355] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.107150][T12355] bridge_slave_0: entered allmulticast mode [ 164.113679][T12355] bridge_slave_0: entered promiscuous mode [ 164.120826][T12355] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.127994][T12355] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.135472][T12355] bridge_slave_1: entered allmulticast mode [ 164.143472][T12355] bridge_slave_1: entered promiscuous mode [ 164.176353][T12355] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 164.187061][T12355] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 164.220185][T12355] team0: Port device team_slave_0 added [ 164.229263][T12397] 9p: Bad value for 'rfdno' [ 164.235815][T12397] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 164.245492][T12355] team0: Port device team_slave_1 added [ 164.248822][T12397] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 164.280197][T12355] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 164.287827][T12355] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 164.314010][T12355] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 164.332665][T12355] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 164.339737][T12355] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 164.367072][T12355] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 164.422551][T12355] hsr_slave_0: entered promiscuous mode [ 164.437331][T12355] hsr_slave_1: entered promiscuous mode [ 164.443388][T12355] debugfs: 'hsr0' already exists in 'hsr' [ 164.449187][T12355] Cannot create hsr debugfs directory [ 164.459849][T12405] batman_adv: batadv0: Adding interface: ipvlan5 [ 164.466211][T12405] batman_adv: batadv0: The MTU of interface ipvlan5 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 164.492285][T12405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 164.502820][T12405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.512680][T12405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: ipvlan2 [ 164.523267][T12405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.533125][T12405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: ipvlan3 [ 164.543139][T12405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.553746][T12405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: ipvlan4 [ 164.563614][T12405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.573572][T12405] batman_adv: batadv0: Not using interface ipvlan5 (retrying later): interface not active [ 164.670373][T12355] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.690206][T12408] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 164.718211][T12355] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.790404][T12355] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.849002][T12355] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.991858][T12355] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 165.029355][T12355] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 165.052934][T12355] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 165.081192][T12429] block device autoloading is deprecated and will be removed. [ 165.100351][T12355] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 165.181939][T12445] macvlan0: entered allmulticast mode [ 165.187469][T12445] veth1_vlan: entered allmulticast mode [ 165.259709][T12449] FAULT_INJECTION: forcing a failure. [ 165.259709][T12449] name failslab, interval 1, probability 0, space 0, times 0 [ 165.272480][T12449] CPU: 1 UID: 0 PID: 12449 Comm: syz.1.3047 Not tainted syzkaller #0 PREEMPT(voluntary) [ 165.272516][T12449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 165.272533][T12449] Call Trace: [ 165.272564][T12449] [ 165.272574][T12449] __dump_stack+0x1d/0x30 [ 165.272607][T12449] dump_stack_lvl+0x95/0xd0 [ 165.272636][T12449] dump_stack+0x15/0x1b [ 165.272663][T12449] should_fail_ex+0x263/0x280 [ 165.272706][T12449] should_failslab+0x8c/0xb0 [ 165.272751][T12449] __kmalloc_node_noprof+0xbd/0x590 [ 165.272854][T12449] ? __vmalloc_node_range_noprof+0x428/0x12b0 [ 165.272939][T12449] __vmalloc_node_range_noprof+0x428/0x12b0 [ 165.273041][T12449] ? __rcu_read_unlock+0x4e/0x70 [ 165.273092][T12449] ? bpf_prog_alloc_no_stats+0x47/0x380 [ 165.273129][T12449] __vmalloc_noprof+0xa4/0xf0 [ 165.273187][T12449] ? bpf_prog_alloc_no_stats+0x47/0x380 [ 165.273219][T12449] bpf_prog_alloc_no_stats+0x47/0x380 [ 165.273249][T12449] ? bpf_prog_alloc+0x2a/0x150 [ 165.273279][T12449] bpf_prog_alloc+0x3c/0x150 [ 165.273370][T12449] bpf_prog_load+0x506/0x1140 [ 165.273471][T12449] ? security_bpf+0x2b/0x90 [ 165.273575][T12449] __sys_bpf+0x469/0x7b0 [ 165.273682][T12449] __x64_sys_bpf+0x41/0x50 [ 165.273711][T12449] x64_sys_call+0x28e1/0x3000 [ 165.273744][T12449] do_syscall_64+0xc0/0x2a0 [ 165.273793][T12449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.273821][T12449] RIP: 0033:0x7f51ff5baeb9 [ 165.273841][T12449] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 165.273864][T12449] RSP: 002b:00007f51fe017028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 165.273968][T12449] RAX: ffffffffffffffda RBX: 00007f51ff835fa0 RCX: 00007f51ff5baeb9 [ 165.273986][T12449] RDX: 0000000000000094 RSI: 0000200000000680 RDI: 0000000000000005 [ 165.274000][T12449] RBP: 00007f51fe017090 R08: 0000000000000000 R09: 0000000000000000 [ 165.274013][T12449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 165.274035][T12449] R13: 00007f51ff836038 R14: 00007f51ff835fa0 R15: 00007ffd561ab438 [ 165.274059][T12449] [ 165.274069][T12449] syz.1.3047: vmalloc error: size 4096, failed to allocated page array size 8, mode:0x500dc2(GFP_HIGHUSER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null) [ 165.348841][T12355] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.350926][T12449] ,cpuset=/,mems_allowed=0 [ 165.510762][T12449] CPU: 1 UID: 0 PID: 12449 Comm: syz.1.3047 Not tainted syzkaller #0 PREEMPT(voluntary) [ 165.510791][T12449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 165.510860][T12449] Call Trace: [ 165.510868][T12449] [ 165.510879][T12449] __dump_stack+0x1d/0x30 [ 165.510921][T12449] dump_stack_lvl+0x95/0xd0 [ 165.510950][T12449] dump_stack+0x15/0x1b [ 165.510972][T12449] warn_alloc+0x145/0x1c0 [ 165.511019][T12449] __vmalloc_node_range_noprof+0x7d9/0x12b0 [ 165.511116][T12449] ? __rcu_read_unlock+0x4e/0x70 [ 165.511165][T12449] ? bpf_prog_alloc_no_stats+0x47/0x380 [ 165.511208][T12449] __vmalloc_noprof+0xa4/0xf0 [ 165.511235][T12449] ? bpf_prog_alloc_no_stats+0x47/0x380 [ 165.511317][T12449] bpf_prog_alloc_no_stats+0x47/0x380 [ 165.511426][T12449] ? bpf_prog_alloc+0x2a/0x150 [ 165.511520][T12449] bpf_prog_alloc+0x3c/0x150 [ 165.511554][T12449] bpf_prog_load+0x506/0x1140 [ 165.511600][T12449] ? security_bpf+0x2b/0x90 [ 165.511740][T12449] __sys_bpf+0x469/0x7b0 [ 165.511776][T12449] __x64_sys_bpf+0x41/0x50 [ 165.511808][T12449] x64_sys_call+0x28e1/0x3000 [ 165.511838][T12449] do_syscall_64+0xc0/0x2a0 [ 165.511894][T12449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.511918][T12449] RIP: 0033:0x7f51ff5baeb9 [ 165.511938][T12449] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 165.511984][T12449] RSP: 002b:00007f51fe017028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 165.512025][T12449] RAX: ffffffffffffffda RBX: 00007f51ff835fa0 RCX: 00007f51ff5baeb9 [ 165.512045][T12449] RDX: 0000000000000094 RSI: 0000200000000680 RDI: 0000000000000005 [ 165.512060][T12449] RBP: 00007f51fe017090 R08: 0000000000000000 R09: 0000000000000000 [ 165.512074][T12449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 165.512087][T12449] R13: 00007f51ff836038 R14: 00007f51ff835fa0 R15: 00007ffd561ab438 [ 165.512151][T12449] [ 165.512219][T12449] Mem-Info: [ 165.710301][T12449] active_anon:20099 inactive_anon:50 isolated_anon:0 [ 165.710301][T12449] active_file:25241 inactive_file:3064 isolated_file:0 [ 165.710301][T12449] unevictable:1595 dirty:211 writeback:0 [ 165.710301][T12449] slab_reclaimable:3444 slab_unreclaimable:19033 [ 165.710301][T12449] mapped:40916 shmem:15972 pagetables:1200 [ 165.710301][T12449] sec_pagetables:0 bounce:0 [ 165.710301][T12449] kernel_misc_reclaimable:0 [ 165.710301][T12449] free:1846050 free_pcp:18455 free_cma:0 [ 165.756077][T12449] Node 0 active_anon:81092kB inactive_anon:200kB active_file:101196kB inactive_file:12256kB unevictable:7076kB isolated(anon):0kB isolated(file):0kB mapped:164824kB dirty:844kB writeback:0kB shmem:65048kB kernel_stack:4320kB pagetables:4800kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 165.783957][T12449] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 165.813679][T12449] lowmem_reserve[]: 0 2879 7858 7858 [ 165.819128][T12449] Node 0 DMA32 free:2944748kB boost:0kB min:4128kB low:7056kB high:9984kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2948380kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:3528kB free_cma:0kB [ 165.850705][T12449] lowmem_reserve[]: 0 0 4978 4978 [ 165.855838][T12449] Node 0 Normal free:4416088kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:81208kB inactive_anon:200kB active_file:101196kB inactive_file:12256kB unevictable:8236kB writepending:844kB zspages:0kB present:5242880kB managed:5098240kB mlocked:8252kB bounce:0kB free_pcp:75344kB local_pcp:2232kB free_cma:0kB [ 165.889708][T12449] lowmem_reserve[]: 0 0 0 0 [ 165.894323][T12449] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 165.907139][T12449] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 3*16kB (M) 1*32kB (M) 2*64kB (M) 4*128kB (M) 4*256kB (M) 2*512kB (M) 3*1024kB (M) 3*2048kB (M) 716*4096kB (M) = 2944748kB [ 165.923689][T12449] Node 0 Normal: 1245*4kB (UM) 859*8kB (UE) 1091*16kB (UM) 1137*32kB (UM) 682*64kB (UM) 142*128kB (UM) 306*256kB (UME) 281*512kB (UM) 213*1024kB (UME) 151*2048kB (UM) 864*4096kB (UM) = 4416028kB [ 165.943145][T12449] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 165.952469][T12449] 45288 total pagecache pages [ 165.957272][T12449] 0 pages in swap cache [ 165.961448][T12449] Free swap = 124992kB [ 165.965614][T12449] Total swap = 124996kB [ 165.969824][T12449] 2097051 pages RAM [ 165.973723][T12449] 0 pages HighMem/MovableOnly [ 165.978540][T12449] 81556 pages reserved [ 165.989398][T12355] 8021q: adding VLAN 0 to HW filter on device team0 [ 166.038565][ T8406] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.045680][ T8406] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.099946][ T2199] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.107141][ T2199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.210038][T12460] bond4: Unable to set up delay as MII monitoring is disabled [ 166.248115][T12460] bond4 (unregistering): Released all slaves [ 166.493952][T12355] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 166.745200][T12495] syzkaller0: entered promiscuous mode [ 166.750873][T12495] syzkaller0: entered allmulticast mode [ 166.816133][T12355] veth0_vlan: entered promiscuous mode [ 166.836036][T12355] veth1_vlan: entered promiscuous mode [ 167.223316][T12355] veth0_macvtap: entered promiscuous mode [ 167.669296][T12355] veth1_macvtap: entered promiscuous mode [ 167.713332][T12525] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1280 sclass=netlink_route_socket pid=12525 comm=syz.3.3067 [ 167.729032][T12355] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 167.753565][T12355] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 167.766492][T12525] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3067'. [ 167.780044][T12525] netlink: 'syz.3.3067': attribute type 8 has an invalid length. [ 167.798629][ T37] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.809709][T12529] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3069'. [ 167.831680][T12525] tmpfs: Invalid uid '0x00000000ffffffff' [ 167.838193][ T37] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.901237][T12534] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3069'. [ 167.922011][T12529] hsr_slave_1 (unregistering): left promiscuous mode [ 167.942791][ T37] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.967325][ T37] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.982431][T12541] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3070'. [ 167.996037][ T37] Bluetooth: hci0: Frame reassembly failed (-84) [ 168.019905][T12544] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3071'. [ 168.029102][T12544] FAULT_INJECTION: forcing a failure. [ 168.029102][T12544] name failslab, interval 1, probability 0, space 0, times 0 [ 168.041803][T12544] CPU: 1 UID: 0 PID: 12544 Comm: syz.4.3071 Not tainted syzkaller #0 PREEMPT(voluntary) [ 168.041847][T12544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 168.041862][T12544] Call Trace: [ 168.041933][T12544] [ 168.041941][T12544] __dump_stack+0x1d/0x30 [ 168.042012][T12544] dump_stack_lvl+0x95/0xd0 [ 168.042040][T12544] dump_stack+0x15/0x1b [ 168.042110][T12544] should_fail_ex+0x263/0x280 [ 168.042220][T12544] should_failslab+0x8c/0xb0 [ 168.042250][T12544] kmem_cache_alloc_node_noprof+0x6a/0x4a0 [ 168.042283][T12544] ? __alloc_skb+0x2f0/0x4b0 [ 168.042321][T12544] ? should_failslab+0x8c/0xb0 [ 168.042423][T12544] __alloc_skb+0x2f0/0x4b0 [ 168.042457][T12544] ? __alloc_skb+0x219/0x4b0 [ 168.042581][T12544] xfrm_alloc_compat+0x131/0xdf0 [ 168.042614][T12544] ? skb_put+0xa9/0xf0 [ 168.042652][T12544] ? __pfx_xfrm_alloc_compat+0x10/0x10 [ 168.042684][T12544] xfrm_send_policy_notify+0xf80/0x1040 [ 168.042858][T12544] ? __pfx_xfrm_send_policy_notify+0x10/0x10 [ 168.042885][T12544] km_policy_notify+0x62/0xb0 [ 168.042919][T12544] xfrm_get_policy+0x540/0x690 [ 168.042958][T12544] ? __nla_parse+0x40/0x60 [ 168.043073][T12544] xfrm_user_rcv_msg+0x576/0x670 [ 168.043133][T12544] ? __kfree_skb+0x109/0x150 [ 168.043212][T12544] ? nlmon_xmit+0x4f/0x60 [ 168.043318][T12544] ? consume_skb+0x49/0x140 [ 168.043439][T12544] netlink_rcv_skb+0x123/0x220 [ 168.043483][T12544] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 168.043592][T12544] xfrm_netlink_rcv+0x48/0x60 [ 168.043618][T12544] netlink_unicast+0x5c0/0x690 [ 168.043667][T12544] netlink_sendmsg+0x5c8/0x6f0 [ 168.043697][T12544] ? __pfx_netlink_sendmsg+0x10/0x10 [ 168.043802][T12544] ____sys_sendmsg+0x5af/0x600 [ 168.043833][T12544] ___sys_sendmsg+0x195/0x1e0 [ 168.043929][T12544] __x64_sys_sendmsg+0xd4/0x160 [ 168.043953][T12544] x64_sys_call+0x17ba/0x3000 [ 168.043984][T12544] do_syscall_64+0xc0/0x2a0 [ 168.044026][T12544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.044076][T12544] RIP: 0033:0x7f29b32faeb9 [ 168.044096][T12544] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 168.044120][T12544] RSP: 002b:00007f29b1d57028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 168.044146][T12544] RAX: ffffffffffffffda RBX: 00007f29b3575fa0 RCX: 00007f29b32faeb9 [ 168.044165][T12544] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000003 [ 168.044183][T12544] RBP: 00007f29b1d57090 R08: 0000000000000000 R09: 0000000000000000 [ 168.044270][T12544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.044282][T12544] R13: 00007f29b3576038 R14: 00007f29b3575fa0 R15: 00007ffe5fa0e4e8 [ 168.044382][T12544] [ 168.343050][T12546] batman_adv: batadv0: Adding interface: ipvlan2 [ 168.349492][T12546] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 168.375625][T12546] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 168.386504][T12546] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.397392][T12546] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active [ 168.470091][T12554] loop4: detected capacity change from 0 to 512 [ 168.493903][T12554] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.510626][T12559] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3077'. [ 168.519824][T12554] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.535039][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 168.535051][ T29] audit: type=1400 audit(2000005223.116:3150): avc: denied { add_name } for pid=12553 comm="syz.4.3076" name="file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 168.583873][ T29] audit: type=1400 audit(2000005223.116:3151): avc: denied { create } for pid=12553 comm="syz.4.3076" name="file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 168.633918][T12559] 8021q: adding VLAN 0 to HW filter on device bond4 [ 168.653027][T12562] netlink: 'syz.1.3077': attribute type 10 has an invalid length. [ 168.653298][T12355] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.675157][T12562] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.682478][T12562] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.732493][T12562] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.739608][T12562] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.746970][T12562] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.754060][T12562] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.763375][T12562] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 168.869507][T12577] SELinux: Context system_u:object_r:cgroup_t:s0 is not valid (left unmapped). [ 168.963172][T12583] batman_adv: batadv0: Adding interface: ipvlan1 [ 168.970417][T12583] batman_adv: batadv0: The MTU of interface ipvlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 168.977631][T12582] xt_hashlimit: size too large, truncated to 1048576 [ 168.996171][T12583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.014038][T12583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.024434][T12583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: ipvlan0 [ 169.034391][T12583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.044281][T12583] batman_adv: batadv0: Not using interface ipvlan1 (retrying later): interface not active [ 169.055521][T12585] FAULT_INJECTION: forcing a failure. [ 169.055521][T12585] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 169.069345][T12585] CPU: 0 UID: 0 PID: 12585 Comm: syz.1.3084 Not tainted syzkaller #0 PREEMPT(voluntary) [ 169.069374][T12585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 169.069397][T12585] Call Trace: [ 169.069404][T12585] [ 169.069413][T12585] __dump_stack+0x1d/0x30 [ 169.069439][T12585] dump_stack_lvl+0x95/0xd0 [ 169.069484][T12585] dump_stack+0x15/0x1b [ 169.069511][T12585] should_fail_ex+0x263/0x280 [ 169.069550][T12585] should_fail+0xb/0x20 [ 169.069579][T12585] should_fail_usercopy+0x1a/0x20 [ 169.069647][T12585] _copy_from_user+0x1c/0xb0 [ 169.069735][T12585] do_ipv6_setsockopt+0x124/0x21d0 [ 169.069848][T12585] ? _parse_integer+0x27/0x40 [ 169.069900][T12585] ? kstrtoull+0x111/0x140 [ 169.069928][T12585] ? __rcu_read_unlock+0x4e/0x70 [ 169.070011][T12585] ? avc_has_perm_noaudit+0xab/0x130 [ 169.070051][T12585] ? selinux_netlbl_socket_setsockopt+0x20d/0x2f0 [ 169.070080][T12585] ipv6_setsockopt+0x59/0x130 [ 169.070110][T12585] rawv6_setsockopt+0x1d2/0x410 [ 169.070206][T12585] sock_common_setsockopt+0x69/0x80 [ 169.070240][T12585] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 169.070268][T12585] __sys_setsockopt+0x184/0x200 [ 169.070308][T12585] __x64_sys_setsockopt+0x64/0x80 [ 169.070402][T12585] x64_sys_call+0x21d5/0x3000 [ 169.070430][T12585] do_syscall_64+0xc0/0x2a0 [ 169.070464][T12585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.070566][T12585] RIP: 0033:0x7f51ff5baeb9 [ 169.070584][T12585] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 169.070635][T12585] RSP: 002b:00007f51fe017028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 169.070656][T12585] RAX: ffffffffffffffda RBX: 00007f51ff835fa0 RCX: 00007f51ff5baeb9 [ 169.070671][T12585] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000005 [ 169.070684][T12585] RBP: 00007f51fe017090 R08: 0000000000000528 R09: 0000000000000000 [ 169.070760][T12585] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001 [ 169.070778][T12585] R13: 00007f51ff836038 R14: 00007f51ff835fa0 R15: 00007ffd561ab438 [ 169.070802][T12585] [ 169.479640][T12598] batman_adv: batadv0: Adding interface: ipvlan3 [ 169.486202][T12598] batman_adv: batadv0: The MTU of interface ipvlan3 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.511801][T12598] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.522284][T12598] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.532151][T12598] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: ipvlan2 [ 169.542172][T12598] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.552041][T12598] batman_adv: batadv0: Not using interface ipvlan3 (retrying later): interface not active [ 169.596282][T12603] syzkaller0: entered promiscuous mode [ 169.601858][T12603] syzkaller0: entered allmulticast mode [ 169.977846][T12605] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=8212 sclass=netlink_xfrm_socket pid=12605 comm=syz.2.3093 [ 170.011665][T12607] netlink: 'syz.2.3094': attribute type 10 has an invalid length. [ 170.019681][T12607] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3094'. [ 170.028973][T12607] bond0: option arp_all_targets: invalid value (196616) [ 170.045181][T12607] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3094'. [ 170.056025][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 170.062178][ T6854] Bluetooth: hci0: command 0x1003 tx timeout [ 170.090297][T12615] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3095'. [ 170.102045][T12615] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12615 comm=syz.3.3095 [ 170.111813][T12617] 8021q: VLANs not supported on ip6_vti0 [ 170.118242][T12615] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2581 sclass=netlink_route_socket pid=12615 comm=syz.3.3095 [ 170.248789][T12623] batman_adv: batadv0: Adding interface: ipvlan2 [ 170.255231][T12623] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 170.280583][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 170.291043][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.300901][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: ipvlan0 [ 170.310881][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.320794][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: ipvlan1 [ 170.330678][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.340648][T12623] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active [ 170.541424][ T29] audit: type=1326 audit(2000005225.126:3152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12633 comm="syz.2.3103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0866aaeb9 code=0x7ffc0000 [ 170.565023][ T29] audit: type=1326 audit(2000005225.126:3153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12633 comm="syz.2.3103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0866aaeb9 code=0x7ffc0000 [ 170.588541][ T29] audit: type=1326 audit(2000005225.126:3154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12633 comm="syz.2.3103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0866aaeb9 code=0x7ffc0000 [ 170.612641][ T29] audit: type=1326 audit(2000005225.196:3155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12633 comm="syz.2.3103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0866aaeb9 code=0x7ffc0000 [ 170.636714][ T29] audit: type=1326 audit(2000005225.196:3156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12633 comm="syz.2.3103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa0866aaeb9 code=0x7ffc0000 [ 170.660321][ T29] audit: type=1326 audit(2000005225.196:3157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12633 comm="syz.2.3103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0866aaeb9 code=0x7ffc0000 [ 170.683861][ T29] audit: type=1326 audit(2000005225.206:3158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12633 comm="syz.2.3103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fa0866aaeb9 code=0x7ffc0000 [ 170.707404][ T29] audit: type=1326 audit(2000005225.206:3159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12633 comm="syz.2.3103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0866aaeb9 code=0x7ffc0000 [ 170.872584][T12644] gretap0: refused to change device tx_queue_len [ 170.904488][T12645] xt_CONNSECMARK: invalid mode: 0 [ 170.934100][T12647] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.955741][T12649] bond2: option packets_per_slave: invalid value (1635017058) [ 170.963259][T12649] bond2: option packets_per_slave: allowed values 0 - 65535 [ 170.972297][T12649] bond2 (unregistering): Released all slaves [ 170.998779][T12647] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.061060][T12657] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3110'. [ 171.072488][T12647] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.149190][T12647] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.268238][ T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.284461][ T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.304803][ T12] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.338273][ T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.416078][T12685] vxcan1: entered promiscuous mode [ 171.558853][T12685] team_slave_0: entered promiscuous mode [ 171.564563][T12685] team_slave_1: entered promiscuous mode [ 171.584058][T12685] macvtap1: entered promiscuous mode [ 171.589450][T12685] team0: entered promiscuous mode [ 171.596072][T12685] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 171.604407][T12685] team0: Device macvtap1 is already an upper device of the team interface [ 171.621558][T12685] team0: left promiscuous mode [ 171.626785][T12685] team_slave_0: left promiscuous mode [ 171.632183][T12685] team_slave_1: left promiscuous mode [ 171.667138][T12701] xt_hashlimit: size too large, truncated to 1048576 [ 171.685820][ T58] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.780388][ T58] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.841326][ T58] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.906901][ T58] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.921961][T12691] chnl_net:caif_netlink_parms(): no params data found [ 171.977379][T12691] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.984613][T12691] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.991875][T12691] bridge_slave_0: entered allmulticast mode [ 171.998932][T12691] bridge_slave_0: entered promiscuous mode [ 172.014747][T12691] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.021885][T12691] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.031652][T12691] bridge_slave_1: entered allmulticast mode [ 172.039082][T12691] bridge_slave_1: entered promiscuous mode [ 172.116688][T12691] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 172.130086][ T58] bridge_slave_1: left allmulticast mode [ 172.136024][ T58] bridge_slave_1: left promiscuous mode [ 172.141779][ T58] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.155059][ T58] bridge_slave_0: left allmulticast mode [ 172.161584][ T58] bridge_slave_0: left promiscuous mode [ 172.167345][ T58] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.216300][ T7959] SELinux: failure in sel_netif_sid_slow(), invalid network interface (13) [ 172.247381][ T58] bond1 (unregistering): (slave geneve2): Releasing active interface [ 172.263378][ T58] geneve2 (unregistering): left promiscuous mode [ 172.284882][ T58] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 172.338822][ T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 172.349406][ T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 172.360065][ T58] bond0 (unregistering): Released all slaves [ 172.369903][ T58] bond1 (unregistering): Released all slaves [ 172.379479][ T58] bond2 (unregistering): Released all slaves [ 172.389358][ T58] bond3 (unregistering): Released all slaves [ 172.398484][ T58] bond4 (unregistering): Released all slaves [ 172.411501][T12691] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 172.451581][ T58] tipc: Disabling bearer [ 172.457625][ T58] tipc: Left network mode [ 172.464792][T12691] team0: Port device team_slave_0 added [ 172.473393][T12691] team0: Port device team_slave_1 added [ 172.490062][ T58] hsr_slave_0: left promiscuous mode [ 172.500924][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 172.508409][ T58] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 172.518576][ T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 172.526108][ T58] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 172.544314][ T58] batman_adv: batadv0: Removing interface: ipvlan2 [ 172.572312][ T58] batman_adv: batadv0: Removing interface: ipvlan3 [ 172.590546][ T58] batman_adv: batadv0: Removing interface: ipvlan4 [ 172.600729][ T58] batman_adv: batadv0: Removing interface: ipvlan5 [ 172.619027][ T58] veth1_vlan: left promiscuous mode [ 172.634673][ T58] veth0_vlan: left promiscuous mode [ 172.811703][ T58] team0 (unregistering): Port device team_slave_1 removed [ 172.843251][T12788] __nla_validate_parse: 2 callbacks suppressed [ 172.843272][T12788] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3145'. [ 172.881132][T12787] gretap0: refused to change device tx_queue_len [ 172.893274][T12691] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 172.900389][T12691] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 172.927116][T12691] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 172.945914][T12691] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 172.953002][T12691] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 172.979159][T12691] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 173.035141][T12797] FAULT_INJECTION: forcing a failure. [ 173.035141][T12797] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.048326][T12797] CPU: 1 UID: 0 PID: 12797 Comm: syz.5.3149 Not tainted syzkaller #0 PREEMPT(voluntary) [ 173.048354][T12797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 173.048370][T12797] Call Trace: [ 173.048397][T12797] [ 173.048406][T12797] __dump_stack+0x1d/0x30 [ 173.048436][T12797] dump_stack_lvl+0x95/0xd0 [ 173.048458][T12797] dump_stack+0x15/0x1b [ 173.048478][T12797] should_fail_ex+0x263/0x280 [ 173.048593][T12797] should_fail+0xb/0x20 [ 173.048664][T12797] should_fail_usercopy+0x1a/0x20 [ 173.048698][T12797] _copy_from_user+0x1c/0xb0 [ 173.048724][T12797] copy_from_bpfptr+0x5c/0x90 [ 173.048777][T12797] bpf_prog_load+0x73a/0x1140 [ 173.048817][T12797] ? security_bpf+0x2b/0x90 [ 173.048919][T12797] __sys_bpf+0x469/0x7b0 [ 173.048957][T12797] __x64_sys_bpf+0x41/0x50 [ 173.048981][T12797] x64_sys_call+0x28e1/0x3000 [ 173.049025][T12797] do_syscall_64+0xc0/0x2a0 [ 173.049065][T12797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.049094][T12797] RIP: 0033:0x7f5e80f3aeb9 [ 173.049115][T12797] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 173.049225][T12797] RSP: 002b:00007f5e7f997028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 173.049251][T12797] RAX: ffffffffffffffda RBX: 00007f5e811b5fa0 RCX: 00007f5e80f3aeb9 [ 173.049270][T12797] RDX: 0000000000000094 RSI: 0000200000000680 RDI: 0000000000000005 [ 173.049301][T12797] RBP: 00007f5e7f997090 R08: 0000000000000000 R09: 0000000000000000 [ 173.049386][T12797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.049403][T12797] R13: 00007f5e811b6038 R14: 00007f5e811b5fa0 R15: 00007ffcd6f130a8 [ 173.049430][T12797] [ 173.052984][T12691] hsr_slave_0: entered promiscuous mode [ 173.361605][T12691] hsr_slave_1: entered promiscuous mode [ 173.406149][T12691] debugfs: 'hsr0' already exists in 'hsr' [ 173.411969][T12691] Cannot create hsr debugfs directory [ 173.422218][T12805] batman_adv: batadv0: Adding interface: ipvlan2 [ 173.428822][T12805] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 173.455049][T12805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.465717][T12805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.476235][T12805] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active [ 173.566638][T12822] loop4: detected capacity change from 0 to 1024 [ 173.598382][T12822] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 173.612308][T12822] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.812088][T12831] syz.5.3155 (12831) used obsolete PPPIOCDETACH ioctl [ 173.858544][ T58] IPVS: stop unused estimator thread 0... [ 173.867207][T12831] SELinux: Context Y7j [ 173.867207][T12831] u/$2Sٟ2'ks2- vjd #,N< [ 173.867207][T12831] :E]Y\?ͼ=ً1KIk{kL^0}4nr}pįNwyxiu?+H~F1Wjm &8UۂVN2)GxV%5xeRM4r4cJsHU&'p2EMMk&cbU,,f@8bD%$f=8@kI|w Ox&KCH;x-Ko4i!Oi%ڂ2 F"2E,P] k? is not valid (left unmapped). [ 173.917309][T12831] SELinux: Context *mkXI$hx4۫KM is not valid (left unmapped). [ 173.934492][T12831] SELinux: Context KM*,hcIǾû̋y+.+y0[pr;JA9Iq jǼ=7)oM{nF=XmnxrD㑉垳4TW}t%ȖY^slFB53hm5};JXom%~"~9mM~alʺLI8i [ 177.316381][T13035] __dump_stack+0x1d/0x30 [ 177.316416][T13035] dump_stack_lvl+0x95/0xd0 [ 177.316506][T13035] dump_stack+0x15/0x1b [ 177.316536][T13035] dump_header+0x80/0x240 [ 177.316577][T13035] oom_kill_process+0x295/0x350 [ 177.316634][T13035] out_of_memory+0x97d/0xb80 [ 177.316671][T13035] try_charge_memcg+0x62e/0xa10 [ 177.316710][T13035] mem_cgroup_swapin_charge_folio+0x103/0x1f0 [ 177.316751][T13035] __read_swap_cache_async+0x17b/0x2d0 [ 177.316854][T13035] swap_cluster_readahead+0x262/0x3c0 [ 177.316899][T13035] swapin_readahead+0xde/0x840 [ 177.316935][T13035] ? mod_memcg_state+0x182/0x260 [ 177.316973][T13035] ? __vmalloc_node_range_noprof+0x121d/0x12b0 [ 177.317023][T13035] ? __rcu_read_unlock+0x4e/0x70 [ 177.317105][T13035] ? swap_cache_get_folio+0x26f/0x280 [ 177.317162][T13035] do_swap_page+0x59b/0x2a50 [ 177.317213][T13035] ? __rcu_read_lock+0x36/0x50 [ 177.317265][T13035] ? __pfx_default_wake_function+0x10/0x10 [ 177.317310][T13035] handle_mm_fault+0xb40/0x3030 [ 177.317367][T13035] ? vma_start_read+0x1c7/0x2c0 [ 177.317406][T13035] do_user_addr_fault+0x62f/0x1050 [ 177.317472][T13035] exc_page_fault+0x62/0xa0 [ 177.317497][T13035] asm_exc_page_fault+0x26/0x30 [ 177.317517][T13035] RIP: 0033:0x7f499d76aecb [ 177.317533][T13035] Code: 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 <64> 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 2e 0f 1f [ 177.317594][T13035] RSP: 002b:00007f499c1c7028 EFLAGS: 00010217 [ 177.317654][T13035] RAX: 000000000000000c RBX: 00007f499d9e5fa0 RCX: ffffffffffffffe8 [ 177.317674][T13035] RDX: 0000000000000048 RSI: 0000200000000180 RDI: 0000000000000000 [ 177.317698][T13035] RBP: 00007f499d7d8c1f R08: 0000000000000000 R09: 0000000000000000 [ 177.317751][T13035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 177.317764][T13035] R13: 00007f499d9e6038 R14: 00007f499d9e5fa0 R15: 00007ffe0827e608 [ 177.317789][T13035] [ 177.317798][T13035] memory: usage 307200kB, limit 307200kB, failcnt 4843 [ 177.544049][T13035] memory+swap: usage 307320kB, limit 9007199254740988kB, failcnt 0 [ 177.552081][T13035] kmem: usage 307112kB, limit 9007199254740988kB, failcnt 0 [ 177.560078][T13035] Memory cgroup stats for /syz3: [ 177.779842][T13035] cache 0 [ 177.787920][T13035] rss 49152 [ 177.791117][T13035] shmem 0 [ 177.794075][T13035] mapped_file 0 [ 177.798373][T13035] dirty 0 [ 177.801339][T13035] writeback 0 [ 177.804682][T13035] workingset_refault_anon 105 [ 177.809385][T13035] workingset_refault_file 2723 [ 177.814170][T13035] swap 86016 [ 177.817428][T13035] swapcached 45056 [ 177.821167][T13035] pgpgin 253221 [ 177.825402][T13035] pgpgout 253206 [ 177.829072][T13035] pgfault 169483 [ 177.832688][T13035] pgmajfault 93 [ 177.836281][T13035] inactive_anon 0 [ 177.840012][T13035] active_anon 53248 [ 177.843856][T13035] inactive_file 0 [ 177.847568][T13035] active_file 0 [ 177.851097][T13035] unevictable 0 [ 177.855259][T13035] hierarchical_memory_limit 314572800 [ 177.860700][T13035] hierarchical_memsw_limit 9223372036854771712 [ 177.866911][T13035] total_cache 0 [ 177.870394][T13035] total_rss 49152 [ 177.874053][T13035] total_shmem 0 [ 177.877566][T13035] total_mapped_file 0 [ 177.881574][T13035] total_dirty 0 [ 177.885972][T13035] total_writeback 0 [ 177.889869][T13035] total_workingset_refault_anon 105 [ 177.895200][T13035] total_workingset_refault_file 2723 [ 177.900670][T13035] total_swap 86016 [ 177.904608][T13035] total_swapcached 45056 [ 177.908917][T13035] total_pgpgin 253221 [ 177.912914][T13035] total_pgpgout 253206 [ 177.917745][T13035] total_pgfault 169483 [ 177.921839][T13035] total_pgmajfault 93 [ 177.925904][T13035] total_inactive_anon 0 [ 177.930081][T13035] total_active_anon 53248 [ 177.934456][T13035] total_inactive_file 0 [ 177.938665][T13035] total_active_file 0 [ 177.942694][T13035] total_unevictable 0 [ 177.947528][T13035] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.3189,pid=13033,uid=0 [ 177.962424][T13035] Memory cgroup out of memory: Killed process 13035 (syz.3.3189) total-vm:93928kB, anon-rss:1328kB, file-rss:22092kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 177.981058][ T52] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.994562][ T52] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.037461][T13054] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3196'. [ 178.095326][T13063] FAULT_INJECTION: forcing a failure. [ 178.095326][T13063] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 178.108522][T13063] CPU: 0 UID: 0 PID: 13063 Comm: syz.1.3124 Not tainted syzkaller #0 PREEMPT(voluntary) [ 178.108554][T13063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 178.108568][T13063] Call Trace: [ 178.108575][T13063] [ 178.108649][T13063] __dump_stack+0x1d/0x30 [ 178.108678][T13063] dump_stack_lvl+0x95/0xd0 [ 178.108710][T13063] dump_stack+0x15/0x1b [ 178.108731][T13063] should_fail_ex+0x263/0x280 [ 178.108773][T13063] should_fail+0xb/0x20 [ 178.108841][T13063] should_fail_usercopy+0x1a/0x20 [ 178.108884][T13063] _copy_from_user+0x1c/0xb0 [ 178.108911][T13063] do_ip6t_set_ctl+0x3b2/0x8f0 [ 178.109078][T13063] ? kstrtoull+0x111/0x140 [ 178.109123][T13063] ? __rcu_read_unlock+0x4e/0x70 [ 178.109166][T13063] nf_setsockopt+0x199/0x1b0 [ 178.109201][T13063] ipv6_setsockopt+0x11a/0x130 [ 178.109279][T13063] rawv6_setsockopt+0x1d2/0x410 [ 178.109310][T13063] sock_common_setsockopt+0x69/0x80 [ 178.109346][T13063] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 178.109380][T13063] __sys_setsockopt+0x184/0x200 [ 178.109491][T13063] __x64_sys_setsockopt+0x64/0x80 [ 178.109663][T13063] x64_sys_call+0x21d5/0x3000 [ 178.109689][T13063] do_syscall_64+0xc0/0x2a0 [ 178.109741][T13063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.109858][T13063] RIP: 0033:0x7fc30106aeb9 [ 178.109927][T13063] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 178.109951][T13063] RSP: 002b:00007fc2ffaa6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 178.109971][T13063] RAX: ffffffffffffffda RBX: 00007fc3012e6090 RCX: 00007fc30106aeb9 [ 178.109985][T13063] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000005 [ 178.109998][T13063] RBP: 00007fc2ffaa6090 R08: 0000000000000528 R09: 0000000000000000 [ 178.110012][T13063] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001 [ 178.110090][T13063] R13: 00007fc3012e6128 R14: 00007fc3012e6090 R15: 00007ffd96f37628 [ 178.110117][T13063] [ 178.489825][T13080] bond1: option packets_per_slave: invalid value (1635017058) [ 178.497410][T13080] bond1: option packets_per_slave: allowed values 0 - 65535 [ 178.505913][T13080] bond1 (unregistering): Released all slaves [ 178.551029][T13087] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3207'. [ 178.647171][T13102] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 178.701499][T13107] sch_tbf: burst 4 is lower than device lo mtu (65550) ! [ 178.712473][T13107] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3216'. [ 178.721600][T13107] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3216'. [ 178.800867][T13118] loop4: detected capacity change from 0 to 2048 [ 178.807781][T13118] EXT4-fs: quotafile must be on filesystem root [ 179.004236][T13141] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3228'. [ 179.034419][T13145] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3230'. [ 179.129128][T13158] xt_hashlimit: size too large, truncated to 1048576 [ 179.378455][T13168] loop4: detected capacity change from 0 to 1024 [ 179.404682][T13168] EXT4-fs: Ignoring removed orlov option [ 179.411056][T13170] netlink: 'syz.5.3240': attribute type 3 has an invalid length. [ 179.426319][T13168] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 179.484866][T13168] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 179.516393][T12355] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.530244][ T29] kauditd_printk_skb: 56 callbacks suppressed [ 179.530260][ T29] audit: type=1400 audit(2000005234.118:3332): avc: denied { listen } for pid=13176 comm="syz.2.3243" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 179.580333][ T29] audit: type=1400 audit(2000005234.148:3333): avc: denied { accept } for pid=13176 comm="syz.2.3243" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 179.600541][T13186] loop4: detected capacity change from 0 to 512 [ 179.631588][T13186] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 179.652010][T13181] xt_hashlimit: size too large, truncated to 1048576 [ 179.662458][T13186] ext4 filesystem being mounted at /45/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 179.742436][T13197] FAULT_INJECTION: forcing a failure. [ 179.742436][T13197] name failslab, interval 1, probability 0, space 0, times 0 [ 179.755247][T13197] CPU: 1 UID: 0 PID: 13197 Comm: syz.2.3248 Not tainted syzkaller #0 PREEMPT(voluntary) [ 179.755276][T13197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 179.755303][T13197] Call Trace: [ 179.755312][T13197] [ 179.755321][T13197] __dump_stack+0x1d/0x30 [ 179.755380][T13197] dump_stack_lvl+0x95/0xd0 [ 179.755406][T13197] dump_stack+0x15/0x1b [ 179.755429][T13197] should_fail_ex+0x263/0x280 [ 179.755478][T13197] should_failslab+0x8c/0xb0 [ 179.755536][T13197] __kvmalloc_node_noprof+0x148/0x680 [ 179.755571][T13197] ? xt_alloc_table_info+0x40/0x80 [ 179.755677][T13197] ? should_fail_ex+0xd9/0x280 [ 179.755721][T13197] xt_alloc_table_info+0x40/0x80 [ 179.755761][T13197] do_ip6t_set_ctl+0x5e5/0x8f0 [ 179.755793][T13197] ? kstrtoull+0x111/0x140 [ 179.755833][T13197] ? __rcu_read_unlock+0x4e/0x70 [ 179.755870][T13197] nf_setsockopt+0x199/0x1b0 [ 179.755909][T13197] ipv6_setsockopt+0x11a/0x130 [ 179.755938][T13197] rawv6_setsockopt+0x1d2/0x410 [ 179.755967][T13197] sock_common_setsockopt+0x69/0x80 [ 179.756022][T13197] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 179.756092][T13197] __sys_setsockopt+0x184/0x200 [ 179.756134][T13197] __x64_sys_setsockopt+0x64/0x80 [ 179.756168][T13197] x64_sys_call+0x21d5/0x3000 [ 179.756284][T13197] do_syscall_64+0xc0/0x2a0 [ 179.756351][T13197] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.756437][T13197] RIP: 0033:0x7fa0866aaeb9 [ 179.756457][T13197] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 179.756481][T13197] RSP: 002b:00007fa085107028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 179.756502][T13197] RAX: ffffffffffffffda RBX: 00007fa086925fa0 RCX: 00007fa0866aaeb9 [ 179.756529][T13197] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000005 [ 179.756543][T13197] RBP: 00007fa085107090 R08: 0000000000000528 R09: 0000000000000000 [ 179.756632][T13197] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001 [ 179.756646][T13197] R13: 00007fa086926038 R14: 00007fa086925fa0 R15: 00007ffc32a51228 [ 179.756673][T13197] [ 179.795107][T13198] tmpfs: Bad value for 'mpol' [ 180.016589][T12355] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.124367][T13223] gretap0: refused to change device tx_queue_len [ 180.150060][ T29] audit: type=1326 audit(2000005234.728:3334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13222 comm="syz.4.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 180.174575][ T29] audit: type=1326 audit(2000005234.728:3335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13222 comm="syz.4.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 180.198444][ T29] audit: type=1326 audit(2000005234.728:3336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13222 comm="syz.4.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 180.222896][ T29] audit: type=1326 audit(2000005234.728:3337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13222 comm="syz.4.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 180.247688][ T29] audit: type=1326 audit(2000005234.728:3338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13222 comm="syz.4.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 180.271277][ T29] audit: type=1326 audit(2000005234.728:3339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13222 comm="syz.4.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 180.295551][ T29] audit: type=1326 audit(2000005234.728:3340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13222 comm="syz.4.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 180.309689][T13236] 9p: Bad value for 'wfdno' [ 180.319281][ T29] audit: type=1326 audit(2000005234.728:3341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13222 comm="syz.4.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 180.355621][T13236] loop4: detected capacity change from 0 to 512 [ 180.370547][T13236] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities [ 180.444903][T13249] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3265'. [ 180.454004][T13249] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3265'. [ 180.468561][T13251] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 180.477360][T13252] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 180.504846][T13231] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3256'. [ 180.532183][T13256] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3268'. [ 180.692917][T13277] can: request_module (can-proto-3) failed. [ 181.120621][T13280] syz.5.3277 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 181.132469][T13280] CPU: 0 UID: 0 PID: 13280 Comm: syz.5.3277 Not tainted syzkaller #0 PREEMPT(voluntary) [ 181.132547][T13280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 181.132564][T13280] Call Trace: [ 181.132570][T13280] [ 181.132577][T13280] __dump_stack+0x1d/0x30 [ 181.132664][T13280] dump_stack_lvl+0x95/0xd0 [ 181.132691][T13280] dump_stack+0x15/0x1b [ 181.132712][T13280] dump_header+0x80/0x240 [ 181.132760][T13280] oom_kill_process+0x295/0x350 [ 181.132854][T13280] out_of_memory+0x97d/0xb80 [ 181.132881][T13280] try_charge_memcg+0x62e/0xa10 [ 181.132909][T13280] mem_cgroup_swapin_charge_folio+0x103/0x1f0 [ 181.132948][T13280] __read_swap_cache_async+0x17b/0x2d0 [ 181.133054][T13280] swap_cluster_readahead+0x262/0x3c0 [ 181.133093][T13280] swapin_readahead+0xde/0x840 [ 181.133154][T13280] ? __perf_event_task_sched_in+0xa65/0xad0 [ 181.133247][T13280] ? __rcu_read_unlock+0x4e/0x70 [ 181.133280][T13280] ? swap_cache_get_folio+0x26f/0x280 [ 181.133313][T13280] do_swap_page+0x59b/0x2a50 [ 181.133518][T13280] ? finish_task_switch+0x79/0x280 [ 181.133549][T13280] ? __schedule+0x82d/0xc90 [ 181.133568][T13280] ? __rcu_read_lock+0x36/0x50 [ 181.133597][T13280] ? __pfx_default_wake_function+0x10/0x10 [ 181.133735][T13280] handle_mm_fault+0xb40/0x3030 [ 181.133771][T13280] ? vma_start_read+0x1c7/0x2c0 [ 181.133803][T13280] do_user_addr_fault+0x62f/0x1050 [ 181.133856][T13280] exc_page_fault+0x62/0xa0 [ 181.133880][T13280] asm_exc_page_fault+0x26/0x30 [ 181.133901][T13280] RIP: 0033:0x7f5e80efb78e [ 181.133930][T13280] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 181.133954][T13280] RSP: 002b:00007ffcd6f13188 EFLAGS: 00010246 [ 181.134019][T13280] RAX: 0000000000000000 RBX: 0000555561d6a500 RCX: 00007f5e80efb78e [ 181.134033][T13280] RDX: 00007ffcd6f131e0 RSI: 0000000000000000 RDI: 0000000000000000 [ 181.134047][T13280] RBP: 00007f5e811b7da0 R08: 0000000000000000 R09: 0000000000000000 [ 181.134060][T13280] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000002c52c [ 181.134106][T13280] R13: 00007f5e811b5fac R14: 000000000002c221 R15: 00007ffcd6f13310 [ 181.134127][T13280] [ 181.352141][T13280] memory: usage 307200kB, limit 307200kB, failcnt 4811 [ 181.359994][T13280] memory+swap: usage 323888kB, limit 9007199254740988kB, failcnt 0 [ 181.368163][T13280] kmem: usage 307180kB, limit 9007199254740988kB, failcnt 0 [ 181.375569][T13280] Memory cgroup stats for /syz5: [ 181.439636][T13280] cache 0 [ 181.447699][T13280] rss 4096 [ 181.450787][T13280] shmem 0 [ 181.453744][T13280] mapped_file 0 [ 181.457394][T13280] dirty 0 [ 181.460356][T13280] writeback 4096 [ 181.464029][T13280] workingset_refault_anon 23 [ 181.468636][T13280] workingset_refault_file 0 [ 181.473157][T13280] swap 17072128 [ 181.476696][T13280] swapcached 36864 [ 181.480440][T13280] pgpgin 149025 [ 181.483931][T13280] pgpgout 149016 [ 181.487501][T13280] pgfault 103059 [ 181.491138][T13280] pgmajfault 6 [ 181.494929][T13280] inactive_anon 8192 [ 181.498850][T13280] active_anon 28672 [ 181.502672][T13280] inactive_file 0 [ 181.506370][T13280] active_file 0 [ 181.509879][T13280] unevictable 0 [ 181.513363][T13280] hierarchical_memory_limit 314572800 [ 181.518780][T13280] hierarchical_memsw_limit 9223372036854771712 [ 181.525082][T13280] total_cache 0 [ 181.528556][T13280] total_rss 4096 [ 181.532125][T13280] total_shmem 0 [ 181.535751][T13280] total_mapped_file 0 [ 181.539748][T13280] total_dirty 0 [ 181.543230][T13280] total_writeback 4096 [ 181.548921][T13280] total_workingset_refault_anon 23 [ 181.554148][T13280] total_workingset_refault_file 0 [ 181.559286][T13280] total_swap 17072128 [ 181.563310][T13280] total_swapcached 36864 [ 181.567672][T13280] total_pgpgin 149025 [ 181.571679][T13280] total_pgpgout 149016 [ 181.575823][T13280] total_pgfault 103059 [ 181.579947][T13280] total_pgmajfault 6 [ 181.583904][T13280] total_inactive_anon 8192 [ 181.588383][T13280] total_active_anon 28672 [ 181.592737][T13280] total_inactive_file 0 [ 181.596949][T13280] total_active_file 0 [ 181.600956][T13280] total_unevictable 0 [ 181.604989][T13280] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.3277,pid=13280,uid=0 [ 181.619794][T13280] Memory cgroup out of memory: Killed process 13280 (syz.5.3277) total-vm:94000kB, anon-rss:1204kB, file-rss:21768kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 181.655044][T13321] loop4: detected capacity change from 0 to 512 [ 181.674628][T13321] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 181.686273][T13321] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it [ 181.696478][T13321] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.3289: Corrupt directory, running e2fsck is recommended [ 181.773543][T13321] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 181.782400][T13321] EXT4-fs error (device loop4): ext4_iget_extra_inode:5073: inode #15: comm syz.4.3289: corrupted in-inode xattr: e_name out of bounds [ 181.797200][T13321] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.3289: couldn't read orphan inode 15 (err -117) [ 181.815118][T13321] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 181.851081][T13319] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 181.853635][T13339] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 181.862774][T13319] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it [ 181.880323][T13319] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.3289: Corrupt directory, running e2fsck is recommended [ 181.912031][T13319] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 181.923677][T13319] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it [ 181.934580][T13319] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.3289: Corrupt directory, running e2fsck is recommended [ 181.951637][T13319] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 181.963622][T13319] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it [ 181.973803][T13319] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.3289: Corrupt directory, running e2fsck is recommended [ 181.990103][T13319] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 182.017414][T12355] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.468827][T13394] delete_channel: no stack [ 182.539593][T13399] loop4: detected capacity change from 0 to 512 [ 182.611065][T13403] loop4: detected capacity change from 0 to 1024 [ 182.629206][T13403] EXT4-fs: inline encryption not supported [ 182.645381][T13403] ext4: Unknown parameter 'appraise' [ 183.188749][ T2199] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 183.207361][T13420] bond1: option packets_per_slave: invalid value (1635017058) [ 183.214962][T13420] bond1: option packets_per_slave: allowed values 0 - 65535 [ 183.225637][T13420] bond1 (unregistering): Released all slaves [ 183.236170][T13421] syzkaller1: entered promiscuous mode [ 183.241733][T13421] syzkaller1: entered allmulticast mode [ 183.255532][ T8406] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 183.292952][ T8406] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 183.320239][ T8406] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 183.392829][T13443] loop4: detected capacity change from 0 to 1024 [ 183.411395][T13443] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 183.466158][T13450] __nla_validate_parse: 5 callbacks suppressed [ 183.466226][T13450] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3336'. [ 183.499438][T12355] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.524590][T13457] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3337'. [ 183.661703][T13471] netlink: 'syz.5.3340': attribute type 4 has an invalid length. [ 183.918166][T13486] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3347'. [ 184.012873][T13464] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.020113][T13464] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.239078][T13493] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3349'. [ 184.303618][T13495] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3350'. [ 184.540510][T13506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.575047][T13506] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.589809][ T29] kauditd_printk_skb: 75 callbacks suppressed [ 184.589828][ T29] audit: type=1326 audit(2000005239.169:3417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13505 comm="syz.2.3355" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa0866aaeb9 code=0x0 [ 184.632791][T13464] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 184.673735][T13464] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 184.812908][T13486] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 184.824614][T13486] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 184.846436][T13486] bond0 (unregistering): Released all slaves [ 184.862575][T13507] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 184.873071][T13507] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.900073][ T8416] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.933885][ T8416] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.943100][ T8416] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.955478][T13507] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 184.965415][T13507] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.997863][T13519] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3361'. [ 185.013131][ T8416] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.027376][T13520] syzkaller1: entered promiscuous mode [ 185.032924][T13520] syzkaller1: entered allmulticast mode [ 185.051221][T13522] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3362'. [ 185.068317][T13507] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 185.078295][T13507] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.125830][ T29] audit: type=1400 audit(2000005239.709:3418): avc: denied { write } for pid=13526 comm="syz.3.3364" name="usbmon3" dev="devtmpfs" ino=151 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 185.185778][T13507] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 185.195679][T13507] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.199617][T13529] xt_hashlimit: size too large, truncated to 1048576 [ 185.339145][ T8416] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 185.347512][ T8416] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.394773][ T8416] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 185.403408][ T8416] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.425286][T13553] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3374'. [ 185.444936][ T8416] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 185.453275][ T8416] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.476866][ T8416] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 185.485291][ T8416] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.516451][T13560] gre1: entered promiscuous mode [ 185.521452][T13560] gre1: entered allmulticast mode [ 185.704849][T13575] macvlan0: entered allmulticast mode [ 185.710492][T13575] veth1_vlan: entered allmulticast mode [ 185.766938][T13580] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3388'. [ 185.778791][ T29] audit: type=1326 audit(2000005240.359:3419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13578 comm="syz.4.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 185.803087][ T29] audit: type=1326 audit(2000005240.359:3420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13578 comm="syz.4.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 185.827620][ T29] audit: type=1326 audit(2000005240.359:3421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13578 comm="syz.4.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 185.851250][ T29] audit: type=1326 audit(2000005240.359:3422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13578 comm="syz.4.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 186.013075][ T29] audit: type=1326 audit(2000005240.359:3423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13578 comm="syz.4.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 186.037424][ T29] audit: type=1326 audit(2000005240.359:3424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13578 comm="syz.4.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 186.060944][ T29] audit: type=1326 audit(2000005240.359:3425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13578 comm="syz.4.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 186.085209][ T29] audit: type=1326 audit(2000005240.439:3426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13578 comm="syz.4.3387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b32faeb9 code=0x7ffc0000 [ 186.126661][T13590] loop4: detected capacity change from 0 to 1024 [ 186.133594][T13590] ext4: Unknown parameter 'nojournal' [ 186.354586][T13604] xt_hashlimit: size too large, truncated to 1048576 [ 186.464078][T13608] netlink: 129384 bytes leftover after parsing attributes in process `syz.3.3399'. [ 186.538045][T13614] gre1: entered promiscuous mode [ 186.543089][T13614] gre1: entered allmulticast mode [ 186.600782][T13623] syzkaller1: entered promiscuous mode [ 186.606355][T13623] syzkaller1: entered allmulticast mode [ 186.614155][T13625] tipc: Failed to obtain node identity [ 186.619706][T13625] tipc: Enabling of bearer rejected, failed to enable media [ 186.633441][T13625] loop4: detected capacity change from 0 to 512 [ 186.640100][T13625] EXT4-fs: Ignoring removed i_version option [ 186.646199][T13625] EXT4-fs: Ignoring removed bh option [ 186.678968][T13625] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 186.692907][T13625] ext4 filesystem being mounted at /76/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 186.740866][T12355] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.865431][T13645] bond2: option packets_per_slave: invalid value (1635017058) [ 186.872982][T13645] bond2: option packets_per_slave: allowed values 0 - 65535 [ 186.881170][T13645] bond2 (unregistering): Released all slaves [ 186.980798][T13652] syzkaller0: entered promiscuous mode [ 186.986783][T13652] syzkaller0: entered allmulticast mode [ 187.011795][T12355] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 187.022843][T12355] CPU: 1 UID: 0 PID: 12355 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) [ 187.022918][T12355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 187.022936][T12355] Call Trace: [ 187.022945][T12355] [ 187.022955][T12355] __dump_stack+0x1d/0x30 [ 187.022986][T12355] dump_stack_lvl+0x95/0xd0 [ 187.023089][T12355] dump_stack+0x15/0x1b [ 187.023113][T12355] dump_header+0x80/0x240 [ 187.023154][T12355] oom_kill_process+0x295/0x350 [ 187.023207][T12355] out_of_memory+0x97d/0xb80 [ 187.023287][T12355] try_charge_memcg+0x62e/0xa10 [ 187.023320][T12355] mem_cgroup_swapin_charge_folio+0x103/0x1f0 [ 187.023358][T12355] __read_swap_cache_async+0x17b/0x2d0 [ 187.023454][T12355] swap_cluster_readahead+0x262/0x3c0 [ 187.023494][T12355] swapin_readahead+0xde/0x840 [ 187.023580][T12355] ? __perf_event_task_sched_in+0xa65/0xad0 [ 187.023615][T12355] ? __rcu_read_unlock+0x4e/0x70 [ 187.023648][T12355] ? swap_cache_get_folio+0x26f/0x280 [ 187.023760][T12355] do_swap_page+0x59b/0x2a50 [ 187.023797][T12355] ? finish_task_switch+0x79/0x280 [ 187.023850][T12355] ? __schedule+0x82d/0xc90 [ 187.023872][T12355] ? __rcu_read_lock+0x36/0x50 [ 187.023963][T12355] ? __pfx_default_wake_function+0x10/0x10 [ 187.023997][T12355] handle_mm_fault+0xb40/0x3030 [ 187.024042][T12355] ? vma_start_read+0x1c7/0x2c0 [ 187.024082][T12355] do_user_addr_fault+0x62f/0x1050 [ 187.024120][T12355] exc_page_fault+0x62/0xa0 [ 187.024168][T12355] asm_exc_page_fault+0x26/0x30 [ 187.024194][T12355] RIP: 0033:0x7f29b32b60d7 [ 187.024214][T12355] Code: 48 89 fa 4c 89 df e8 a8 56 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 187.024297][T12355] RSP: 002b:00007ffe5fa0e7e0 EFLAGS: 00010202 [ 187.024318][T12355] RAX: 0000000000000000 RBX: 000055556c0dc500 RCX: 00007f29b32b60d7 [ 187.024355][T12355] RDX: 00007ffe5fa0e820 RSI: 0000000000000000 RDI: 0000000000000000 [ 187.024367][T12355] RBP: 00007ffe5fa0e88c R08: 0000000000000000 R09: 0000000000000000 [ 187.024380][T12355] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388 [ 187.024393][T12355] R13: 00000000000927c0 R14: 000000000002d992 R15: 00007ffe5fa0e8e0 [ 187.024470][T12355] [ 187.243208][T12355] memory: usage 302520kB, limit 307200kB, failcnt 2726 [ 187.250150][T12355] memory+swap: usage 300824kB, limit 9007199254740988kB, failcnt 0 [ 187.258448][T12355] kmem: usage 295012kB, limit 9007199254740988kB, failcnt 0 [ 187.265781][T12355] Memory cgroup stats for /syz4: [ 187.274994][T12355] cache 0 [ 187.283102][T12355] rss 12288 [ 187.286255][T12355] shmem 0 [ 187.289210][T12355] mapped_file 0 [ 187.292822][T12355] dirty 0 [ 187.295886][T12355] writeback 0 [ 187.299192][T12355] workingset_refault_anon 13 [ 187.303806][T12355] workingset_refault_file 1406 [ 187.308578][T12355] swap 126976 [ 187.311946][T12355] swapcached 16384 [ 187.315751][T12355] pgpgin 220192 [ 187.319237][T12355] pgpgout 220186 [ 187.322824][T12355] pgfault 196186 [ 187.326429][T12355] pgmajfault 13 [ 187.329918][T12355] inactive_anon 12288 [ 187.333955][T12355] active_anon 4096 [ 187.337750][T12355] inactive_file 4096 [ 187.341670][T12355] active_file 0 [ 187.345174][T12355] unevictable 0 [ 187.348650][T12355] hierarchical_memory_limit 314572800 [ 187.354061][T12355] hierarchical_memsw_limit 9223372036854771712 [ 187.360230][T12355] total_cache 0 [ 187.363721][T12355] total_rss 12288 [ 187.367364][T12355] total_shmem 0 [ 187.370838][T12355] total_mapped_file 0 [ 187.374905][T12355] total_dirty 0 [ 187.378392][T12355] total_writeback 0 [ 187.382221][T12355] total_workingset_refault_anon 13 [ 187.387451][T12355] total_workingset_refault_file 1406 [ 187.392778][T12355] total_swap 126976 [ 187.396652][T12355] total_swapcached 16384 [ 187.400915][T12355] total_pgpgin 220192 [ 187.404962][T12355] total_pgpgout 220186 [ 187.409045][T12355] total_pgfault 196186 [ 187.413322][T12355] total_pgmajfault 13 [ 187.417414][T12355] total_inactive_anon 12288 [ 187.418859][T13652] TC_ACT_REPEAT abuse ? [ 187.421931][T12355] total_active_anon 4096 [ 187.421943][T12355] total_inactive_file 4096 [ 187.421954][T12355] total_active_file 0 [ 187.438944][T12355] total_unevictable 0 [ 187.442984][T12355] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.3410,pid=13641,uid=0 [ 187.457722][T12355] Memory cgroup out of memory: Killed process 13641 (syz.4.3410) total-vm:96048kB, anon-rss:1204kB, file-rss:21768kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 187.510087][T13663] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 187.676571][T13694] gre1: entered promiscuous mode [ 187.681599][T13694] gre1: entered allmulticast mode [ 187.759434][T13697] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23 sclass=netlink_route_socket pid=13697 comm=syz.5.3431 [ 187.787002][T13705] syzkaller0: entered promiscuous mode [ 187.792513][T13705] syzkaller0: entered allmulticast mode [ 187.807739][T13707] syzkaller1: entered promiscuous mode [ 187.813382][T13707] syzkaller1: entered allmulticast mode [ 187.925286][T13710] macvtap1: entered promiscuous mode [ 187.930636][T13710] bridge0: entered promiscuous mode [ 187.936059][T13710] macvtap1: entered allmulticast mode [ 187.941470][T13710] bridge0: entered allmulticast mode [ 187.962541][T13710] bridge0: port 3(macvtap1) entered blocking state [ 187.969341][T13710] bridge0: port 3(macvtap1) entered disabled state [ 187.978628][T13710] bridge0: left allmulticast mode [ 187.983719][T13710] bridge0: left promiscuous mode [ 188.007726][T13722] bond2: option packets_per_slave: invalid value (1635017058) [ 188.015333][T13722] bond2: option packets_per_slave: allowed values 0 - 65535 [ 188.024132][T13722] bond2 (unregistering): Released all slaves [ 188.294248][T13772] netlink: 'syz.4.3457': attribute type 21 has an invalid length. [ 188.367570][T13759] netlink: 'syz.3.3452': attribute type 1 has an invalid length. [ 188.475462][T13795] loop4: detected capacity change from 0 to 512 [ 188.484646][T13795] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 188.504991][T13796] __nla_validate_parse: 3 callbacks suppressed [ 188.505010][T13796] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3463'. [ 188.515754][T13795] EXT4-fs (loop4): 1 truncate cleaned up [ 188.528570][T13795] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.673903][ T8416] bond0 (unregistering): Released all slaves [ 188.735884][T12355] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.002730][T13836] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3483'. [ 189.011710][T13836] erspan0: entered promiscuous mode [ 189.077084][T13834] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3479'. [ 189.083469][T13844] loop4: detected capacity change from 0 to 512 [ 189.115364][T13844] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.140754][T13844] ext4 filesystem being mounted at /96/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 189.259122][T13860] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3491'. [ 189.329539][T13862] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=65300 sclass=netlink_xfrm_socket pid=13862 comm=syz.3.3492 [ 189.354936][T12355] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.407287][T13870] loop4: detected capacity change from 0 to 512 [ 189.429052][T13870] EXT4-fs: inline encryption not supported [ 189.435050][T13870] EXT4-fs: Ignoring removed nomblk_io_submit option [ 189.454382][T13870] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 189.462903][T13870] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 189.507679][T13870] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.3495: Failed to acquire dquot type 1 [ 189.533891][T13870] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 46 vs 41 free clusters [ 189.549305][T13870] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #12: comm syz.4.3495: corrupted inode contents [ 189.561841][T13870] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #12: comm syz.4.3495: mark_inode_dirty error [ 189.562359][T13887] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3502'. [ 189.573833][T13870] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #12: comm syz.4.3495: corrupted inode contents [ 189.602062][T13870] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #12: comm syz.4.3495: mark_inode_dirty error [ 189.616099][T13870] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #12: comm syz.4.3495: corrupted inode contents [ 189.628902][T13891] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3502'. [ 189.638568][T13870] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 189.665810][T13870] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #12: comm syz.4.3495: corrupted inode contents [ 189.701171][T13870] EXT4-fs error (device loop4): ext4_truncate:4635: inode #12: comm syz.4.3495: mark_inode_dirty error [ 189.714810][T13870] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 189.725902][T13870] EXT4-fs (loop4): 1 truncate cleaned up [ 189.732013][T13870] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.827760][T12355] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.925749][T13913] loop4: detected capacity change from 0 to 1024 [ 189.939166][T13913] EXT4-fs (loop4): bad geometry: first data block 0 is beyond end of filesystem (0) [ 190.025233][T13922] syzkaller0: entered promiscuous mode [ 190.030765][T13922] syzkaller0: entered allmulticast mode [ 190.117053][ T29] kauditd_printk_skb: 22 callbacks suppressed [ 190.117069][ T29] audit: type=1326 audit(2000005244.700:3447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13931 comm="syz.5.3522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 190.201337][T13938] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3524'. [ 190.204648][ T29] audit: type=1326 audit(2000005244.740:3448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13931 comm="syz.5.3522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 190.210568][T13938] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3524'. [ 190.235668][ T29] audit: type=1326 audit(2000005244.740:3449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13931 comm="syz.5.3522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 190.267175][ T29] audit: type=1326 audit(2000005244.740:3450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13931 comm="syz.5.3522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 190.290786][ T29] audit: type=1326 audit(2000005244.740:3451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13931 comm="syz.5.3522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 190.315075][ T29] audit: type=1326 audit(2000005244.740:3452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13931 comm="syz.5.3522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 190.338675][ T29] audit: type=1326 audit(2000005244.740:3453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13931 comm="syz.5.3522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 190.363226][ T29] audit: type=1326 audit(2000005244.740:3454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13931 comm="syz.5.3522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 190.386795][ T29] audit: type=1326 audit(2000005244.740:3455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13931 comm="syz.5.3522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 190.411030][ T29] audit: type=1326 audit(2000005244.740:3456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13931 comm="syz.5.3522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 190.491960][T13943] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3526'. [ 190.608944][T13947] loop4: detected capacity change from 0 to 2048 [ 190.653047][T13947] ext4: Unknown parameter 'smackfsroot' [ 190.805235][T13959] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3533'. [ 191.550443][T14047] xt_hashlimit: size too large, truncated to 1048576 [ 191.561423][T14057] netlink: 'syz.1.3571': attribute type 21 has an invalid length. [ 191.569642][ T10] IPVS: starting estimator thread 0... [ 191.624479][ T37] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 191.635216][ T37] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.672452][T14058] IPVS: using max 2064 ests per chain, 103200 per kthread [ 191.754719][ T37] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 191.764655][ T37] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.877112][ T37] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 191.886977][ T37] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.945334][ T37] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 191.955274][ T37] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.042957][ T37] bridge_slave_1: left allmulticast mode [ 192.048821][ T37] bridge_slave_1: left promiscuous mode [ 192.055167][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.065426][ T37] bridge_slave_0: left allmulticast mode [ 192.071211][ T37] bridge_slave_0: left promiscuous mode [ 192.077051][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.254331][ T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 192.265485][ T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 192.276391][ T37] bond0 (unregistering): Released all slaves [ 192.299582][T14068] chnl_net:caif_netlink_parms(): no params data found [ 192.310375][T14088] syzkaller0: entered promiscuous mode [ 192.315946][T14088] syzkaller0: entered allmulticast mode [ 192.330167][T14088] tmpfs: Bad value for 'mpol' [ 192.386945][T14097] loop4: detected capacity change from 0 to 512 [ 192.428202][T14097] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #3: comm syz.4.3578: corrupted inode contents [ 192.450723][ T37] tipc: Disabling bearer [ 192.455930][ T37] tipc: Left network mode [ 192.655957][T14068] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.663309][T14068] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.677482][T14097] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #3: comm syz.4.3578: mark_inode_dirty error [ 192.716461][T14097] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #3: comm syz.4.3578: corrupted inode contents [ 192.729331][T14097] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #3: comm syz.4.3578: mark_inode_dirty error [ 192.740789][T14068] bridge_slave_0: entered allmulticast mode [ 192.748277][T14068] bridge_slave_0: entered promiscuous mode [ 192.755404][T14068] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.762526][T14068] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.770177][T14068] bridge_slave_1: entered allmulticast mode [ 192.777654][T14068] bridge_slave_1: entered promiscuous mode [ 192.794781][T14097] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.3578: Failed to acquire dquot type 0 [ 192.813182][ T37] hsr_slave_0: left promiscuous mode [ 192.819909][ T37] hsr_slave_1: left promiscuous mode [ 192.831184][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 192.839657][ T37] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 192.863430][T14097] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.3578: corrupted inode contents [ 192.887044][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 192.895397][ T37] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 192.912374][T14097] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #16: comm syz.4.3578: mark_inode_dirty error [ 192.927627][T14091] syz.4.3578 invoked oom-killer: gfp_mask=0x402d02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 192.942391][T14091] CPU: 0 UID: 0 PID: 14091 Comm: syz.4.3578 Not tainted syzkaller #0 PREEMPT(voluntary) [ 192.942421][T14091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 192.942487][T14091] Call Trace: [ 192.942496][T14091] [ 192.942508][T14091] __dump_stack+0x1d/0x30 [ 192.942542][T14091] dump_stack_lvl+0x95/0xd0 [ 192.942652][T14091] dump_stack+0x15/0x1b [ 192.942679][T14091] dump_header+0x80/0x240 [ 192.942704][T14091] oom_kill_process+0x295/0x350 [ 192.942731][T14091] out_of_memory+0x97d/0xb80 [ 192.942763][T14091] try_charge_memcg+0x62e/0xa10 [ 192.942844][T14091] obj_cgroup_charge_pages+0x23/0xc0 [ 192.942888][T14091] __memcg_kmem_charge_page+0x9e/0x170 [ 192.942927][T14091] __alloc_frozen_pages_noprof+0x18a/0x350 [ 192.942993][T14091] alloc_pages_mpol+0xb3/0x260 [ 192.943075][T14091] alloc_pages_noprof+0x8f/0x130 [ 192.943114][T14091] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 192.943219][T14091] __kvmalloc_node_noprof+0x471/0x680 [ 192.943256][T14091] ? ip_set_alloc+0x24/0x30 [ 192.943291][T14091] ? ip_set_alloc+0x24/0x30 [ 192.943341][T14091] ip_set_alloc+0x24/0x30 [ 192.943369][T14091] hash_netiface_create+0x282/0x740 [ 192.943399][T14091] ? __pfx_hash_netiface_create+0x10/0x10 [ 192.943503][T14091] ip_set_create+0x3cf/0x970 [ 192.943534][T14091] ? __nla_parse+0x40/0x60 [ 192.943624][T14091] nfnetlink_rcv_msg+0x509/0x5d0 [ 192.943674][T14091] netlink_rcv_skb+0x123/0x220 [ 192.943705][T14091] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 192.943805][T14091] nfnetlink_rcv+0x167/0x1720 [ 192.943842][T14091] ? __kfree_skb+0x109/0x150 [ 192.943879][T14091] ? nlmon_xmit+0x4f/0x60 [ 192.943960][T14091] ? consume_skb+0x49/0x140 [ 192.943994][T14091] ? nlmon_xmit+0x4f/0x60 [ 192.944030][T14091] ? dev_hard_start_xmit+0x3a8/0x3e0 [ 192.944076][T14091] ? __dev_queue_xmit+0x139a/0x1f20 [ 192.944144][T14091] ? __dev_queue_xmit+0x148/0x1f20 [ 192.944216][T14091] ? ref_tracker_free+0x37d/0x3e0 [ 192.944263][T14091] ? __netlink_deliver_tap+0x4dc/0x500 [ 192.944311][T14091] netlink_unicast+0x5c0/0x690 [ 192.944370][T14091] netlink_sendmsg+0x5c8/0x6f0 [ 192.944464][T14091] ? __pfx_netlink_sendmsg+0x10/0x10 [ 192.944505][T14091] ____sys_sendmsg+0x5af/0x600 [ 192.944530][T14091] ___sys_sendmsg+0x195/0x1e0 [ 192.944563][T14091] __x64_sys_sendmsg+0xd4/0x160 [ 192.944588][T14091] x64_sys_call+0x17ba/0x3000 [ 192.944650][T14091] do_syscall_64+0xc0/0x2a0 [ 192.944682][T14091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.944835][T14091] RIP: 0033:0x7f29b32faeb9 [ 192.944850][T14091] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 192.944868][T14091] RSP: 002b:00007f29b1d57028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 192.944892][T14091] RAX: ffffffffffffffda RBX: 00007f29b3575fa0 RCX: 00007f29b32faeb9 [ 192.944908][T14091] RDX: 0000000000000800 RSI: 0000200000000200 RDI: 0000000000000005 [ 192.944925][T14091] RBP: 00007f29b3368c1f R08: 0000000000000000 R09: 0000000000000000 [ 192.944997][T14091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.945011][T14091] R13: 00007f29b3576038 R14: 00007f29b3575fa0 R15: 00007ffe5fa0e4e8 [ 192.945029][T14091] [ 192.945036][T14091] memory: usage 307200kB, limit 307200kB, failcnt 2860 [ 192.962713][T14097] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.3578: corrupted inode contents [ 192.965848][T14091] memory+swap: usage 307372kB, limit 9007199254740988kB, failcnt 0 [ 192.969753][T14097] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #16: comm syz.4.3578: mark_inode_dirty error [ 192.972018][T14091] kmem: usage 306868kB, limit 9007199254740988kB, failcnt 0 [ 192.977583][T14097] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.3578: corrupted inode contents [ 192.980866][T14091] Memory cgroup stats for /syz4: [ 192.981405][T14091] cache 315392 [ 192.985656][T14097] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 192.985903][T14097] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.3578: corrupted inode contents [ 192.990111][T14091] rss 20480 [ 192.990123][T14091] shmem 249856 [ 192.990133][T14091] mapped_file 16384 [ 192.996543][T14097] EXT4-fs error (device loop4): ext4_truncate:4635: inode #16: comm syz.4.3578: mark_inode_dirty error [ 192.999673][T14091] dirty 36864 [ 192.999708][T14091] writeback 0 [ 193.005317][T14097] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 193.009878][T14091] workingset_refault_anon 26 [ 193.009892][T14091] workingset_refault_file 1664 [ 193.009903][T14091] swap 176128 [ 193.009913][T14091] swapcached 0 [ 193.051089][T14097] EXT4-fs (loop4): 1 truncate cleaned up [ 193.053202][T14091] pgpgin 227088 [ 193.053215][T14091] pgpgout 227005 [ 193.053225][T14091] pgfault 204560 [ 193.067951][T14097] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.068610][T14091] pgmajfault 25 [ 193.068635][T14091] inactive_anon 270336 [ 193.080216][T14097] ext4 filesystem being mounted at /112/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 193.083357][T14091] active_anon 0 [ 193.083368][T14091] inactive_file 0 [ 193.083378][T14091] active_file 69632 [ 193.467747][T14091] unevictable 0 [ 193.471221][T14091] hierarchical_memory_limit 314572800 [ 193.476769][T14091] hierarchical_memsw_limit 9223372036854771712 [ 193.482975][T14091] total_cache 315392 [ 193.486906][T14091] total_rss 20480 [ 193.490536][T14091] total_shmem 249856 [ 193.495151][T14091] total_mapped_file 16384 [ 193.499505][T14091] total_dirty 36864 [ 193.503338][T14091] total_writeback 0 [ 193.507177][T14091] total_workingset_refault_anon 26 [ 193.512403][T14091] total_workingset_refault_file 1664 [ 193.517678][T14091] total_swap 176128 [ 193.521522][T14091] total_swapcached 0 [ 193.526113][T14091] total_pgpgin 227088 [ 193.530094][T14091] total_pgpgout 227005 [ 193.534195][T14091] total_pgfault 204560 [ 193.538316][T14091] total_pgmajfault 25 [ 193.542343][T14091] total_inactive_anon 270336 [ 193.547053][T14091] total_active_anon 0 [ 193.551089][T14091] total_inactive_file 0 [ 193.555948][T14091] total_active_file 69632 [ 193.560279][T14091] total_unevictable 0 [ 193.564314][T14091] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.3578,pid=14090,uid=0 [ 193.579283][T14091] Memory cgroup out of memory: Killed process 14090 (syz.4.3578) total-vm:94132kB, anon-rss:1332kB, file-rss:22412kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 193.611990][ T37] veth1_macvtap: left promiscuous mode [ 193.630252][ T37] veth0_macvtap: left promiscuous mode [ 193.642890][T12355] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.661242][ T37] veth1_vlan: left allmulticast mode [ 193.666779][ T37] veth1_vlan: left promiscuous mode [ 193.672663][ T37] veth0_vlan: left promiscuous mode [ 193.759756][ T37] macvlan0 (unregistering): left allmulticast mode [ 193.789744][ T37] team0 (unregistering): Port device team_slave_1 removed [ 193.800505][ T37] team0 (unregistering): Port device team_slave_0 removed [ 193.849282][T14103] batman_adv: batadv0: Adding interface: ipvlan2 [ 193.855787][T14103] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 193.881294][T14103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.891896][T14103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.901930][T14103] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active [ 193.927673][T14131] tipc: Started in network mode [ 193.932639][T14131] tipc: Node identity ac14140f, cluster identity 4711 [ 193.946236][T14131] tipc: New replicast peer: 255.255.255.255 [ 193.953170][T14131] tipc: Enabled bearer , priority 10 [ 193.964930][T14133] bond0: option packets_per_slave: invalid value (1635017058) [ 193.972633][T14133] bond0: option packets_per_slave: allowed values 0 - 65535 [ 193.981558][T14133] bond0 (unregistering): Released all slaves [ 194.003217][T14068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 194.023678][T14068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 194.064199][T14068] team0: Port device team_slave_0 added [ 194.084589][T14068] team0: Port device team_slave_1 added [ 194.149891][T14068] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 194.157011][T14068] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 194.183739][T14068] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 194.186257][T14157] __nla_validate_parse: 7 callbacks suppressed [ 194.186300][T14157] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3595'. [ 194.243877][T14068] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 194.250885][T14068] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 194.277853][T14068] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 194.478080][T14167] batman_adv: batadv0: Adding interface: ipvlan3 [ 194.485381][T14167] batman_adv: batadv0: The MTU of interface ipvlan3 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 194.510913][T14167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.522427][T14167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.532358][T14167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: ipvlan2 [ 194.542251][T14167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.552755][T14167] batman_adv: batadv0: Not using interface ipvlan3 (retrying later): interface not active [ 194.583409][T14068] hsr_slave_0: entered promiscuous mode [ 194.595842][T14068] hsr_slave_1: entered promiscuous mode [ 194.602171][T14068] debugfs: 'hsr0' already exists in 'hsr' [ 194.607980][T14068] Cannot create hsr debugfs directory [ 194.763766][T14195] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3604'. [ 194.885420][T14206] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3608'. [ 194.992955][T14068] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 195.035926][T14068] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 195.072618][T14068] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 195.095889][T14068] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 195.108234][ T7976] tipc: Node number set to 2886997007 [ 195.251129][T14068] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.272971][T14233] xt_hashlimit: size too large, truncated to 1048576 [ 195.299998][T14068] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.324217][ T8406] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.331319][ T8406] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.368475][ T8406] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.375687][ T8406] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.435809][T14068] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 195.446423][T14068] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 195.637672][T14258] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3618'. [ 195.649218][T14068] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.723956][T14258] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=14258 comm=syz.5.3618 [ 196.153751][T14068] veth0_vlan: entered promiscuous mode [ 196.180224][T14068] veth1_vlan: entered promiscuous mode [ 196.214474][T14068] veth0_macvtap: entered promiscuous mode [ 196.232287][T14330] netlink: 360 bytes leftover after parsing attributes in process `syz.5.3627'. [ 196.242590][T14068] veth1_macvtap: entered promiscuous mode [ 196.252588][ T29] kauditd_printk_skb: 58 callbacks suppressed [ 196.252607][ T29] audit: type=1326 audit(2000005250.841:3513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz.5.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 196.296121][T14068] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.330187][T14068] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.338659][ T29] audit: type=1326 audit(2000005250.871:3514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz.5.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 196.362320][ T29] audit: type=1326 audit(2000005250.871:3515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz.5.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 196.368847][T14337] netlink: 'syz.1.3629': attribute type 8 has an invalid length. [ 196.385862][ T29] audit: type=1326 audit(2000005250.871:3516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz.5.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 196.385903][ T29] audit: type=1326 audit(2000005250.871:3517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz.5.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 196.385969][ T29] audit: type=1326 audit(2000005250.871:3518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz.5.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 196.386003][ T29] audit: type=1326 audit(2000005250.871:3519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz.5.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 196.386057][ T29] audit: type=1326 audit(2000005250.871:3520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz.5.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 196.386138][ T29] audit: type=1326 audit(2000005250.871:3521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz.5.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 196.386168][ T29] audit: type=1326 audit(2000005250.871:3522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz.5.3627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e80f3aeb9 code=0x7ffc0000 [ 196.566369][ T37] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.580981][ T37] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.618745][ T37] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.635104][ T37] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.730279][T14375] loop4: detected capacity change from 0 to 128 [ 196.875682][T14399] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3636'. [ 196.957684][T14405] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3634'. [ 197.130314][T14415] tipc: Started in network mode [ 197.136038][T14415] tipc: Node identity ac14140f, cluster identity 4711 [ 197.170635][T14415] tipc: New replicast peer: 255.255.255.255 [ 197.177137][T14415] tipc: Enabled bearer , priority 10 [ 197.277852][T14423] bond0: option packets_per_slave: invalid value (1635017058) [ 197.286127][T14423] bond0: option packets_per_slave: allowed values 0 - 65535 [ 197.294740][T14423] bond0 (unregistering): Released all slaves [ 197.546272][T14417] ================================================================== [ 197.554408][T14417] BUG: KCSAN: data-race in __filemap_remove_folio / folio_mapping [ 197.562254][T14417] [ 197.564588][T14417] write to 0xffffea0004e50958 of 8 bytes by task 14289 on cpu 0: [ 197.572392][T14417] __filemap_remove_folio+0x201/0x300 [ 197.577775][T14417] filemap_remove_folio+0x6d/0x1d0 [ 197.582889][T14417] truncate_inode_folio+0x42/0x50 [ 197.587952][T14417] shmem_undo_range+0x273/0xad0 [ 197.592819][T14417] shmem_evict_inode+0x12e/0x510 [ 197.597772][T14417] evict+0x2af/0x510 [ 197.601699][T14417] iput+0x4b9/0x650 [ 197.605514][T14417] dentry_unlink_inode+0x24f/0x260 [ 197.610646][T14417] __dentry_kill+0x13f/0x460 [ 197.615278][T14417] finish_dput+0x2b/0x200 [ 197.619629][T14417] dput+0x52/0x60 [ 197.623264][T14417] __fput+0x444/0x650 [ 197.627248][T14417] ____fput+0x1c/0x30 [ 197.631242][T14417] task_work_run+0x130/0x1a0 [ 197.635848][T14417] do_exit+0x466/0x1590 [ 197.640005][T14417] do_group_exit+0xfe/0x140 [ 197.644529][T14417] get_signal+0xe4f/0xf60 [ 197.648887][T14417] arch_do_signal_or_restart+0x96/0x450 [ 197.654441][T14417] irqentry_exit+0xf7/0x510 [ 197.658961][T14417] asm_exc_page_fault+0x26/0x30 [ 197.663841][T14417] [ 197.666186][T14417] read to 0xffffea0004e50958 of 8 bytes by task 14417 on cpu 1: [ 197.673875][T14417] folio_mapping+0xa1/0xe0 [ 197.678294][T14417] evict_folios+0xde9/0x35b0 [ 197.682888][T14417] try_to_shrink_lruvec+0x5f6/0x960 [ 197.688090][T14417] shrink_lruvec+0x24e/0x1bc0 [ 197.692776][T14417] shrink_node+0x68e/0x2000 [ 197.697277][T14417] do_try_to_free_pages+0x404/0xcc0 [ 197.702487][T14417] try_to_free_mem_cgroup_pages+0x222/0x470 [ 197.708403][T14417] try_charge_memcg+0x37e/0xa10 [ 197.713361][T14417] obj_cgroup_charge_pages+0x23/0xc0 [ 197.718666][T14417] __memcg_kmem_charge_page+0x9e/0x170 [ 197.724134][T14417] __alloc_frozen_pages_noprof+0x18a/0x350 [ 197.729969][T14417] alloc_pages_mpol+0xb3/0x260 [ 197.734761][T14417] alloc_pages_noprof+0x8f/0x130 [ 197.739714][T14417] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 197.745621][T14417] bpf_map_area_alloc+0xfa/0x140 [ 197.750600][T14417] bloom_map_alloc+0x1b8/0x2c0 [ 197.755383][T14417] map_create+0x862/0xda0 [ 197.759726][T14417] __sys_bpf+0x54e/0x7b0 [ 197.763975][T14417] __x64_sys_bpf+0x41/0x50 [ 197.768400][T14417] x64_sys_call+0x28e1/0x3000 [ 197.773085][T14417] do_syscall_64+0xc0/0x2a0 [ 197.777597][T14417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.783489][T14417] [ 197.785831][T14417] value changed: 0xffff88811b65bef8 -> 0x0000000000000000 [ 197.792963][T14417] [ 197.795321][T14417] Reported by Kernel Concurrency Sanitizer on: [ 197.801487][T14417] CPU: 1 UID: 0 PID: 14417 Comm: syz.5.3642 Not tainted syzkaller #0 PREEMPT(voluntary) [ 197.811305][T14417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 197.821382][T14417] ================================================================== [ 198.241753][ T7976] tipc: Node number set to 2886997007