last executing test programs: 3m10.449154115s ago: executing program 4 (id=670): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x7, 0x0, 0x0, 0x0, 0x7, 0x200, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x10000, 0xfb, 0x3, 0x38, 0x820005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000003040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fbdbdf25020000000a000900aaaaaaaaaa44000008000300", @ANYRES32=r3, @ANYBLOB='\b\x00\v'], 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084) bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x9, 0x8, 0x0, &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x2f, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f00000001c0)={0x94, [0x1, 0x3], 0x7}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1e000d0002000000000000000600000010020100", @ANYRES32=0x1, @ANYBLOB='S\x00'/20, @ANYRES32=r3, @ANYRES32, @ANYBLOB="0000000000000000040000000e00"/24, @ANYRES32, @ANYBLOB], 0x50) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB="fcffffff00"/20, @ANYRES32, @ANYBLOB="0000000000000000003f3c67755d4bea9a00"/28], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x15, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000010000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000001000000850000003300000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000860000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000000c1b8162a18a5360bd764e9395000000000000007172b269c9afa60b9403bd1227ef9c"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=ANY=[@ANYRESOCT=r5, @ANYRESDEC=r6, @ANYBLOB="92e31e3bf60c8009d581a6314490c95d07c211a13504824901aed36975f2a1241eae5ccfd9a18ffcad2380a64f64ec5beb2e4e25e512ab38d7fa6e35e9e3b4ab2821d545cd1f41295323f2e7c3d33afce25f102161be2eb72d366fac2e92d837b6cef900c3ff7ca48d8ea6d5c6dc86c1a2463273038cd053a3631147460447afb88ce98e6bc3a47bad4ba425d734a1b5a408f49f452601e45c2cf56f65b9bc8440cfc73dd222789a484c3111df747fb50a6089fa940ea42f00150903f8b9eab403a006e14a41dec3b2efa77e39cdfe74b18efabc37bf6f2fd75bb8bf7ddd53beca000000000000"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0xff, 0x7ffc1ffd}]}) request_key(&(0x7f0000000640)='rxrpc\x00', &(0x7f0000001ffb)={'syz', 0x3}, &(0x7f0000000740)='R\x10r\x94\x00\x00\x00\x00\x12eF?\x12\xf0\xce\xd0\x98\x93\x1a\x94\x86\xd6/Z\x8d`\xad\x83\xac}\xd1\xd47\x17Y\x90\xf53\xd6\x03\xd9s\xa3\xc9\x1c#\xd7\x1a#\x11\x1f\xa2\x05x\x1f\x13Fl\x0e\xc6w\x11J\xc6\xeb\x1fAa\x9e\xc7\x9e\xde\x15\xa4H\xa7T\xf9\xa9\n\xb6\x86\xce8>\f\x1av\xfd@\\\xe44+?\a\a\xb9\x1d_x\x04\xb6\x95\xb9&\xe3\xdf\xa1\x93\xf0Q\xfe\xa75\xa6\x92\xb9\ru\xf0\xee\x0f\x05\xbam\xf6T%\xa8h!\xb6y\x12e\xdf\xf0\x01\xf2\xcc\x84\x1f-\xe4qO\x18\x866\x99w\xc8\xa2r\xaey\x00\xd5\xa7DS\x83\xc4\xa5\xc0\xd6\xa6|=r1\xe4?\xa4\xdb\x054\xb0\x9b\xbf\xcc\xa82\x04\xf6\b\xa1\x97b\xd5\xbe(f\xd5:\x80\xb4\r\x92\x9d5%?\x10\xa3,b\x9d8\xb6\x86i\x9e\x84\xa9\xd6\xd4\x05\xe4\xf0\x80\xf0\xa2+\xefT\xbc\x93\x1c\xc5', 0x0) r9 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCADDRT(r9, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x4e23, @empty}, {0x2, 0x0, @remote}, {0x2, 0x4e21, @empty}, 0x107, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000}) ioctl$sock_inet_SIOCADDRT(r9, 0x890c, &(0x7f0000000840)={0x0, {0x2, 0x4e22, @empty}, {0x2, 0x4e20, @loopback}, {0x2, 0x4e2f, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}) setpriority(0x2, 0x0, 0x9) unlinkat(0xffffffffffffffff, 0x0, 0x200) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000a80)='kfree\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000100)={0x4, 0xfffffffd, 0x0, 'queue1\x00', 0xfffffffa}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(0xffffffffffffffff, 0x408c5333, &(0x7f0000000580)={0x0, 0x0, 0x0, 'queue0\x00', 0x3}) 3m10.386308871s ago: executing program 4 (id=675): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000c40)=ANY=[@ANYBLOB="993b972bf7e4b64b3e102589970b43b82e2e15d1fcf90548751106d02393741f13ebef9c8fcdce6b8653bab9c3cebbd444d50177c886cd421d72b64c63c3e1af4ac299b450a5954b5538f88897e1b008024954a7865926eb620a3f7318a314fc7912d5cb5486d920ccb8e5592b80ae916eb16aff373c097df7037f54d6b1760b6dee1a725129bb2e89cc804b3d864e11a0ab2a6169431b5234cf52dfcfb487d04e734a7470eddda688fddb84d2b0ab99c1731da488b2a1a3e2243cdf683ad4c0aba9f146d53560fa708ab11f2df7e8f0226b6527efe780a399b0686175", @ANYRES16=r1, @ANYBLOB="00022abd7000fedbdf250600000006001a004e2400000c001000000000000000000014001f00fe8000000000000000000000000000bb08000b000200000006001b004e2400000c000f000600000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x8064}, 0x4000000) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)={0x114, r3, 0x8, 0x70bd26, 0x25dfdbff, {}, [@handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xa1, 0xa8, @random="c6e23c65e696ebe27508605d8ed7e6faf112121b5d1b11dbaa544c4b63e0ada669539e51e5ee0bb8955ea5668e8f06090ec0dab5d81264cff6220139c7490fc179a31c313998cd7c6918a48ea25f41d180d345605db6e6e53959bf01c04d69cee09ed694ab80e52caa8cd1904d1b1b99056918749c085ebd3e72b692db4413d14c9cb979ea84ca64fb6e9501993a1249a07cc443d297e1e3f645d26e05"}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x114}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008014) r4 = syz_genetlink_get_family_id$team(&(0x7f0000000580), r2) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000600)={'erspan0\x00', &(0x7f00000005c0)={'syztnl0\x00', 0x0, 0x80, 0xb0, 0xffe00000, 0x4, {{0x7, 0x4, 0x1, 0x8, 0x1c, 0x66, 0x0, 0x4, 0x4, 0x0, @empty, @remote, {[@ra={0x94, 0x4, 0x1}, @noop]}}}}}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat(0xffffffffffffffff, &(0x7f0000000b40)='./file0\x00', 0x26201, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000c00)={0x1ff, 0x0}, 0x8) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000b00)={@fallback=r6, r0, 0x28, 0x2020, 0x0, @void, @void, @value=r7}, 0x20) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000880)={0x34, r8, 0x1, 0x4070bd28, 0x1, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x34}}, 0x18) r10 = socket(0x1, 0x803, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r12 = socket(0x10, 0x3, 0x0) connect$netlink(r12, &(0x7f0000000280)=@proc={0x10, 0x0, 0x1}, 0xc) sendmsg$nl_route_sched(r12, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000940)=@newtaction={0x18, 0x32, 0x829, 0x0, 0x0, {0x0, 0x0, 0x2}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4010}, 0x0) sendmsg$nl_route(r12, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r11}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, r11, 0x0, 0x343}}}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x48800}, 0x0) r13 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f00000000c0)={'bond0\x00', 0x0}) sendmsg$nl_route(r13, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x2000000, {0x0, 0x0, 0x0, 0x0, 0x18603}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r14}, @IFLA_MASTER={0x8, 0xa, r14}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054) sendmsg$TEAM_CMD_NOOP(r2, &(0x7f0000000ac0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000a80)={&(0x7f0000000740)={0x14, r4, 0x200, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40084}, 0xc040) 3m9.83362733s ago: executing program 4 (id=688): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000600"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x1, 0x1f9}, &(0x7f0000000000)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r1, 0x0, &(0x7f0000000040)='./file0\x00', 0x64, 0x183000, 0x12345}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 3m9.638123248s ago: executing program 4 (id=694): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x12c5008, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x2125099, 0x0) umount2(&(0x7f0000000140)='./file0/file0\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', r0, 0x0, 0x4804}, 0x18) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', 0x0}) bind$packet(r1, &(0x7f0000000080)={0x11, 0x1a, r2, 0x1, 0x8, 0x6, @broadcast}, 0x14) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'}) 3m9.485522982s ago: executing program 4 (id=696): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffec3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000210018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f00000002c0)='sched_kthread_work_queue_work\x00', r1}, 0x10) socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0)) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x6, 0x4, 0x8, 0xa, 0x0, 0xffffffffffffffff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x37e2f4aba9289b81, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x8000) r4 = socket$qrtr(0x2a, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x18) r7 = syz_io_uring_setup(0x497, &(0x7f0000000300)={0x0, 0x356f, 0x80, 0x3, 0x285}, &(0x7f0000000380)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r4, 0x0, 0x0}) io_uring_enter(r7, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) r11 = socket$inet6(0xa, 0x3, 0xff) setsockopt$inet6_int(r11, 0x29, 0x16, &(0x7f0000fcb000), 0x4) close_range(r10, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r12 = creat(&(0x7f0000000000)='./file0\x00', 0x40) write$binfmt_elf32(r12, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c4601079704080000000000000002000600010000004300000038000000c0010000030000000100200002"], 0x78) close(r12) 3m5.04444457s ago: executing program 4 (id=768): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff2d, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc1400"], 0x64}, 0x1, 0x0, 0x0, 0x4094}, 0x24000004) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x61, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a70000000090a010400000000000000000a0000040900020073797a310000000008000a40fffffffc0900010073797a3100000000080005400000000d2c00128014000180090001006c6173740000000004000280140001800c000100636f756e746572000400028008000340000001"], 0x98}, 0x1, 0x0, 0x0, 0x4044050}, 0x40) 3m5.04404188s ago: executing program 32 (id=768): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff2d, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc1400"], 0x64}, 0x1, 0x0, 0x0, 0x4094}, 0x24000004) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x61, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a70000000090a010400000000000000000a0000040900020073797a310000000008000a40fffffffc0900010073797a3100000000080005400000000d2c00128014000180090001006c6173740000000004000280140001800c000100636f756e746572000400028008000340000001"], 0x98}, 0x1, 0x0, 0x0, 0x4044050}, 0x40) 3.45415533s ago: executing program 5 (id=3505): syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2029c1b, 0x0, 0x1, 0x0, &(0x7f0000000080)) socket$nl_generic(0x10, 0x3, 0x10) ioctl$PTP_ENABLE_PPS(0xffffffffffffffff, 0x40043d04, 0x1) r0 = socket$netlink(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) openat$tun(0xffffffffffffff9c, 0x0, 0x20702, 0x0) sendmsg$nfc_llcp(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000380)={0x27, 0x0, 0x1, 0x7, 0x6, 0x8, "19d190beda273ab8af0fe967afefab9be4c6abcaeef9318a928d1160319b04281ce02db477aedc344441ac81739c335c369061f500650c2a8ea78a0ef00fbc", 0x3d}, 0x60, &(0x7f0000000780)=[{&(0x7f00000006c0)="41f142fc0c49f2769225559d30d2e3785e1bff0b3b8ea45b9033036ec3191f2063396a7ce139f28cae161a2989a7a1d18bdef28255611c78b4a8b75124c3f16ac9f416ddf913bcbab3cd50ca98dc000627bd110561362a191ee23337cad30fd32c4068bb5bd6dfdf2dd56bd4cde2615bf2c1c86c759839706bb929bc2b0b2fbb4682ca1f0ec2916a97a5063373949dcdcd5a36cd74b5f4e4d79f47d6ff2d8acaba80df5f68f102bd3d813a9283", 0xad}, {&(0x7f0000000580)="50b2d93caa04b37c804e1d35d00d05f61460c658967eec547c47e27b8e3b", 0x1e}], 0x2, 0x0, 0x0, 0x10080}, 0x40080) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8000}, 0x24041, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0xa) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x118) r4 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000240)={0x86c9460748f085ce}) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7, 0x0, 0x6}, 0x18) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001540), 0x0, 0x0) close(0xffffffffffffffff) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r8}, 0x10) r9 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), r9) socket(0x10, 0x803, 0x0) 3.408088274s ago: executing program 2 (id=3508): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000010000000000000006400000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000380)='kmem_cache_free\x00', r1, 0x0, 0x7}, 0x18) connect$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e21, 0x6, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) 3.391554165s ago: executing program 2 (id=3510): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x7, &(0x7f0000006680)) nanosleep(&(0x7f0000000000), 0x0) syz_open_procfs(0x0, &(0x7f0000000340)='net/rt_acct\x00') bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFC_CMD_DEV_DOWN(0xffffffffffffffff, 0x0, 0x40) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x4a604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0xc162, 0x10000, 0x0, 0x6, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$igmp(0x2, 0x3, 0x2) r0 = syz_io_uring_setup(0x230, &(0x7f0000000380)={0x0, 0x5325, 0x10000, 0x1, 0x100002cf}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r3, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r4 = fcntl$dupfd(r3, 0x0, r3) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000080}, 0x24004080) sendmsg$TEAM_CMD_OPTIONS_GET(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000002c40)=ANY=[], 0x40c}, 0x1, 0x0, 0x0, 0x90}, 0x8000) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x304}, "3f6906003d99b5b9", "ad19b9f81b7051508702a27013f65558c8a01f2ae65a25a4c4580daf90219442", "d78279e4", "ba02af61de6197b6"}, 0x38) r5 = syz_io_uring_setup(0xbda, &(0x7f0000000640)={0x0, 0x356e, 0x800, 0x1, 0x40000334}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0) 3.296645514s ago: executing program 5 (id=3512): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() socket$inet_tcp(0x2, 0x1, 0x0) sched_setscheduler(r2, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r6}, 0x18) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x498, 0x320, 0xa, 0x148, 0x368, 0x60, 0x400, 0x2a8, 0x2a8, 0x400, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2f8, 0x368, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x8601, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x4f8) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) r8 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r9, &(0x7f0000001a40), 0x0) ioctl$PTP_PEROUT_REQUEST2(r8, 0x40383d0c, &(0x7f00000000c0)) 2.388106956s ago: executing program 5 (id=3529): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wg0\x00', 0x0}) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3d, 0x3d, 0x3, [@datasec={0x7, 0x1, 0x0, 0xf, 0x1, [{0x1, 0x2, 0xfffffff9}], "a7"}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x5, 0x3}]}, @decl_tag={0x7, 0x0, 0x0, 0x11, 0x3, 0x6}]}, {0x0, [0x2e]}}, &(0x7f00000004c0)=""/76, 0x5b, 0x4c, 0x0, 0x3, 0x10000}, 0x28) r3 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000400)={0x0, r0}, 0x8) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x20, 0x4, 0x0, 0x200, 0x12000, r0, 0x435, '\x00', r1, r2, 0x2, 0x3, 0x4, 0x0, @void, @value, @value=r3}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xd, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x15}}, @call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000340)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000180)=r5}, 0x20) mount$9p_rdma(0x0, 0x0, &(0x7f0000001440), 0x200800, &(0x7f0000000040)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e20,fscontext=u']) socket$inet6(0xa, 0xf, 0x81) r6 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) setuid(0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r9, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r9, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r8], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) 2.216253031s ago: executing program 5 (id=3533): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x50) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x7, &(0x7f0000006680)) nanosleep(&(0x7f0000000000), 0x0) syz_open_procfs(0x0, &(0x7f0000000340)='net/rt_acct\x00') bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFC_CMD_DEV_DOWN(0xffffffffffffffff, 0x0, 0x40) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x4a604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0xc162, 0x10000, 0x0, 0x6, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$igmp(0x2, 0x3, 0x2) r0 = syz_io_uring_setup(0x230, &(0x7f0000000380)={0x0, 0x5325, 0x10000, 0x1, 0x100002cf}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r3, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r4 = fcntl$dupfd(r3, 0x0, r3) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000080}, 0x24004080) sendmsg$TEAM_CMD_OPTIONS_GET(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000002c40)=ANY=[], 0x40c}, 0x1, 0x0, 0x0, 0x90}, 0x8000) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x304}, "3f6906003d99b5b9", "ad19b9f81b7051508702a27013f65558c8a01f2ae65a25a4c4580daf90219442", "d78279e4", "ba02af61de6197b6"}, 0x38) r5 = syz_io_uring_setup(0xbda, &(0x7f0000000640)={0x0, 0x356e, 0x800, 0x1, 0x40000334}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0) 1.700280077s ago: executing program 0 (id=3535): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18) io_setup(0x239f, &(0x7f0000000380)) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000000, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x9, 0x690bb, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x6, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x1) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fbd3df2502000000050004000100000005000400010000001400020076657468315f746f5f7465616d0000000900030073797a3200000000090001007379"], 0x68}, 0x1, 0x0, 0x0, 0x4000145}, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x120001, 0x0) socket$kcm(0x11, 0x6, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001c00010429bd7000ffdbdf2507000000", @ANYRES32=r5, @ANYBLOB="e0ff8b0a0a0002"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x24040040) ioctl$TIOCOUTQ(r4, 0x5411, &(0x7f0000000040)) openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x440101, 0x11, 0x310942aa27085c75}, 0x18) creat(0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x1, 0x0, 0x7ffc0002}]}) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xff}, 0x100002, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x1ffffffffffffe47, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) link(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='./file0\x00') 1.56306936s ago: executing program 0 (id=3540): mmap$perf(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x4000011, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x0, 0x6, 0x0, 0x0, 0x7, 0x3040, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_bp={0x0, 0x4}, 0x120, 0x10000, 0x4, 0x6, 0x5, 0x20007, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffbfffffffffffff, 0xffffffffffffffff, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES16=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3000000955d9c64a12289ffb671290a69a8cff21dee185eb1b193b94a83f5d4a2a7a5ac24f516c228b8bb9e76e97149a7fa72f723a6c5dfc5387ee6e11303cbce4d3ab00eb7a738c2a6eb4bfbfd23dda0fc342e65f9de925db822a547870bd64772d62f13c468e4ad47a63dd7535b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4, 0x0, 0xffffffffffffffff}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r3}, &(0x7f00000008c0), &(0x7f0000000880)=r4}, 0x20) creat(&(0x7f00000002c0)='./file0\x00', 0x4c) open$dir(0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) 1.417122593s ago: executing program 2 (id=3541): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x101000) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8}]}, 0x4c}}, 0x0) 1.395040085s ago: executing program 0 (id=3542): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000020000000000000000180900", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2f}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x106}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x8c}}, 0x20050800) 1.378698517s ago: executing program 0 (id=3543): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="300000000101010100000000000000000a0000930c0019800800020088000000100002800c000280040001"], 0x30}, 0x1, 0x0, 0x0, 0x8010}, 0x20008040) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r5, @ANYBLOB="0100000000000000000001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce8514000400e76a686bac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000200da0008000200e000000105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000000000000000000000000400000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080003000100000024000200cde20bc0d9b90ac13642d7b66459dd9db5e20b4b16d3d23f2cb03a8aa417dce6080007000000000014000200776730"], 0x1c8}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r0}, 0x18) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r6, 0x4b72, &(0x7f0000000040)={0x0, 0x4000000, 0x8, 0xd, 0x200, &(0x7f0000001500)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000a0000fdfd000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000005000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) 1.331612131s ago: executing program 0 (id=3544): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x110, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x6}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0xac, 0x2, [@TCA_BPF_POLICE={0x4}, @TCA_BPF_OPS={{0x6, 0x4, 0x4}, {0x24, 0x5, [{0x9, 0xc0, 0x7, 0x6}, {0xf, 0x9, 0x2, 0x9}, {0x5, 0x3, 0x5, 0x3}, {0x2, 0x4, 0x2, 0x8}]}}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x3, 0x49, 0x7, 0x4}]}}, @TCA_BPF_FLAGS={0x8}, @TCA_BPF_POLICE={0x54, 0x2, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x2}, @TCA_POLICE_RESULT={0x8, 0x5, 0x4}, @TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x3, 0x3, 0x401, 0x9, {0xf, 0x2, 0x9f, 0x3ff, 0x3, 0x9}, {0xd, 0x3, 0x40, 0x7f, 0x0, 0x8}, 0xa, 0x200008}}]}, @TCA_BPF_FLAGS={0x8, 0x8, 0x1}]}}, @filter_kind_options=@f_bpf={{0x8}, {0x28, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x4}, @TCA_BPF_OPS={{0x6}, {0x4}}]}}]}, 0x110}, 0x1, 0x0, 0x0, 0x81}, 0x28000080) r2 = socket(0x10, 0x803, 0x0) sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {0x0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000300)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x18) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000100000024000180060005004e230000060001000200000008000300ac1414aa0800060001"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x4c080) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="010028bd7000fcdbdf2504"], 0x14}}, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = dup(r6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r8}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r10 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r9}, 0x10) fcntl$getown(r10, 0x9) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x4, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'vlan0\x00', @ifru_mtu=0x2}) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) 1.325745481s ago: executing program 2 (id=3545): r0 = socket$pppoe(0x18, 0x1, 0x0) syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f0000000240)='./file1\x00', 0x2, &(0x7f0000000280)=ANY=[], 0x1, 0x56f, &(0x7f00000002c0)="$eJzs3c9v02gawPHH3ZaWrMSudlcIVS28lF2pSCU4CRRFnLzOm/SFxI5sB9oTqmiKKlIW0V1p2xsXdlfa+SO4zn2uo7nPdf4NNHMazS0j20mb0vyglDbt6PuJ4HXsx+/7OI3yyG38WgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFhuybZzllSN11hVg7mlwK8N2d7t7/ahZsi4Ilb8T2Zm5Fq66tpfDjZfjf9bkLn02ZzMxM2M7P3+6h8f/nlyorv/kITOxM7u3sv1Vqv5ZtyJjElFeyb0Tc2paGVCXxUvi8hKOVRlU9XhWhjpmnID7UR+oBbd2ypXLBaUzq75Da9Scqq6u/LBnbxtL6tH2bp2gtD37j7Khu6KqVaNV0li4s1xzIP4jfjYRCrSTk2pza1WszAqyTgo9ylB+VFBeTufz+Xy+dzy/eL9B7Y9eWSFfcAS27blSMT437QYry/8CQ58volO/ZeqGPGkIaui+j5cKUkgvtQGbO/o1v+/3dVDx+2t/90qf+1g86wk9f96+uz6oPo/IJchj6m4o2Pv9fHjUrePHdmVPXkp69KSljTlzcn7vlCPimjxxEgovhipiZOsUZ01SoqyLMtiyzNZkbKEoqQsRqqiJZQ1CSUSnbyjXAlEiyOR+BKIkkVx5bYoyUl7uigFUaIlK2viS0M8qUhJnKSXTdlKXvfCkBz3g3JDgp5233n5IUHHqv+J3l2+p/6D+o/zpN2t/x/73TiyAQAAAAAAp8FKfvsen/9PybzIlCVlU9X2uNMCAAAAAABfUPKX/7m4Sb4ZNy8W5/8AAAAAAPzWWMk1dpaIZORGutS9XKrzS4D2H8adIwAAAAAAOJnk7//X4yYTL90Q6+PzfwAAAAAAcNH9d9Ac+9+JtDvTAk5b3/4oQTBlva2v/tXaduJ1znZngsAj8wRG5VnrSqeTpFme7Dxz9ZzVmf1yfxLMD51mc9Rc/9YXSED+LzfTmJsbabvR3ZKOkimbqs66fvVhThznykSkV6N/vdr6tySH/z+vdsX6aXOr1cw+/0drI8nlbdzL2+3OK3VkHsUhufxT5tOY+f5HPJVciNEZN2NJPK7de/wT6e4TxxjznSykMQuZtM0cPv6ZeMxcdtDRp1lMi8iJjvyd3Epjbi3eSps+WeRHZNHM977+n/VafEIWhWFZTG+1moUTZgEA47I5vAqlDtfdz/iUO5vq/k4W05jF2eSDdXK2zye6Paqu2H3q+sz+8JMjs/j6yD2QBtXYeNyv9sfNJeO+j3d4P7CqhtW8JTOvf263t1/L1Z3dvTtb2+svmi+ar/L5wrJ9z7bv52UqOYxOQ+0BAPQx+h47IyOseyPOqv+0/5WCrDwX+aXd3pCl5GqD5BsHfXvN9HwNYWnEWWum5w4vSyPO6g5i88eILZzBTwIAgLOzMKIOD67/VvcuftbSiPPuw7W85+z4khw5O+6t5QAA4HTo4IOVif5jBYGpP8sVizknWtEq8N3HKjClilbGi3TgrjheRat64Ee+61fjhSempEMVNup1P4hU2Q9U3Q/NanLnd9W59Xuoa44XGTesV7UTauX6XuS4kSqZ0FX1xt+rJlzRQbJzWNeuKRvXiYzvqdBvBK7OKhVq3RNoStqLTNnEi56qB6bmBGvqiV9t1LQq6dANTD3y0w67Yxmv7Ae1pNvsuF9sAADOiZ3dvZfrrVbzzSkujPsYAQDAYVRpAAAAAAAAAAAAAAAAAAAAAADOv7O4/u/iLUyfRs9P5TRSvSwiw2N+yIj0rmm3P3WIifPwszi00J10ekjMN+ck1Yu+0O/T4sh81AAusF8DAAD//150VEs=") chdir(&(0x7f0000000000)='./file0\x00') mount$9p_fd(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x2000, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) socket$pppoe(0x18, 0x1, 0x0) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x0, @empty, 'veth1_vlan\x00'}}, 0x1e) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x1, @empty, 'ip_vti0\x00'}}, 0x1e) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r4, 0x0, 0xd4d}, 0x18) close(r1) 1.285196265s ago: executing program 0 (id=3546): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[], 0x50) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x7, &(0x7f0000006680)) nanosleep(&(0x7f0000000000), 0x0) syz_open_procfs(0x0, &(0x7f0000000340)='net/rt_acct\x00') bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFC_CMD_DEV_DOWN(0xffffffffffffffff, 0x0, 0x40) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x4a604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0xc162, 0x10000, 0x0, 0x6, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$igmp(0x2, 0x3, 0x2) r0 = syz_io_uring_setup(0x230, &(0x7f0000000380)={0x0, 0x5325, 0x10000, 0x1, 0x100002cf}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r3, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r4 = fcntl$dupfd(r3, 0x0, r3) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000080}, 0x24004080) sendmsg$TEAM_CMD_OPTIONS_GET(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000002c40)=ANY=[], 0x40c}, 0x1, 0x0, 0x0, 0x90}, 0x8000) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x304}, "3f6906003d99b5b9", "ad19b9f81b7051508702a27013f65558c8a01f2ae65a25a4c4580daf90219442", "d78279e4", "ba02af61de6197b6"}, 0x38) r5 = syz_io_uring_setup(0xbda, &(0x7f0000000640)={0x0, 0x356e, 0x800, 0x1, 0x40000334}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0) 1.22376897s ago: executing program 2 (id=3547): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000c40)=ANY=[@ANYBLOB="993b972bf7e4b64b3e102589970b43b82e2e15d1fcf90548751106d02393741f13ebef9c8fcdce6b8653bab9c3cebbd444d50177c886cd421d72b64c63c3e1af4ac299b450a5954b5538f88897e1b008024954a7865926eb620a3f7318a314fc7912d5cb5486d920ccb8e5592b80ae916eb16aff373c097df7037f54d6b1760b6dee1a725129bb2e89cc804b3d864e11a0ab2a6169431b5234cf52dfcfb487d04e734a7470eddda688fddb84d2b0ab99c1731da488b2a1a3e2243cdf683ad4c0aba9f146d53560fa708ab11f2df7e8f0226b6527efe780a399b0686175", @ANYRES16=r1, @ANYBLOB="00022abd7000fedbdf250600000006001a004e2400000c001000000000000000000014001f00fe8000000000000000000000000000bb08000b0002000000"], 0x58}, 0x1, 0x0, 0x0, 0x8064}, 0x4000000) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)={0x114, r3, 0x8, 0x70bd26, 0x25dfdbff, {}, [@handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xa1, 0xa8, @random="c6e23c65e696ebe27508605d8ed7e6faf112121b5d1b11dbaa544c4b63e0ada669539e51e5ee0bb8955ea5668e8f06090ec0dab5d81264cff6220139c7490fc179a31c313998cd7c6918a48ea25f41d180d345605db6e6e53959bf01c04d69cee09ed694ab80e52caa8cd1904d1b1b99056918749c085ebd3e72b692db4413d14c9cb979ea84ca64fb6e9501993a1249a07cc443d297e1e3f645d26e05"}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x114}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008014) r4 = syz_genetlink_get_family_id$team(&(0x7f0000000580), r2) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000600)={'erspan0\x00', &(0x7f00000005c0)={'syztnl0\x00', 0x0, 0x80, 0xb0, 0xffe00000, 0x4, {{0x7, 0x4, 0x1, 0x8, 0x1c, 0x66, 0x0, 0x4, 0x4, 0x0, @empty, @remote, {[@ra={0x94, 0x4, 0x1}, @noop]}}}}}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = openat(0xffffffffffffffff, &(0x7f0000000b40)='./file0\x00', 0x26201, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000c00)={0x1ff, 0x0}, 0x8) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000b00)={@fallback=r7, r0, 0x28, 0x2020, 0x0, @void, @void, @value=r8}, 0x20) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000880)={0x2c, r9, 0x1, 0x4070bd28, 0x1, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r10}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x2c}}, 0x18) r11 = socket(0x1, 0x803, 0x0) getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r13 = socket(0x10, 0x3, 0x0) connect$netlink(r13, &(0x7f0000000280)=@proc={0x10, 0x0, 0x1}, 0xc) sendmsg$nl_route_sched(r13, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000940)=@newtaction={0x18, 0x32, 0x829, 0x0, 0x0, {0x0, 0x0, 0x2}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4010}, 0x0) sendmsg$nl_route(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r12}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, r12, 0x0, 0x343}}}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x48800}, 0x0) r14 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r14, 0x8933, &(0x7f00000000c0)={'bond0\x00', 0x0}) sendmsg$nl_route(r14, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x2000000, {0x0, 0x0, 0x0, 0x0, 0x18603}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r15}, @IFLA_MASTER={0x8, 0xa, r15}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054) sendmsg$TEAM_CMD_NOOP(r2, &(0x7f0000000ac0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000a80)={&(0x7f0000000740)={0x32c, r4, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [{{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x6000000}}}]}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r10}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r12}}}]}}, {{0x8, 0x1, r5}, {0xfc, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}]}}, {{0x8, 0x1, r15}, {0xc0, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4d0d0000}}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x2, 0x8, 0x9, 0x20002}, {0x7, 0xf7, 0x3, 0xa}]}}}]}}, {{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}]}}]}, 0x32c}, 0x1, 0x0, 0x0, 0x40084}, 0xc040) 774.238751ms ago: executing program 1 (id=3550): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18) io_setup(0x239f, &(0x7f0000000380)) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000000, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x9, 0x690bb, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x6, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x1) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fbd3df2502000000050004000100000005000400010000001400020076657468315f746f5f7465616d0000000900030073797a3200000000090001007379"], 0x68}, 0x1, 0x0, 0x0, 0x4000145}, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x120001, 0x0) socket$kcm(0x11, 0x6, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001c00010429bd7000ffdbdf2507000000", @ANYRES32=r5, @ANYBLOB="e0ff8b0a0a0002"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x24040040) ioctl$TIOCOUTQ(r4, 0x5411, &(0x7f0000000040)) openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x440101, 0x11, 0x310942aa27085c75}, 0x18) creat(0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x1, 0x0, 0x7ffc0002}]}) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xff}, 0x100002, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x1ffffffffffffe47, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) link(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='./file0\x00') 700.360517ms ago: executing program 2 (id=3551): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000006c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0xe4, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x6}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x80, 0x2, [@TCA_BPF_POLICE={0x4}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x3, 0x49, 0x7, 0x4}]}}, @TCA_BPF_FLAGS={0x8}, @TCA_BPF_POLICE={0x54, 0x2, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x2}, @TCA_POLICE_RESULT={0x8, 0x5, 0x4}, @TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x3, 0x3, 0x401, 0x9, {0xf, 0x2, 0x9f, 0x3ff, 0x3, 0x9}, {0xd, 0x3, 0x40, 0x7f, 0x0, 0x8}, 0xa, 0x200008}}]}, @TCA_BPF_FLAGS={0x8, 0x8, 0x1}]}}, @filter_kind_options=@f_bpf={{0x8}, {0x28, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x4}, @TCA_BPF_OPS={{0x6}, {0x4}}]}}]}, 0xe4}, 0x1, 0x0, 0x0, 0x81}, 0x28000080) r2 = socket(0x10, 0x803, 0x0) sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/70, 0x46}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000300)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x18) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="010028bd7000fcdbdf2504"], 0x14}}, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = dup(r6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r8}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r10 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r9}, 0x10) fcntl$getown(r10, 0x9) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x4, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'vlan0\x00', @ifru_mtu=0x2}) 637.805423ms ago: executing program 1 (id=3552): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x120001, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, 0x0) 594.914457ms ago: executing program 1 (id=3553): r0 = socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000980)='\xff\x00\x00\x00\x00\x00\x000`\x14\x99\x06\xc0\x7fs\x00\t\x14\x17\xc3\xf5\xc9\v\x85\xe7\x00\x00\x18\x88\x06\x94\x98\xa9\xe7\x1c\x8a\x89\xdc\xcc\xf7L\xbd%\xc3!\x0e\x91S\xb2~8\"\xe2\xed\xbf\x12\x1a\\6p\'p\xef\x1a\n\x99\x12\xe8\'\x1c\x97M\xa5N\xd9\xbeV&\x1c2K?\x95\xd9\"\xbe\x050+\xca\xea\'\xe9)\xfe\xeb\x9c\xb5\xa0F`\xe4D\x10F\x831\xec\\v\xf0\xab_M\b\x03\xc3\n\x89\x01E`\xd35Q2\xecZz\xdc\x065p\x1c\x8f\x9b\x99IGXO\x00\x00\v\xed\xb0\xc5\xd4\xc7,\x1a\xb3}CMOO\x8a\xa8kh\x7f\x05c\xfc\xebb\xc8\xa2\xa9\xbf\xb3\x9b\xafE\xbd\xc5\xdc\xde\xbe_') unshare(0x400) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) 536.468432ms ago: executing program 1 (id=3554): mmap$perf(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x4000011, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x0, 0x6, 0x0, 0x0, 0x7, 0x3040, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_bp={0x0, 0x4}, 0x120, 0x10000, 0x4, 0x6, 0x5, 0x20007, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffbfffffffffffff, 0xffffffffffffffff, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES16=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3000000955d9c64a12289ffb671290a69a8cff21dee185eb1b193b94a83f5d4a2a7a5ac24f516c228b8bb9e76e97149a7fa72f723a6c5dfc5387ee6e11303cbce4d3ab00eb7a738c2a6eb4bfbfd23dda0fc342e65f9de925db822a547870bd64772d62f13c468e4ad47a63dd7535b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4, 0x0, 0xffffffffffffffff}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r3}, &(0x7f00000008c0), &(0x7f0000000880)=r4}, 0x20) creat(&(0x7f00000002c0)='./file0\x00', 0x4c) open$dir(0x0, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) 429.724191ms ago: executing program 1 (id=3555): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="300000000101010100000000000000000a0000930c0019800800020088000000100002800c000280040001"], 0x30}, 0x1, 0x0, 0x0, 0x8010}, 0x20008040) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r5, @ANYBLOB="0100000000000000000001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce8514000400e76a686bac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000200da0008000200e000000105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000000000000000000000000400000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080003000100000024000200cde20bc0d9b90ac13642d7b66459dd9db5e20b4b16d3d23f2cb03a8aa417dce6080007000000000014000200776730"], 0x1c8}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r0}, 0x18) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r6, 0x4b72, &(0x7f0000000040)={0x0, 0x4000000, 0x8, 0xd, 0x200, &(0x7f0000001500)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000a0000fdfd000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000005000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) 402.752264ms ago: executing program 1 (id=3556): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x110, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x6}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0xac, 0x2, [@TCA_BPF_POLICE={0x4}, @TCA_BPF_OPS={{0x6, 0x4, 0x4}, {0x24, 0x5, [{0x9, 0xc0, 0x7, 0x6}, {0xf, 0x9, 0x2, 0x9}, {0x5, 0x3, 0x5, 0x3}, {0x2, 0x4, 0x2, 0x8}]}}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x3, 0x49, 0x7, 0x4}]}}, @TCA_BPF_FLAGS={0x8}, @TCA_BPF_POLICE={0x54, 0x2, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x2}, @TCA_POLICE_RESULT={0x8, 0x5, 0x4}, @TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x3, 0x3, 0x401, 0x9, {0xf, 0x2, 0x9f, 0x3ff, 0x3, 0x9}, {0xd, 0x3, 0x40, 0x7f, 0x0, 0x8}, 0xa, 0x200008}}]}, @TCA_BPF_FLAGS={0x8, 0x8, 0x1}]}}, @filter_kind_options=@f_bpf={{0x8}, {0x28, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x4}, @TCA_BPF_OPS={{0x6}, {0x4}}]}}]}, 0x110}, 0x1, 0x0, 0x0, 0x81}, 0x28000080) r2 = socket(0x10, 0x803, 0x0) sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {0x0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000300)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x18) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000100000024000180060005004e230000060001000200000008000300ac1414aa0800060001"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x4c080) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="010028bd7000fcdbdf2504"], 0x14}}, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = dup(r6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r8}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r10 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r9}, 0x10) fcntl$getown(r10, 0x9) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x4, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'vlan0\x00', @ifru_mtu=0x2}) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) 151.759597ms ago: executing program 5 (id=3558): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)=0x0) sendto(r0, 0x0, 0x0, 0x20000080, &(0x7f0000000340)=@nfc_llcp={0x27, r1, 0x1, 0x4, 0x80, 0x0, "1afe3d7d049d35b2d40dd8ebed522bd9328eee953b9b13a673da1fd01032de32d2b499bf91151d7c5aaa5d0359db7fcd0c23fe0600fc35f1e6946c8dcdfd58", 0x1d}, 0x80) 116.20109ms ago: executing program 5 (id=3560): socket$xdp(0x2c, 0x3, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() socket$inet_tcp(0x2, 0x1, 0x0) sched_setscheduler(r2, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r6}, 0x18) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x498, 0x320, 0xa, 0x148, 0x368, 0x60, 0x400, 0x2a8, 0x2a8, 0x400, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2f8, 0x368, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x8601, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x4f8) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) r8 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r9, &(0x7f0000001a40), 0x0) ioctl$PTP_PEROUT_REQUEST2(r8, 0x40383d0c, &(0x7f00000000c0)) 115.67307ms ago: executing program 3 (id=3561): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000003c0), r0) sendmsg$NLBL_CIPSOV4_C_LISTALL(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)={0x14, r1, 0xfb59b128081ca7fb}, 0x14}}, 0x0) 87.669292ms ago: executing program 3 (id=3562): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000020000000000000000180900", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2f}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x106}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x8c}}, 0x20050800) 74.635234ms ago: executing program 3 (id=3563): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000380)='kmem_cache_free\x00', r1, 0x0, 0x7}, 0x18) connect$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e21, 0x6, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) 58.178785ms ago: executing program 3 (id=3564): r0 = socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SET_NAME(0xf, 0x0) unshare(0x400) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) 486.77µs ago: executing program 3 (id=3565): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$key(0xf, 0x3, 0x2) ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, &(0x7f0000000600)=0x14) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd9b, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010328bd7000fedbdf251c0000000c00018008000100", @ANYRES32=r6], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x10) close(0xffffffffffffffff) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r8}, 0x18) sendmsg$key(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020908090400000029bd7000ffdbdf25020001"], 0x20}}, 0x4000010) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@getnexthop={0x20, 0x76, 0x401, 0x0, 0x25dfdbfc, {}, [@NHA_ID={0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x24000054}, 0xc0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e746572009c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000700003806c000080080003400000000260000b"], 0x130}, 0x1, 0x0, 0x0, 0x8000}, 0x8880) r10 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCOUTQ(r10, 0x5411, 0x0) 0s ago: executing program 3 (id=3566): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x19, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) write$cgroup_devices(r2, 0x0, 0x9) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r5, 0x0, 0x1}, 0x18) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000001d80)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000c0], 0x11, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000e9ffffff0000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff00000000"]}, 0x108) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0) syz_open_pts(r6, 0x0) io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x400000000000000) kernel console output (not intermixed with test programs): dge_slave_0: entered promiscuous mode [ 231.486920][ T52] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.498917][T11801] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.506047][T11801] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.516611][T11801] bridge_slave_1: entered allmulticast mode [ 231.524431][T11801] bridge_slave_1: entered promiscuous mode [ 231.546331][T11801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 231.557212][ T52] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.569517][T11801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 231.591622][ T52] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.603354][T11801] team0: Port device team_slave_0 added [ 231.610267][T11801] team0: Port device team_slave_1 added [ 231.626868][T11801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 231.633931][T11801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 231.659983][T11801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 231.675569][T11801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 231.682591][T11801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 231.708513][T11801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 231.741862][ T52] bridge_slave_1: left allmulticast mode [ 231.747528][ T52] bridge_slave_1: left promiscuous mode [ 231.753237][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.756698][T11818] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3025'. [ 231.770061][ T52] bridge_slave_0: left allmulticast mode [ 231.775741][ T52] bridge_slave_0: left promiscuous mode [ 231.781485][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.804431][T11824] loop2: detected capacity change from 0 to 164 [ 231.812185][T11824] Unsupported NM flag settings (240) [ 231.840127][ T52] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 231.870227][ T29] kauditd_printk_skb: 182 callbacks suppressed [ 231.870243][ T29] audit: type=1326 audit(1767907665.526:17207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11828 comm="syz.2.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 231.900126][ T29] audit: type=1326 audit(1767907665.546:17208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11828 comm="syz.2.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 231.923805][ T29] audit: type=1326 audit(1767907665.546:17209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11828 comm="syz.2.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 231.947355][ T29] audit: type=1326 audit(1767907665.546:17210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11828 comm="syz.2.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 231.971433][ T29] audit: type=1326 audit(1767907665.546:17211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11828 comm="syz.2.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 231.995230][ T29] audit: type=1326 audit(1767907665.546:17212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11828 comm="syz.2.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 232.018750][ T29] audit: type=1326 audit(1767907665.546:17213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11828 comm="syz.2.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 232.042379][ T29] audit: type=1326 audit(1767907665.546:17214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11828 comm="syz.2.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 232.066024][ T29] audit: type=1326 audit(1767907665.546:17215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11828 comm="syz.2.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 232.089595][ T29] audit: type=1326 audit(1767907665.556:17216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11828 comm="syz.2.3030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 232.108432][T11835] loop5: detected capacity change from 0 to 4096 [ 232.127939][T11835] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 232.147040][T11839] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3033'. [ 232.161268][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 232.171136][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 232.181143][ T52] bond0 (unregistering): Released all slaves [ 232.189641][ T52] bond1 (unregistering): left promiscuous mode [ 232.197444][ T52] team0: Port device macvlan2 removed [ 232.206577][ T52] bond1 (unregistering): Released all slaves [ 232.215868][ T52] bond2 (unregistering): left promiscuous mode [ 232.224120][ T52] team0: Port device macvlan3 removed [ 232.232375][ T52] bond2 (unregistering): Released all slaves [ 232.241300][ T52] bond3 (unregistering): Released all slaves [ 232.249389][ T52] bond4 (unregistering): left promiscuous mode [ 232.257993][ T52] team0: Port device macvlan4 removed [ 232.266026][ T52] bond4 (unregistering): Released all slaves [ 232.327908][T11801] hsr_slave_0: entered promiscuous mode [ 232.335647][ T5602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.345589][T11801] hsr_slave_1: entered promiscuous mode [ 232.351789][T11801] debugfs: 'hsr0' already exists in 'hsr' [ 232.357526][T11801] Cannot create hsr debugfs directory [ 232.365385][ T52] hsr_slave_0: left promiscuous mode [ 232.373167][ T52] hsr_slave_1: left promiscuous mode [ 232.379267][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 232.386743][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 232.394315][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 232.401718][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 232.412611][ T52] veth1_macvtap: left promiscuous mode [ 232.418159][ T52] veth0_macvtap: left promiscuous mode [ 232.428465][ T52] veth1_vlan: left promiscuous mode [ 232.434212][ T52] veth0_vlan: left promiscuous mode [ 232.515802][ T52] team0 (unregistering): Port device team_slave_1 removed [ 232.525561][ T52] team0 (unregistering): Port device team_slave_0 removed [ 232.589154][T11861] loop5: detected capacity change from 0 to 164 [ 232.597118][T11861] Unsupported NM flag settings (240) [ 232.645986][T11863] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 232.662040][T11863] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3040'. [ 232.712967][T11870] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 232.871463][T11426] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.882317][T11801] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 232.893621][T11801] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 232.914292][ T5602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.926037][T11801] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 232.926342][T11873] netlink: 'syz.1.3044': attribute type 16 has an invalid length. [ 232.940696][T11873] netlink: 'syz.1.3044': attribute type 3 has an invalid length. [ 232.948439][T11873] netlink: 64066 bytes leftover after parsing attributes in process `syz.1.3044'. [ 232.960214][T11801] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 232.990398][T11883] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 233.011591][T11801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.021889][T11883] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 233.024590][T11801] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.034781][T11883] ext4 filesystem being mounted at /428/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 233.044264][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.058446][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.070389][T10320] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.077527][T10320] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.101249][ T5602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 233.123233][T11890] netlink: 'syz.5.3047': attribute type 1 has an invalid length. [ 233.153615][T11801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 233.233876][T11801] veth0_vlan: entered promiscuous mode [ 233.243304][T11801] veth1_vlan: entered promiscuous mode [ 233.259744][T11801] veth0_macvtap: entered promiscuous mode [ 233.267102][T11801] veth1_macvtap: entered promiscuous mode [ 233.278126][T11801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 233.289670][T11801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 233.302694][ T2167] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.315288][ T2167] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.338395][ T2167] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.342497][T11908] Unsupported NM flag settings (240) [ 233.354445][T11912] netlink: 'syz.2.3053': attribute type 1 has an invalid length. [ 233.355739][ T2167] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.376459][T11912] 8021q: adding VLAN 0 to HW filter on device bond1 [ 233.397201][T11912] macvlan2: entered promiscuous mode [ 233.402624][T11912] macvlan2: entered allmulticast mode [ 233.416214][T11912] bond1: entered promiscuous mode [ 233.424211][T11912] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 233.433282][T11912] team0: Port device macvlan2 added [ 233.448764][T11917] ip6gretap1: entered promiscuous mode [ 233.465568][T11921] netlink: 'syz.5.3055': attribute type 16 has an invalid length. [ 233.469253][T11917] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 233.473450][T11921] netlink: 'syz.5.3055': attribute type 3 has an invalid length. [ 233.490097][T11921] netlink: 64066 bytes leftover after parsing attributes in process `syz.5.3055'. [ 233.527334][T11923] Unsupported NM flag settings (240) [ 233.744061][T11925] lo speed is unknown, defaulting to 1000 [ 233.919442][T11939] Unsupported NM flag settings (240) [ 233.973050][T11942] Unsupported NM flag settings (240) [ 234.349860][T11970] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3076'. [ 234.590836][T11983] EXT4-fs (loop2): failed to initialize system zone (-117) [ 234.598209][T11983] EXT4-fs (loop2): mount failed [ 234.674044][T11983] SELinux: failed to load policy [ 234.709262][T11996] Unsupported NM flag settings (240) [ 234.753855][T11998] netlink: 156 bytes leftover after parsing attributes in process `syz.1.3083'. [ 235.052912][T12014] vfat: Unknown parameter '0000000000000000000000400000000000037777777777煉 n&' [ 235.335681][T12039] EXT4-fs: inline encryption not supported [ 235.349733][T12039] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 235.365539][T12039] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #3: block 2: comm syz.3.3096: lblock 2 mapped to illegal pblock 2 (length 1) [ 235.380212][ T3317] syz_tun (unregistering): left allmulticast mode [ 235.386675][ T3317] syz_tun (unregistering): left promiscuous mode [ 235.393111][ T3317] bridge0: port 3(syz_tun) entered disabled state [ 235.399889][T12039] EXT4-fs (loop3): Remounting filesystem read-only [ 235.406963][T12039] EXT4-fs (loop3): 1 orphan inode deleted [ 235.458405][T12047] __nla_validate_parse: 2 callbacks suppressed [ 235.458419][T12047] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3098'. [ 235.473655][ T53] smc: removing ib device syz1 [ 235.478569][ T3416] syz1: Port: 1 Link DOWN [ 235.506400][T12031] lo speed is unknown, defaulting to 1000 [ 235.517937][T12049] set_capacity_and_notify: 12 callbacks suppressed [ 235.518010][T12049] loop3: detected capacity change from 0 to 2048 [ 235.590477][T12049] loop3: p1 p2 p3 [ 235.638126][T12031] chnl_net:caif_netlink_parms(): no params data found [ 235.742731][T10548] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.796448][T12031] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.803831][T12031] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.841540][T12031] bridge_slave_0: entered allmulticast mode [ 235.859097][T12031] bridge_slave_0: entered promiscuous mode [ 235.867960][T10548] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.888757][T12031] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.895864][T12031] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.919107][T12031] bridge_slave_1: entered allmulticast mode [ 235.921712][T12058] loop2: detected capacity change from 0 to 164 [ 235.930273][T12031] bridge_slave_1: entered promiscuous mode [ 235.945637][T10548] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.957628][T12058] Unsupported NM flag settings (240) [ 235.971371][T12031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 235.982106][T12031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 236.009381][T10548] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.041067][T12031] team0: Port device team_slave_0 added [ 236.047771][T12031] team0: Port device team_slave_1 added [ 236.068771][T12061] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3102'. [ 236.088414][T12061] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3102'. [ 236.100717][T12031] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 236.107753][T12031] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 236.133788][T12031] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 236.154236][T12062] loop2: detected capacity change from 0 to 512 [ 236.164341][T12053] loop3: detected capacity change from 0 to 512 [ 236.172994][T12053] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 236.174067][T12062] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 236.181158][T12031] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 236.198350][T12031] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 236.224279][T12031] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 236.224977][T12062] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3102'. [ 236.244593][T12053] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #13: comm syz.3.3100: iget: bad i_size value: 12154757448730 [ 236.257710][T12053] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3100: couldn't read orphan inode 13 (err -117) [ 236.280337][T12031] hsr_slave_0: entered promiscuous mode [ 236.285958][T12053] ip6t_srh: unknown srh match flags 4000 [ 236.286482][T12031] hsr_slave_1: entered promiscuous mode [ 236.302646][T12031] debugfs: 'hsr0' already exists in 'hsr' [ 236.304007][T12068] loop2: detected capacity change from 0 to 128 [ 236.308403][T12031] Cannot create hsr debugfs directory [ 236.341916][T10548] bridge_slave_1: left allmulticast mode [ 236.347588][T10548] bridge_slave_1: left promiscuous mode [ 236.353386][T10548] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.369767][T10548] bridge_slave_0: left allmulticast mode [ 236.375477][T10548] bridge_slave_0: left promiscuous mode [ 236.381172][T10548] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.388850][T12068] vfat: Unknown parameter '0000000000000000000000400000000000037777777777煉 n&' [ 236.426882][T10548] bond3 (unregistering): (slave ip6gretap1): Releasing active interface [ 236.454009][T10548] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 236.511311][T10548] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 236.521303][T10548] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 236.531003][T10548] bond0 (unregistering): Released all slaves [ 236.541135][T10548] bond1 (unregistering): Released all slaves [ 236.546477][T12072] loop2: detected capacity change from 0 to 512 [ 236.555796][T10548] bond2 (unregistering): Released all slaves [ 236.562738][T12072] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 236.564654][T10548] bond3 (unregistering): Released all slaves [ 236.580990][T10548] bond4 (unregistering): Released all slaves [ 236.582321][T12072] EXT4-fs (loop2): orphan cleanup on readonly fs [ 236.595569][T10548] bond5 (unregistering): Released all slaves [ 236.604540][T10548] bond6 (unregistering): Released all slaves [ 236.605409][T12072] EXT4-fs warning (device loop2): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 236.625095][T12072] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 236.631712][T12072] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.3104: bad orphan inode 768 [ 236.655106][T12071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=12071 comm=syz.2.3104 [ 236.667834][T12071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=12071 comm=syz.2.3104 [ 236.667997][T12075] loop5: detected capacity change from 0 to 4096 [ 236.680541][T12071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=12071 comm=syz.2.3104 [ 236.680562][T12071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=12071 comm=syz.2.3104 [ 236.712318][T12071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2562 sclass=netlink_route_socket pid=12071 comm=syz.2.3104 [ 236.725031][T12071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=12071 comm=syz.2.3104 [ 236.782475][T10548] hsr_slave_0: left promiscuous mode [ 236.788295][T10548] hsr_slave_1: left promiscuous mode [ 236.794274][T10548] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 236.801688][T10548] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 236.809368][T10548] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 236.816829][T10548] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 236.831773][T10548] veth1_macvtap: left promiscuous mode [ 236.837386][T10548] veth0_macvtap: left promiscuous mode [ 236.845671][T10548] veth1_vlan: left promiscuous mode [ 236.853134][T10548] veth0_vlan: left promiscuous mode [ 236.892708][ T29] kauditd_printk_skb: 299 callbacks suppressed [ 236.892787][ T29] audit: type=1326 audit(1767907670.546:17514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12077 comm="syz.3.3106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb961f749 code=0x7ffc0000 [ 236.922761][ T29] audit: type=1326 audit(1767907670.546:17515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12077 comm="syz.3.3106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fddb961f749 code=0x7ffc0000 [ 236.946246][ T29] audit: type=1326 audit(1767907670.546:17516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12077 comm="syz.3.3106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb961f749 code=0x7ffc0000 [ 236.969841][ T29] audit: type=1326 audit(1767907670.546:17517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12077 comm="syz.3.3106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fddb961f749 code=0x7ffc0000 [ 236.993327][ T29] audit: type=1326 audit(1767907670.546:17518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12077 comm="syz.3.3106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb961f749 code=0x7ffc0000 [ 237.016996][ T29] audit: type=1326 audit(1767907670.546:17519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12077 comm="syz.3.3106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fddb961f749 code=0x7ffc0000 [ 237.040573][ T29] audit: type=1326 audit(1767907670.546:17520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12077 comm="syz.3.3106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb961f749 code=0x7ffc0000 [ 237.064123][ T29] audit: type=1326 audit(1767907670.546:17521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12077 comm="syz.3.3106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fddb961f749 code=0x7ffc0000 [ 237.087926][ T29] audit: type=1326 audit(1767907670.546:17522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12077 comm="syz.3.3106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb961f749 code=0x7ffc0000 [ 237.111534][ T29] audit: type=1326 audit(1767907670.546:17523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12077 comm="syz.3.3106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7fddb961f749 code=0x7ffc0000 [ 237.135533][T11306] EXT4-fs unmount: 10 callbacks suppressed [ 237.135551][T11306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.225223][ T5602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.249822][T12084] validate_nla: 2 callbacks suppressed [ 237.249837][T12084] netlink: 'syz.2.3107': attribute type 1 has an invalid length. [ 237.267077][ T3416] lo speed is unknown, defaulting to 1000 [ 237.272907][ T3416] infiniband syz2: ib_query_port failed (-19) [ 237.308940][T12089] loop5: detected capacity change from 0 to 2048 [ 237.343085][T12089] loop5: p1 p2 p3 [ 237.347233][T12093] loop2: detected capacity change from 0 to 2048 [ 237.380480][T12093] loop2: p1 p2 p3 [ 237.584966][T12031] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 237.593884][T12031] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 237.603290][T12031] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 237.611613][T12031] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 237.642489][T12031] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.654439][T12031] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.663950][T10548] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.671045][T10548] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.681433][T10548] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.688487][T10548] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.742322][T12031] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 237.795811][T12118] loop1: detected capacity change from 0 to 164 [ 237.805767][T12118] Unsupported NM flag settings (240) [ 237.813231][T12031] veth0_vlan: entered promiscuous mode [ 237.821107][T12031] veth1_vlan: entered promiscuous mode [ 237.836032][T12031] veth0_macvtap: entered promiscuous mode [ 237.844134][T12031] veth1_macvtap: entered promiscuous mode [ 237.855346][T12031] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 237.870502][T12031] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 237.881235][ T9663] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.890189][ T9663] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.900429][ T9663] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.909214][ T9663] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.945961][T12123] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 237.956089][T12123] EXT4-fs (loop1): orphan cleanup on readonly fs [ 237.963256][T12123] EXT4-fs warning (device loop1): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 237.977974][T12123] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 237.984682][T12123] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.3116: bad orphan inode 768 [ 237.995810][T12123] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 238.009520][T12123] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=12123 comm=syz.1.3116 [ 238.022271][T12123] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=12123 comm=syz.1.3116 [ 238.034988][T12123] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=12123 comm=syz.1.3116 [ 238.037837][T12126] xt_ecn: cannot match TCP bits for non-tcp packets [ 238.047680][T12123] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=12123 comm=syz.1.3116 [ 238.077382][T11426] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.125490][T12131] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3095'. [ 238.136786][T12131] tipc: Enabling of bearer rejected, failed to enable media [ 238.273515][T12147] Unsupported NM flag settings (240) [ 238.321640][T12152] netlink: 'syz.2.3125': attribute type 16 has an invalid length. [ 238.329584][T12152] netlink: 'syz.2.3125': attribute type 3 has an invalid length. [ 238.337325][T12152] netlink: 64066 bytes leftover after parsing attributes in process `syz.2.3125'. [ 238.360684][T12150] loop3: p1 p2 p3 [ 238.395703][T12154] Unsupported NM flag settings (240) [ 238.433182][T12157] netlink: 'syz.3.3127': attribute type 1 has an invalid length. [ 238.466846][T12159] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 238.476527][T12159] EXT4-fs (loop3): orphan cleanup on readonly fs [ 238.483021][T12159] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 238.497539][T12159] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 238.504158][T12159] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.3128: bad orphan inode 768 [ 238.515154][T12159] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 238.538046][T11801] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.600512][T12162] loop3: p1 p2 p3 [ 238.748741][T12169] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3132'. [ 238.783952][T12171] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3133'. [ 238.874481][T12177] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3136'. [ 239.066693][T12191] 8021q: adding VLAN 0 to HW filter on device bond6 [ 239.091300][T12191] macvlan5: entered promiscuous mode [ 239.096638][T12191] macvlan5: entered allmulticast mode [ 239.103792][T12191] bond6: entered promiscuous mode [ 239.109114][T12191] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 239.117622][T12191] team0: Port device macvlan5 added [ 239.183512][T12200] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3145'. [ 239.259757][T12206] macvlan2: entered promiscuous mode [ 239.265081][T12206] macvlan2: entered allmulticast mode [ 239.272917][T12206] netdevsim netdevsim3 netdevsim3: entered promiscuous mode [ 239.293243][T12206] team0: Port device macvlan2 added [ 239.657712][T12228] netlink: 'syz.3.3157': attribute type 1 has an invalid length. [ 239.721829][T12232] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.753815][T12236] netlink: 'syz.3.3159': attribute type 1 has an invalid length. [ 239.770938][T12235] EXT4-fs (loop0): failed to initialize system zone (-117) [ 239.778561][T12235] EXT4-fs (loop0): mount failed [ 239.780782][T12237] bond_slave_0: entered promiscuous mode [ 239.789202][T12237] bond_slave_1: entered promiscuous mode [ 239.797419][T12237] macvtap1: entered allmulticast mode [ 239.802898][T12237] bond0: entered allmulticast mode [ 239.808011][T12237] bond_slave_0: entered allmulticast mode [ 239.813769][T12237] bond_slave_1: entered allmulticast mode [ 239.835883][T12237] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 239.862521][T12237] bond0: left allmulticast mode [ 239.867408][T12237] bond_slave_0: left allmulticast mode [ 239.872978][T12237] bond_slave_1: left allmulticast mode [ 239.878461][T12237] bond_slave_0: left promiscuous mode [ 239.883995][T12237] bond_slave_1: left promiscuous mode [ 239.893124][T12244] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 239.985959][T12232] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.143020][T12232] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.232267][T12232] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.321803][ T53] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.338169][ T53] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.358425][ T53] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.379070][ T53] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.493132][T12243] syz.0.3162 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 240.504137][T12243] CPU: 1 UID: 0 PID: 12243 Comm: syz.0.3162 Not tainted syzkaller #0 PREEMPT(voluntary) [ 240.504163][T12243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 240.504177][T12243] Call Trace: [ 240.504184][T12243] [ 240.504230][T12243] __dump_stack+0x1d/0x30 [ 240.504251][T12243] dump_stack_lvl+0x95/0xd0 [ 240.504272][T12243] dump_stack+0x15/0x1b [ 240.504292][T12243] dump_header+0x81/0x240 [ 240.504314][T12243] oom_kill_process+0x295/0x350 [ 240.504339][T12243] out_of_memory+0x97b/0xb80 [ 240.504362][T12243] try_charge_memcg+0x610/0xa10 [ 240.504429][T12243] charge_memcg+0x51/0xc0 [ 240.504453][T12243] mem_cgroup_swapin_charge_folio+0xcc/0x150 [ 240.504486][T12243] __read_swap_cache_async+0x17b/0x2d0 [ 240.504564][T12243] swap_cluster_readahead+0x262/0x3c0 [ 240.504597][T12243] swapin_readahead+0xde/0x820 [ 240.504708][T12243] ? mod_memcg_lruvec_state+0x1a1/0x280 [ 240.504806][T12243] ? lruvec_stat_mod_folio+0xd6/0x120 [ 240.504833][T12243] ? __rcu_read_unlock+0x4f/0x70 [ 240.504850][T12243] ? swap_cache_get_folio+0x277/0x280 [ 240.504950][T12243] do_swap_page+0x2b4/0x21e0 [ 240.504978][T12243] ? __pfx_default_wake_function+0x10/0x10 [ 240.505030][T12243] handle_mm_fault+0x9d8/0x2c60 [ 240.505060][T12243] do_user_addr_fault+0x630/0x1080 [ 240.505085][T12243] exc_page_fault+0x62/0xa0 [ 240.505162][T12243] asm_exc_page_fault+0x26/0x30 [ 240.505183][T12243] RIP: 0033:0x7fa443e959ec [ 240.505262][T12243] Code: 66 0f 1f 44 00 00 69 3d c6 fc ea 00 e8 03 00 00 48 8d 1d c7 05 38 00 e8 c2 9c 12 00 eb 0c 48 81 c3 f0 00 00 00 48 39 eb 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 f0 00 00 [ 240.505281][T12243] RSP: 002b:00007ffc786d3b40 EFLAGS: 00010202 [ 240.505299][T12243] RAX: 0000000000000000 RBX: 00007fa444215fa0 RCX: 0000000000000000 [ 240.505313][T12243] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055556841e808 [ 240.505326][T12243] RBP: 00007fa444217da0 R08: 0000000000000000 R09: 7fffffffffffffff [ 240.505340][T12243] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000003ac0a [ 240.505432][T12243] R13: 00007fa444216090 R14: ffffffffffffffff R15: 00007ffc786d3c50 [ 240.505449][T12243] [ 240.505455][T12243] memory: usage 307200kB, limit 307200kB, failcnt 3275 [ 240.719976][T12243] memory+swap: usage 309432kB, limit 9007199254740988kB, failcnt 0 [ 240.727932][T12243] kmem: usage 307156kB, limit 9007199254740988kB, failcnt 0 [ 240.735229][T12243] Memory cgroup stats for /syz0: [ 240.735509][T12243] cache 36864 [ 240.743751][T12243] rss 0 [ 240.746512][T12243] shmem 0 [ 240.749460][T12243] mapped_file 0 [ 240.752903][T12243] dirty 0 [ 240.754590][T12262] set_capacity_and_notify: 8 callbacks suppressed [ 240.754603][T12262] loop2: detected capacity change from 0 to 1024 [ 240.755821][T12243] writeback 8192 [ 240.755830][T12243] workingset_refault_anon 963 [ 240.755839][T12243] workingset_refault_file 2320 [ 240.755848][T12243] swap 2285568 [ 240.784905][T12243] swapcached 8192 [ 240.788533][T12243] pgpgin 119726 [ 240.792015][T12243] pgpgout 119715 [ 240.795555][T12243] pgfault 151522 [ 240.799103][T12243] pgmajfault 123 [ 240.802634][T12243] inactive_anon 8192 [ 240.806519][T12243] active_anon 0 [ 240.810031][T12243] inactive_file 24576 [ 240.813996][T12243] active_file 12288 [ 240.817788][T12243] unevictable 0 [ 240.821263][T12243] hierarchical_memory_limit 314572800 [ 240.826620][T12243] hierarchical_memsw_limit 9223372036854771712 [ 240.832788][T12243] total_cache 36864 [ 240.836579][T12243] total_rss 0 [ 240.839868][T12243] total_shmem 0 [ 240.843312][T12243] total_mapped_file 0 [ 240.847274][T12243] total_dirty 0 [ 240.850786][T12243] total_writeback 8192 [ 240.854844][T12243] total_workingset_refault_anon 963 [ 240.860112][T12243] total_workingset_refault_file 2320 [ 240.865385][T12243] total_swap 2285568 [ 240.869285][T12243] total_swapcached 8192 [ 240.873498][T12243] total_pgpgin 119726 [ 240.877484][T12243] total_pgpgout 119715 [ 240.881565][T12243] total_pgfault 151522 [ 240.885666][T12243] total_pgmajfault 123 [ 240.889769][T12243] total_inactive_anon 8192 [ 240.894230][T12243] total_active_anon 0 [ 240.898201][T12243] total_inactive_file 24576 [ 240.902711][T12243] total_active_file 12288 [ 240.907028][T12243] total_unevictable 0 [ 240.911036][T12243] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.3162,pid=12243,uid=0 [ 240.925854][T12243] Memory cgroup out of memory: Killed process 12243 (syz.0.3162) total-vm:93968kB, anon-rss:1136kB, file-rss:22308kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 241.001581][T12031] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.223985][T12271] pim6reg: entered allmulticast mode [ 241.230156][T12270] pim6reg: left allmulticast mode [ 241.932298][T12293] loop3: detected capacity change from 0 to 164 [ 241.951235][T12293] Unsupported NM flag settings (240) [ 241.996168][T12295] __nla_validate_parse: 2 callbacks suppressed [ 241.996185][T12295] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3179'. [ 242.034479][T12295] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 242.036808][T12297] loop3: detected capacity change from 0 to 164 [ 242.063647][ T29] kauditd_printk_skb: 501 callbacks suppressed [ 242.063661][ T29] audit: type=1400 audit(1767907675.716:18025): avc: denied { write } for pid=12291 comm="syz.5.3179" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 242.093140][ T29] audit: type=1400 audit(1767907675.716:18026): avc: denied { open } for pid=12291 comm="syz.5.3179" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 242.128039][T12292] random: crng reseeded on system resumption [ 242.143583][T12297] Unsupported NM flag settings (240) [ 242.176315][T12302] loop0: detected capacity change from 0 to 2048 [ 242.188068][T12303] netlink: 'syz.5.3183': attribute type 1 has an invalid length. [ 242.200485][T12302] EXT4-fs (loop0): failed to initialize system zone (-117) [ 242.207923][T12302] EXT4-fs (loop0): mount failed [ 242.230015][T12308] loop3: detected capacity change from 0 to 164 [ 242.250254][T12312] selinux_netlink_send: 10 callbacks suppressed [ 242.250269][T12312] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=12312 comm=syz.5.3186 [ 242.250291][ T29] audit: type=1400 audit(1767907675.906:18027): avc: denied { nlmsg_write } for pid=12311 comm="syz.5.3186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 242.306529][T12314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3187'. [ 242.310669][ T29] audit: type=1400 audit(1767907675.956:18028): avc: denied { sys_module } for pid=12311 comm="syz.5.3186" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 242.336703][ T29] audit: type=1400 audit(1767907675.956:18029): avc: denied { module_load } for pid=12311 comm="syz.5.3186" path="/sys/kernel/notes" dev="sysfs" ino=210 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1 [ 242.375240][T12308] Unsupported NM flag settings (240) [ 242.387672][ T29] audit: type=1400 audit(1767907676.036:18030): avc: denied { create } for pid=12322 comm="syz.5.3190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 242.479674][T12328] netlink: 'syz.5.3192': attribute type 16 has an invalid length. [ 242.487625][T12328] netlink: 'syz.5.3192': attribute type 3 has an invalid length. [ 242.495527][T12328] netlink: 64066 bytes leftover after parsing attributes in process `syz.5.3192'. [ 242.580303][T12332] loop1: detected capacity change from 0 to 4096 [ 242.605528][T12332] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 242.677442][T12336] netlink: 'syz.3.3194': attribute type 1 has an invalid length. [ 242.849831][T12336] 8021q: adding VLAN 0 to HW filter on device bond1 [ 243.193982][T12343] loop3: detected capacity change from 0 to 1024 [ 243.228392][T12343] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 243.238270][T12343] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 243.308550][T12343] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 243.372624][T12343] EXT4-fs error (device loop3): ext4_get_journal_inode:5849: inode #32: comm syz.3.3196: iget: special inode unallocated [ 243.423729][T12345] loop5: detected capacity change from 0 to 164 [ 243.489787][T12343] EXT4-fs (loop3): no journal found [ 243.495075][T12343] EXT4-fs (loop3): can't get journal size [ 243.503052][T12345] Unsupported NM flag settings (240) [ 243.536250][T12343] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 243.565407][T10320] kworker/u8:19 invoked oom-killer: gfp_mask=0x100c0a(GFP_NOIO|__GFP_HIGHMEM|__GFP_MOVABLE|__GFP_HARDWALL), order=0, oom_score_adj=0 [ 243.579124][T10320] CPU: 0 UID: 0 PID: 10320 Comm: kworker/u8:19 Not tainted syzkaller #0 PREEMPT(voluntary) [ 243.579150][T10320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 243.579163][T10320] Workqueue: loop1 loop_rootcg_workfn [ 243.579269][T10320] Call Trace: [ 243.579277][T10320] [ 243.579285][T10320] __dump_stack+0x1d/0x30 [ 243.579309][T10320] dump_stack_lvl+0x95/0xd0 [ 243.579392][T10320] dump_stack+0x15/0x1b [ 243.579413][T10320] dump_header+0x81/0x240 [ 243.579435][T10320] oom_kill_process+0x295/0x350 [ 243.579459][T10320] out_of_memory+0x97b/0xb80 [ 243.579550][T10320] try_charge_memcg+0x610/0xa10 [ 243.579584][T10320] charge_memcg+0x51/0xc0 [ 243.579700][T10320] mem_cgroup_swapin_charge_folio+0xcc/0x150 [ 243.579728][T10320] __read_swap_cache_async+0x17b/0x2d0 [ 243.579756][T10320] swap_cluster_readahead+0x262/0x3c0 [ 243.579834][T10320] shmem_swapin_folio+0x8b4/0x11e0 [ 243.579936][T10320] ? xas_load+0x413/0x430 [ 243.579966][T10320] ? filemap_get_entry+0x34b/0x390 [ 243.579991][T10320] shmem_get_folio_gfp+0x26c/0xd50 [ 243.580015][T10320] ? copy_folio_from_iter_atomic+0x143/0x1150 [ 243.580109][T10320] shmem_write_begin+0xfc/0x1f0 [ 243.580135][T10320] generic_perform_write+0x184/0x490 [ 243.580201][T10320] shmem_file_write_iter+0xc5/0xf0 [ 243.580231][T10320] lo_rw_aio+0x673/0x720 [ 243.580255][T10320] loop_process_work+0x56d/0xaa0 [ 243.580278][T10320] ? __rcu_read_unlock+0x4f/0x70 [ 243.580299][T10320] ? __perf_event_task_sched_in+0xa5b/0xac0 [ 243.580393][T10320] ? __list_add_valid_or_report+0x38/0xe0 [ 243.580423][T10320] ? sized_strscpy+0xf1/0x1a0 [ 243.580458][T10320] loop_rootcg_workfn+0x22/0x30 [ 243.580546][T10320] process_scheduled_works+0x4ce/0x9d0 [ 243.580577][T10320] worker_thread+0x582/0x770 [ 243.580607][T10320] kthread+0x489/0x510 [ 243.580698][T10320] ? __pfx_worker_thread+0x10/0x10 [ 243.580723][T10320] ? __pfx_kthread+0x10/0x10 [ 243.580752][T10320] ret_from_fork+0x149/0x290 [ 243.580776][T10320] ? __pfx_kthread+0x10/0x10 [ 243.580821][T10320] ret_from_fork_asm+0x1a/0x30 [ 243.580849][T10320] [ 243.580857][T10320] memory: usage 307200kB, limit 307200kB, failcnt 3764 [ 243.599424][T12343] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3196'. [ 243.601257][T10320] memory+swap: usage 309444kB, limit 9007199254740988kB, failcnt 0 [ 243.749235][ T29] audit: type=1400 audit(1767907677.316:18031): avc: denied { create } for pid=12342 comm="syz.3.3196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 243.752272][T10320] kmem: usage 305796kB, limit 9007199254740988kB, failcnt 0 [ 243.756334][ T29] audit: type=1400 audit(1767907677.316:18032): avc: denied { setopt } for pid=12342 comm="syz.3.3196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 243.761415][T10320] Memory cgroup stats for /syz1: [ 243.821860][T10320] cache 1429504 [ 243.826092][ T29] audit: type=1400 audit(1767907677.346:18033): avc: denied { connect } for pid=12342 comm="syz.3.3196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 243.833375][T10320] rss 0 [ 243.833384][T10320] shmem 0 [ 243.886703][T10320] mapped_file 0 [ 243.890204][T10320] dirty 0 [ 243.893126][T10320] writeback 1421312 [ 243.896917][T10320] workingset_refault_anon 728 [ 243.901592][T10320] workingset_refault_file 1728 [ 243.906416][T10320] swap 2297856 [ 243.909829][T10320] swapcached 0 [ 243.913266][T10320] pgpgin 93945 [ 243.916624][T10320] pgpgout 93594 [ 243.920164][T10320] pgfault 129660 [ 243.923715][T10320] pgmajfault 170 [ 243.927247][T10320] inactive_anon 0 [ 243.930928][T10320] active_anon 0 [ 243.934374][T10320] inactive_file 1421312 [ 243.938517][T10320] active_file 16384 [ 243.942364][T10320] unevictable 0 [ 243.945810][T10320] hierarchical_memory_limit 314572800 [ 243.951222][T10320] hierarchical_memsw_limit 9223372036854771712 [ 243.957359][T10320] total_cache 1429504 [ 243.961401][T10320] total_rss 0 [ 243.964684][T10320] total_shmem 0 [ 243.968175][T10320] total_mapped_file 0 [ 243.972164][T10320] total_dirty 0 [ 243.975603][T10320] total_writeback 1421312 [ 243.979935][T10320] total_workingset_refault_anon 728 [ 243.985117][T10320] total_workingset_refault_file 1728 [ 243.990465][T10320] total_swap 2297856 [ 243.994353][T10320] total_swapcached 0 [ 243.998231][T10320] total_pgpgin 93945 [ 244.002122][T10320] total_pgpgout 93594 [ 244.006092][T10320] total_pgfault 129660 [ 244.010256][T10320] total_pgmajfault 170 [ 244.014381][T10320] total_inactive_anon 0 [ 244.018556][T10320] total_active_anon 0 [ 244.022544][T10320] total_inactive_file 1421312 [ 244.027206][T10320] total_active_file 16384 [ 244.031534][T10320] total_unevictable 0 [ 244.035586][T10320] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.3193,pid=12330,uid=0 [ 244.050422][T10320] Memory cgroup out of memory: Killed process 12330 (syz.1.3193) total-vm:96016kB, anon-rss:1136kB, file-rss:22308kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 244.089720][ T29] audit: type=1400 audit(1767907677.746:18034): avc: denied { name_bind } for pid=12353 comm="+}[@" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 244.204767][T11801] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.620974][T12372] loop3: detected capacity change from 0 to 512 [ 244.628415][T12372] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 244.639128][T11426] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.654321][T12372] EXT4-fs (loop3): orphan cleanup on readonly fs [ 244.661142][T12372] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 244.675922][T12372] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 244.682618][T12372] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.3206: bad orphan inode 768 [ 244.694282][T12372] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 244.707850][T12372] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=12372 comm=syz.3.3206 [ 244.720568][T12372] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=12372 comm=syz.3.3206 [ 244.733287][T12372] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=12372 comm=syz.3.3206 [ 244.745987][T12372] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=12372 comm=syz.3.3206 [ 244.758763][T12372] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2562 sclass=netlink_route_socket pid=12372 comm=syz.3.3206 [ 244.771491][T12372] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=12372 comm=syz.3.3206 [ 244.794495][T11801] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.816274][T12382] FAULT_INJECTION: forcing a failure. [ 244.816274][T12382] name failslab, interval 1, probability 0, space 0, times 0 [ 244.828966][T12382] CPU: 0 UID: 0 PID: 12382 Comm: syz.5.3211 Not tainted syzkaller #0 PREEMPT(voluntary) [ 244.828994][T12382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 244.829014][T12382] Call Trace: [ 244.829024][T12382] [ 244.829032][T12382] __dump_stack+0x1d/0x30 [ 244.829149][T12382] dump_stack_lvl+0x95/0xd0 [ 244.829182][T12382] dump_stack+0x15/0x1b [ 244.829243][T12382] should_fail_ex+0x265/0x280 [ 244.829266][T12382] ? __pfx_cond_bools_destroy+0x10/0x10 [ 244.829288][T12382] should_failslab+0x8c/0xb0 [ 244.829310][T12382] kmem_cache_alloc_noprof+0x69/0x4b0 [ 244.829400][T12382] ? hashtab_duplicate+0xfe/0x360 [ 244.829425][T12382] ? __pfx_cond_bools_destroy+0x10/0x10 [ 244.829447][T12382] hashtab_duplicate+0xfe/0x360 [ 244.829473][T12382] ? __pfx_cond_bools_copy+0x10/0x10 [ 244.829495][T12382] cond_policydb_dup+0xd2/0x4e0 [ 244.829567][T12382] security_set_bools+0xa0/0x340 [ 244.829596][T12382] sel_commit_bools_write+0x1ea/0x270 [ 244.829619][T12382] vfs_writev+0x406/0x8b0 [ 244.829676][T12382] ? __pfx_sel_commit_bools_write+0x10/0x10 [ 244.829706][T12382] do_writev+0xe7/0x210 [ 244.829730][T12382] __x64_sys_writev+0x45/0x50 [ 244.829758][T12382] x64_sys_call+0x1ba5/0x3000 [ 244.829858][T12382] do_syscall_64+0xca/0x2b0 [ 244.829887][T12382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.829909][T12382] RIP: 0033:0x7efe2d5af749 [ 244.829926][T12382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.829944][T12382] RSP: 002b:00007efe2c017038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 244.830011][T12382] RAX: ffffffffffffffda RBX: 00007efe2d805fa0 RCX: 00007efe2d5af749 [ 244.830068][T12382] RDX: 0000000000000002 RSI: 00002000000025c0 RDI: 0000000000000003 [ 244.830081][T12382] RBP: 00007efe2c017090 R08: 0000000000000000 R09: 0000000000000000 [ 244.830095][T12382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 244.830107][T12382] R13: 00007efe2d806038 R14: 00007efe2d805fa0 R15: 00007fffe2dff9c8 [ 244.830124][T12382] [ 245.118129][T12379] loop1: detected capacity change from 0 to 2048 [ 245.163255][T12408] vfat: Unknown parameter '6NLk1]-K6cg;G./R [ 245.163255][T12408] 0x8' [ 245.189890][T12379] EXT4-fs (loop1): failed to initialize system zone (-117) [ 245.203567][T12379] EXT4-fs (loop1): mount failed [ 245.280222][T12419] Unsupported NM flag settings (240) [ 245.318475][T12418] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 245.337939][T12418] EXT4-fs (loop5): orphan cleanup on readonly fs [ 245.358801][T12418] EXT4-fs warning (device loop5): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 245.373459][T12418] EXT4-fs (loop5): Cannot turn on quotas: error -22 [ 245.380063][T12418] EXT4-fs error (device loop5): ext4_orphan_get:1417: comm syz.5.3220: bad orphan inode 768 [ 245.396795][T12418] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 245.421465][T12424] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3221'. [ 245.422387][T12418] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=12418 comm=syz.5.3220 [ 245.443592][T12418] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=12418 comm=syz.5.3220 [ 245.456414][T12418] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=12418 comm=syz.5.3220 [ 245.481328][ T5602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 245.495127][T12426] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 245.510750][T12426] EXT4-fs (loop1): orphan cleanup on readonly fs [ 245.517237][T12426] EXT4-fs warning (device loop1): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 245.521933][ T3508] hid-generic 0003:44FD:0008.0001: unknown main item tag 0x0 [ 245.531819][T12426] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 245.540011][ T3508] hid-generic 0003:44FD:0008.0001: unknown main item tag 0x0 [ 245.546560][T12426] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.3222: bad orphan inode 768 [ 245.553986][ T3508] hid-generic 0003:44FD:0008.0001: unknown main item tag 0x0 [ 245.572060][ T3508] hid-generic 0003:44FD:0008.0001: unknown main item tag 0x0 [ 245.579650][ T3508] hid-generic 0003:44FD:0008.0001: unknown main item tag 0x0 [ 245.587743][ T3508] hid-generic 0003:44FD:0008.0001: unknown main item tag 0x0 [ 245.595238][ T3508] hid-generic 0003:44FD:0008.0001: unknown main item tag 0x0 [ 245.602686][ T3508] hid-generic 0003:44FD:0008.0001: unknown main item tag 0x0 [ 245.610146][ T3508] hid-generic 0003:44FD:0008.0001: unknown main item tag 0x0 [ 245.617529][ T3508] hid-generic 0003:44FD:0008.0001: unknown main item tag 0x0 [ 245.628291][T12426] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 245.648412][ T3508] hid-generic 0003:44FD:0008.0001: hidraw0: USB HID v100.01 Device [syz0] on syz0 [ 245.739624][T11426] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 245.962167][T12464] set_capacity_and_notify: 4 callbacks suppressed [ 245.962257][T12464] loop2: detected capacity change from 0 to 128 [ 245.977034][T12451] loop1: detected capacity change from 0 to 2048 [ 245.985278][T12464] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 245.995619][T12451] EXT4-fs (loop1): failed to initialize system zone (-117) [ 246.004520][T12464] FAULT_INJECTION: forcing a failure. [ 246.004520][T12464] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 246.017575][T12464] CPU: 0 UID: 0 PID: 12464 Comm: syz.2.3233 Not tainted syzkaller #0 PREEMPT(voluntary) [ 246.017624][T12464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 246.017638][T12464] Call Trace: [ 246.017646][T12464] [ 246.017655][T12464] __dump_stack+0x1d/0x30 [ 246.017735][T12464] dump_stack_lvl+0x95/0xd0 [ 246.017771][T12464] dump_stack+0x15/0x1b [ 246.017789][T12464] should_fail_ex+0x265/0x280 [ 246.017813][T12464] should_fail+0xb/0x20 [ 246.017831][T12464] should_fail_usercopy+0x1a/0x20 [ 246.017902][T12464] _copy_from_user+0x1c/0xb0 [ 246.017923][T12464] __sys_bpf+0x183/0x7c0 [ 246.017945][T12464] __x64_sys_bpf+0x41/0x50 [ 246.017972][T12464] x64_sys_call+0x28e1/0x3000 [ 246.018043][T12464] do_syscall_64+0xca/0x2b0 [ 246.018075][T12464] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.018094][T12464] RIP: 0033:0x7f73029ff749 [ 246.018107][T12464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 246.018133][T12464] RSP: 002b:00007f730145f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 246.018153][T12464] RAX: ffffffffffffffda RBX: 00007f7302c55fa0 RCX: 00007f73029ff749 [ 246.018169][T12464] RDX: 0000000000000050 RSI: 0000200000000c40 RDI: 0000000000000000 [ 246.018180][T12464] RBP: 00007f730145f090 R08: 0000000000000000 R09: 0000000000000000 [ 246.018191][T12464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 246.018201][T12464] R13: 00007f7302c56038 R14: 00007f7302c55fa0 R15: 00007ffd30b2ee08 [ 246.018217][T12464] [ 246.018323][T12451] EXT4-fs (loop1): mount failed [ 246.198838][T12469] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3235'. [ 246.265012][T12475] loop3: detected capacity change from 0 to 512 [ 246.281641][T12475] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 246.292887][T12481] loop1: detected capacity change from 0 to 2048 [ 246.302404][T12475] EXT4-fs (loop3): orphan cleanup on readonly fs [ 246.309097][T12475] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 246.323721][T12475] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 246.330413][T12475] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.3234: bad orphan inode 768 [ 246.341298][T12475] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 246.341673][T12481] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 246.396611][T11801] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.442955][T12499] netlink: 'syz.0.3244': attribute type 1 has an invalid length. [ 246.557358][T12504] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 246.567913][T12508] loop3: detected capacity change from 0 to 1024 [ 246.597237][T12504] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 860 with error 28 [ 246.609675][T12504] EXT4-fs (loop1): This should not happen!! Data will be lost [ 246.609675][T12504] [ 246.619331][T12504] EXT4-fs (loop1): Total free blocks count 0 [ 246.625423][T12504] EXT4-fs (loop1): Free/Dirty block details [ 246.631391][T12504] EXT4-fs (loop1): free_blocks=2415919104 [ 246.637141][T12504] EXT4-fs (loop1): dirty_blocks=864 [ 246.642429][T12504] EXT4-fs (loop1): Block reservation details [ 246.648442][T12504] EXT4-fs (loop1): i_reserved_data_blocks=54 [ 246.742821][T11426] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 246.763799][T12513] loop5: detected capacity change from 0 to 4096 [ 246.791578][T12513] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 246.793621][T12517] loop1: detected capacity change from 0 to 4096 [ 246.812875][T12517] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 247.330160][T12517] syz.1.3251 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 247.344398][T12517] CPU: 1 UID: 0 PID: 12517 Comm: syz.1.3251 Not tainted syzkaller #0 PREEMPT(voluntary) [ 247.344485][T12517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 247.344497][T12517] Call Trace: [ 247.344565][T12517] [ 247.344574][T12517] __dump_stack+0x1d/0x30 [ 247.344602][T12517] dump_stack_lvl+0x95/0xd0 [ 247.344624][T12517] dump_stack+0x15/0x1b [ 247.344641][T12517] dump_header+0x81/0x240 [ 247.344762][T12517] oom_kill_process+0x295/0x350 [ 247.344782][T12517] out_of_memory+0x97b/0xb80 [ 247.344822][T12517] try_charge_memcg+0x610/0xa10 [ 247.344863][T12517] obj_cgroup_charge_pages+0xa6/0x150 [ 247.344887][T12517] __memcg_kmem_charge_page+0x9f/0x170 [ 247.344921][T12517] __alloc_frozen_pages_noprof+0x18f/0x360 [ 247.344986][T12517] alloc_pages_mpol+0xb3/0x260 [ 247.345018][T12517] alloc_pages_noprof+0x90/0x130 [ 247.345047][T12517] __vmalloc_node_range_noprof+0xa7b/0x1310 [ 247.345083][T12517] __kvmalloc_node_noprof+0x492/0x6b0 [ 247.345187][T12517] ? ip_set_alloc+0x24/0x30 [ 247.345284][T12517] ? ip_set_alloc+0x24/0x30 [ 247.345379][T12517] ip_set_alloc+0x24/0x30 [ 247.345465][T12517] hash_netiface_create+0x282/0x740 [ 247.345505][T12517] ? __pfx_hash_netiface_create+0x10/0x10 [ 247.345562][T12517] ip_set_create+0x3cc/0x970 [ 247.345709][T12517] ? __nla_parse+0x40/0x60 [ 247.345731][T12517] nfnetlink_rcv_msg+0x4c6/0x590 [ 247.345771][T12517] netlink_rcv_skb+0x123/0x220 [ 247.345862][T12517] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 247.345973][T12517] nfnetlink_rcv+0x167/0x16c0 [ 247.346031][T12517] ? kmem_cache_free+0xe3/0x3a0 [ 247.346057][T12517] ? __kfree_skb+0x109/0x150 [ 247.346122][T12517] ? nlmon_xmit+0x4f/0x60 [ 247.346143][T12517] ? consume_skb+0x49/0x150 [ 247.346168][T12517] ? nlmon_xmit+0x4f/0x60 [ 247.346188][T12517] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 247.346218][T12517] ? __dev_queue_xmit+0x13a6/0x1ee0 [ 247.346291][T12517] ? __dev_queue_xmit+0x148/0x1ee0 [ 247.346367][T12517] ? dqput+0xed/0x230 [ 247.346388][T12517] ? ref_tracker_free+0x37d/0x3e0 [ 247.346456][T12517] ? __netlink_deliver_tap+0x4dc/0x500 [ 247.346536][T12517] netlink_unicast+0x5c0/0x690 [ 247.346560][T12517] netlink_sendmsg+0x58b/0x6b0 [ 247.346586][T12517] ? __pfx_netlink_sendmsg+0x10/0x10 [ 247.346624][T12517] __sock_sendmsg+0x145/0x180 [ 247.346644][T12517] ____sys_sendmsg+0x31e/0x4a0 [ 247.346669][T12517] ___sys_sendmsg+0x17b/0x1d0 [ 247.346737][T12517] __x64_sys_sendmsg+0xd4/0x160 [ 247.346763][T12517] x64_sys_call+0x17ba/0x3000 [ 247.346784][T12517] do_syscall_64+0xca/0x2b0 [ 247.346817][T12517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.346844][T12517] RIP: 0033:0x7fefe4b0f749 [ 247.346862][T12517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.346881][T12517] RSP: 002b:00007fefe356f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 247.346928][T12517] RAX: ffffffffffffffda RBX: 00007fefe4d65fa0 RCX: 00007fefe4b0f749 [ 247.346943][T12517] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000005 [ 247.346958][T12517] RBP: 00007fefe4b93f91 R08: 0000000000000000 R09: 0000000000000000 [ 247.346972][T12517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 247.346986][T12517] R13: 00007fefe4d66038 R14: 00007fefe4d65fa0 R15: 00007fff79e26618 [ 247.347053][T12517] [ 247.347061][T12517] memory: usage 307200kB, limit 307200kB, failcnt 4469 [ 247.500340][T12528] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3255'. [ 247.500707][T12517] memory+swap: usage 309440kB, limit 9007199254740988kB, failcnt 0 [ 247.538763][ T29] kauditd_printk_skb: 457 callbacks suppressed [ 247.538777][ T29] audit: type=1326 audit(1767907681.186:18492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12529 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 247.543089][T12517] kmem: usage 307144kB, limit 9007199254740988kB, failcnt 0 [ 247.543168][T12517] Memory cgroup stats for /syz1: [ 247.543458][T12517] cache 45056 [ 247.548672][ T29] audit: type=1326 audit(1767907681.186:18493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12529 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 247.553414][T12517] rss 4096 [ 247.558157][ T29] audit: type=1326 audit(1767907681.186:18494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12529 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 247.563461][T12517] shmem 0 [ 247.568108][ T29] audit: type=1326 audit(1767907681.186:18495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12529 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 247.572846][T12517] mapped_file 8192 [ 247.577493][ T29] audit: type=1326 audit(1767907681.186:18496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12529 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 247.582332][T12517] dirty 0 [ 247.582341][T12517] writeback 0 [ 247.582348][T12517] workingset_refault_anon 1013 [ 247.587014][ T29] audit: type=1326 audit(1767907681.186:18497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12529 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 247.591600][T12517] workingset_refault_file 2180 [ 247.597515][ T29] audit: type=1326 audit(1767907681.186:18498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12529 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 247.601918][T12517] swap 2293760 [ 247.601927][T12517] swapcached 4096 [ 247.601934][T12517] pgpgin 96978 [ 247.601941][T12517] pgpgout 96964 [ 247.621572][ T29] audit: type=1326 audit(1767907681.186:18499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12529 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 247.629971][T12517] pgfault 132725 [ 247.654927][T12532] loop0: detected capacity change from 0 to 512 [ 247.662242][T12517] pgmajfault 196 [ 247.680851][T12532] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 247.689054][T12517] inactive_anon 4096 [ 247.700734][T12532] EXT4-fs (loop0): orphan cleanup on readonly fs [ 247.703228][T12517] active_anon 0 [ 247.727957][T12532] EXT4-fs warning (device loop0): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 247.733982][T12517] inactive_file 40960 [ 247.733992][T12517] active_file 12288 [ 247.738897][T12532] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 247.738911][T12532] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.3253: bad orphan inode 768 [ 247.739681][T12532] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 247.742216][T12517] unevictable 0 [ 247.773082][T12532] selinux_netlink_send: 15 callbacks suppressed [ 247.773099][T12532] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=12532 comm=syz.0.3253 [ 247.792367][T12517] hierarchical_memory_limit 314572800 [ 247.792382][T12517] hierarchical_memsw_limit 9223372036854771712 [ 247.792391][T12517] total_cache 45056 [ 247.795344][T12532] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=12532 comm=syz.0.3253 [ 247.795377][T12532] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=12532 comm=syz.0.3253 [ 247.795395][T12532] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=12532 comm=syz.0.3253 [ 247.795413][T12532] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2562 sclass=netlink_route_socket pid=12532 comm=syz.0.3253 [ 247.818940][T12517] total_rss 4096 [ 247.822676][T12532] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=12532 comm=syz.0.3253 [ 247.847491][T12517] total_shmem 0 [ 247.847501][T12517] total_mapped_file 8192 [ 247.873940][ T29] audit: type=1326 audit(1767907681.516:18500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12529 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 247.882848][T12517] total_dirty 0 [ 247.882858][T12517] total_writeback 0 [ 247.882866][T12517] total_workingset_refault_anon 1013 [ 247.882874][T12517] total_workingset_refault_file 2180 [ 247.888901][ T29] audit: type=1326 audit(1767907681.536:18501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12529 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 247.911168][T12517] total_swap 2293760 [ 248.217145][T12517] total_swapcached 4096 [ 248.221311][T12517] total_pgpgin 96978 [ 248.225235][T12517] total_pgpgout 96964 [ 248.229270][T12517] total_pgfault 132725 [ 248.233419][T12517] total_pgmajfault 196 [ 248.237492][T12517] total_inactive_anon 4096 [ 248.241917][T12517] total_active_anon 0 [ 248.245921][T12517] total_inactive_file 40960 [ 248.250504][T12517] total_active_file 12288 [ 248.254804][T12517] total_unevictable 0 [ 248.258832][T12517] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.3251,pid=12516,uid=0 [ 248.273514][T12517] Memory cgroup out of memory: Killed process 12516 (syz.1.3251) total-vm:96016kB, anon-rss:1136kB, file-rss:22352kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 248.339856][T11426] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.396101][ T5602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.426421][T12031] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.526872][T12552] loop5: detected capacity change from 0 to 2048 [ 248.555902][T12564] loop0: detected capacity change from 0 to 1024 [ 248.565100][T12567] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 248.565100][T12567] program syz.3.3265 not setting count and/or reply_len properly [ 248.583639][T12552] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 248.597546][T12564] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 248.630769][T12564] ext4 filesystem being mounted at /25/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 248.658492][ T5602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.668110][T12573] EXT4-fs (loop1): failed to initialize system zone (-117) [ 248.678295][T12573] EXT4-fs (loop1): mount failed [ 248.687312][T12579] Unsupported NM flag settings (240) [ 248.693824][T12564] EXT4-fs error (device loop0): ext4_map_blocks:825: inode #15: comm syz.0.3261: lblock 0 mapped to illegal pblock 0 (length 6) [ 248.755664][T12575] EXT4-fs (loop2): failed to initialize system zone (-117) [ 248.766843][T12575] EXT4-fs (loop2): mount failed [ 248.767426][T12583] Unsupported NM flag settings (240) [ 248.783882][T12564] EXT4-fs (loop0): Remounting filesystem read-only [ 248.817265][T12031] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 248.835120][T12593] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 248.864612][T12593] EXT4-fs (loop3): orphan cleanup on readonly fs [ 248.873279][T12593] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 248.887876][T12593] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 248.889643][T12603] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3275'. [ 248.894658][T12593] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.3271: bad orphan inode 768 [ 248.913795][T12597] netlink: 'syz.1.3274': attribute type 3 has an invalid length. [ 248.914084][T12593] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 248.921573][T12597] netlink: 'syz.1.3274': attribute type 1 has an invalid length. [ 248.939958][T12593] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=12593 comm=syz.3.3271 [ 248.941624][T12597] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.3274'. [ 248.954360][T12593] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=12593 comm=syz.3.3271 [ 248.976538][T12593] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=12593 comm=syz.3.3271 [ 248.976639][T12593] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=12593 comm=syz.3.3271 [ 248.999921][T11801] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.027293][T12612] FAULT_INJECTION: forcing a failure. [ 249.027293][T12612] name failslab, interval 1, probability 0, space 0, times 0 [ 249.027322][T12612] CPU: 0 UID: 0 PID: 12612 Comm: syz.2.3278 Not tainted syzkaller #0 PREEMPT(voluntary) [ 249.027348][T12612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 249.027428][T12612] Call Trace: [ 249.027437][T12612] [ 249.027445][T12612] __dump_stack+0x1d/0x30 [ 249.027487][T12612] dump_stack_lvl+0x95/0xd0 [ 249.027509][T12612] dump_stack+0x15/0x1b [ 249.027529][T12612] should_fail_ex+0x265/0x280 [ 249.027553][T12612] should_failslab+0x8c/0xb0 [ 249.027577][T12612] __kmalloc_cache_node_noprof+0x6a/0x4d0 [ 249.027665][T12612] ? page_pool_create_percpu+0x4d/0x640 [ 249.027691][T12612] page_pool_create_percpu+0x4d/0x640 [ 249.027713][T12612] page_pool_create+0x1a/0x30 [ 249.027733][T12612] bpf_test_run_xdp_live+0x133/0x11d0 [ 249.027887][T12612] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 249.027914][T12612] ? __pfx_autoremove_wake_function+0x10/0x10 [ 249.027945][T12612] ? mutex_unlock+0x4f/0x90 [ 249.027972][T12612] ? 0xffffffffa02054c0 [ 249.027987][T12612] ? bpf_dispatcher_change_prog+0x6ec/0x7f0 [ 249.028098][T12612] ? 0xffffffffa02054c0 [ 249.028125][T12612] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 249.028164][T12612] bpf_prog_test_run_xdp+0x525/0x970 [ 249.028231][T12612] ? __rcu_read_unlock+0x4f/0x70 [ 249.028257][T12612] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 249.028286][T12612] bpf_prog_test_run+0x204/0x340 [ 249.028362][T12612] __sys_bpf+0x4c0/0x7c0 [ 249.028390][T12612] __x64_sys_bpf+0x41/0x50 [ 249.028499][T12612] x64_sys_call+0x28e1/0x3000 [ 249.028523][T12612] do_syscall_64+0xca/0x2b0 [ 249.028584][T12612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.028606][T12612] RIP: 0033:0x7f73029ff749 [ 249.028623][T12612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.028641][T12612] RSP: 002b:00007f730145f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 249.028675][T12612] RAX: ffffffffffffffda RBX: 00007f7302c55fa0 RCX: 00007f73029ff749 [ 249.028688][T12612] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 249.028702][T12612] RBP: 00007f730145f090 R08: 0000000000000000 R09: 0000000000000000 [ 249.028715][T12612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 249.028802][T12612] R13: 00007f7302c56038 R14: 00007f7302c55fa0 R15: 00007ffd30b2ee08 [ 249.028823][T12612] [ 249.160370][T12629] 9p: Could not find request transport: 0x000000000004e23 [ 249.410893][T12641] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 249.421384][T12641] EXT4-fs (loop3): orphan cleanup on readonly fs [ 249.427767][T12641] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 249.442485][T12641] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 249.449288][T12641] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.3288: bad orphan inode 768 [ 249.461322][T12641] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 249.484647][T11801] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.520845][T12657] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3295'. [ 249.531685][T12656] netlink: 'syz.3.3293': attribute type 16 has an invalid length. [ 249.539632][T12656] netlink: 'syz.3.3293': attribute type 3 has an invalid length. [ 249.544794][T12660] FAULT_INJECTION: forcing a failure. [ 249.544794][T12660] name failslab, interval 1, probability 0, space 0, times 0 [ 249.547353][T12656] netlink: 64066 bytes leftover after parsing attributes in process `syz.3.3293'. [ 249.569440][T12660] CPU: 0 UID: 0 PID: 12660 Comm: syz.2.3297 Not tainted syzkaller #0 PREEMPT(voluntary) [ 249.569466][T12660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 249.569478][T12660] Call Trace: [ 249.569485][T12660] [ 249.569494][T12660] __dump_stack+0x1d/0x30 [ 249.569519][T12660] dump_stack_lvl+0x95/0xd0 [ 249.569554][T12660] dump_stack+0x15/0x1b [ 249.569636][T12660] should_fail_ex+0x265/0x280 [ 249.569686][T12660] should_failslab+0x8c/0xb0 [ 249.569735][T12660] kmem_cache_alloc_noprof+0x69/0x4b0 [ 249.569754][T12660] ? __anon_vma_prepare+0x70/0x2f0 [ 249.569775][T12660] ? _raw_spin_lock+0x52/0xa0 [ 249.569839][T12660] __anon_vma_prepare+0x70/0x2f0 [ 249.569904][T12660] handle_mm_fault+0x1d91/0x2c60 [ 249.569936][T12660] ? mt_find+0x21b/0x330 [ 249.569972][T12660] do_user_addr_fault+0x3fe/0x1080 [ 249.570147][T12660] exc_page_fault+0x62/0xa0 [ 249.570175][T12660] asm_exc_page_fault+0x26/0x30 [ 249.570228][T12660] RIP: 0010:__put_user_4+0xd/0x20 [ 249.570288][T12660] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 07 9f 01 00 90 90 90 90 90 90 90 90 90 90 [ 249.570305][T12660] RSP: 0018:ffffc9000165be90 EFLAGS: 00050206 [ 249.570333][T12660] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000005d00 [ 249.570346][T12660] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000ffffffff [ 249.570360][T12660] RBP: 0000000000000000 R08: 0001ffff8685e453 R09: 0000000000000000 [ 249.570381][T12660] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 249.570392][T12660] R13: ffffffff8685e410 R14: 0000000000000000 R15: 0000000000000000 [ 249.570411][T12660] __se_sys_getresgid+0xb9/0x130 [ 249.570445][T12660] __x64_sys_getresgid+0x43/0x50 [ 249.570492][T12660] x64_sys_call+0x1695/0x3000 [ 249.570535][T12660] do_syscall_64+0xca/0x2b0 [ 249.570566][T12660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.570584][T12660] RIP: 0033:0x7f73029ff749 [ 249.570600][T12660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.570695][T12660] RSP: 002b:00007f730145f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 249.570711][T12660] RAX: ffffffffffffffda RBX: 00007f7302c55fa0 RCX: 00007f73029ff749 [ 249.570722][T12660] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000005d00 [ 249.570734][T12660] RBP: 00007f730145f090 R08: 0000000000000000 R09: 0000000000000000 [ 249.570746][T12660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 249.570758][T12660] R13: 00007f7302c56038 R14: 00007f7302c55fa0 R15: 00007ffd30b2ee08 [ 249.570808][T12660] [ 249.896122][T12670] Unsupported NM flag settings (240) [ 249.911739][T12666] SELinux: failed to load policy [ 250.105800][T12687] Unsupported NM flag settings (240) [ 250.132509][T12688] EXT4-fs: Ignoring removed nobh option [ 250.138458][T12688] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 250.138869][T12685] infiniband syz!: set active [ 250.147750][T12688] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 250.152501][T12685] infiniband syz!: added team_slave_0 [ 250.162410][T12688] EXT4-fs error (device loop5): ext4_get_journal_inode:5849: comm syz.5.3306: inode #4294967295: comm syz.5.3306: iget: illegal inode # [ 250.182825][T12688] EXT4-fs (loop5): no journal found [ 250.185364][T12692] FAULT_INJECTION: forcing a failure. [ 250.185364][T12692] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 250.188026][T12688] EXT4-fs (loop5): can't get journal size [ 250.201178][T12692] CPU: 1 UID: 0 PID: 12692 Comm: syz.0.3308 Not tainted syzkaller #0 PREEMPT(voluntary) [ 250.201207][T12692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 250.201219][T12692] Call Trace: [ 250.201227][T12692] [ 250.201236][T12692] __dump_stack+0x1d/0x30 [ 250.201260][T12692] dump_stack_lvl+0x95/0xd0 [ 250.201332][T12692] dump_stack+0x15/0x1b [ 250.201352][T12692] should_fail_ex+0x265/0x280 [ 250.201454][T12692] should_fail+0xb/0x20 [ 250.201473][T12692] should_fail_usercopy+0x1a/0x20 [ 250.201510][T12692] _copy_from_user+0x1c/0xb0 [ 250.201536][T12692] __sys_connect+0xd0/0x2b0 [ 250.201608][T12692] __x64_sys_connect+0x3f/0x50 [ 250.201712][T12692] x64_sys_call+0x2e09/0x3000 [ 250.201736][T12692] do_syscall_64+0xca/0x2b0 [ 250.201837][T12692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.201859][T12692] RIP: 0033:0x7fa443fbf749 [ 250.201874][T12692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.201891][T12692] RSP: 002b:00007fa442a06038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 250.201911][T12692] RAX: ffffffffffffffda RBX: 00007fa444216090 RCX: 00007fa443fbf749 [ 250.201924][T12692] RDX: 000000000000001c RSI: 0000200000000100 RDI: 0000000000000004 [ 250.201957][T12692] RBP: 00007fa442a06090 R08: 0000000000000000 R09: 0000000000000000 [ 250.201969][T12692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 250.201982][T12692] R13: 00007fa444216128 R14: 00007fa444216090 R15: 00007ffc786d39d8 [ 250.202047][T12692] [ 250.242546][T12685] RDS/IB: syz!: added [ 250.329751][T12688] EXT4-fs (loop5): failed to initialize system zone (-22) [ 250.375609][T12688] EXT4-fs (loop5): mount failed [ 250.380859][T12685] smc: adding ib device syz! with port count 1 [ 250.387014][T12685] smc: ib device syz! port 1 has no pnetid [ 250.490211][T12699] netlink: 4124 bytes leftover after parsing attributes in process `syz.1.3311'. [ 250.562085][T12705] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 250.580816][T12705] EXT4-fs (loop2): orphan cleanup on readonly fs [ 250.593819][T12705] EXT4-fs warning (device loop2): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 250.608498][T12708] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3314'. [ 250.617441][T12705] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 250.624101][T12705] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.3313: bad orphan inode 768 [ 250.681394][T12705] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 250.723511][T11306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.817696][T12719] netlink: 'syz.5.3320': attribute type 16 has an invalid length. [ 250.825652][T12719] netlink: 'syz.5.3320': attribute type 3 has an invalid length. [ 250.833559][T12719] netlink: 64066 bytes leftover after parsing attributes in process `syz.5.3320'. [ 250.938137][T12724] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 250.956302][T12723] netlink: 'syz.1.3319': attribute type 10 has an invalid length. [ 250.972249][T12723] team0: Failed to send options change via netlink (err -105) [ 250.979788][T12723] team0: Port device dummy0 added [ 251.119469][T11426] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.425397][T12732] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3322'. [ 251.617052][T12742] set_capacity_and_notify: 13 callbacks suppressed [ 251.617110][T12742] loop3: detected capacity change from 0 to 512 [ 251.630341][T12741] loop1: detected capacity change from 0 to 2048 [ 251.636951][T12742] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 251.660181][T12741] loop1: p1 p2 p3 [ 251.665026][T12742] EXT4-fs (loop3): orphan cleanup on readonly fs [ 251.671664][T12742] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 251.686277][T12742] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 251.692917][T12742] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.3326: bad orphan inode 768 [ 251.708000][T12742] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 251.737442][T12745] loop2: detected capacity change from 0 to 1024 [ 251.744955][T11801] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.771542][T12745] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 251.828570][T12759] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3333'. [ 251.902444][T12771] netlink: 'syz.2.3341': attribute type 16 has an invalid length. [ 251.910518][T12771] netlink: 'syz.2.3341': attribute type 3 has an invalid length. [ 251.920567][T12772] netlink: 'syz.1.3338': attribute type 1 has an invalid length. [ 251.972570][T12780] FAULT_INJECTION: forcing a failure. [ 251.972570][T12780] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 251.985739][T12780] CPU: 1 UID: 0 PID: 12780 Comm: syz.5.3343 Not tainted syzkaller #0 PREEMPT(voluntary) [ 251.985834][T12780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 251.985845][T12780] Call Trace: [ 251.985851][T12780] [ 251.985859][T12780] __dump_stack+0x1d/0x30 [ 251.985881][T12780] dump_stack_lvl+0x95/0xd0 [ 251.985913][T12780] dump_stack+0x15/0x1b [ 251.985930][T12780] should_fail_ex+0x265/0x280 [ 251.985951][T12780] should_fail+0xb/0x20 [ 251.985967][T12780] should_fail_usercopy+0x1a/0x20 [ 251.985995][T12784] loop1: detected capacity change from 0 to 512 [ 251.986040][T12780] _copy_from_user+0x1c/0xb0 [ 251.986064][T12780] __sys_sendto+0x19e/0x330 [ 251.986104][T12780] __x64_sys_sendto+0x76/0x90 [ 251.986197][T12780] x64_sys_call+0x29a7/0x3000 [ 251.986223][T12780] do_syscall_64+0xca/0x2b0 [ 251.986255][T12780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.986277][T12780] RIP: 0033:0x7efe2d5af749 [ 251.986318][T12780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.986336][T12780] RSP: 002b:00007efe2c017038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 251.986425][T12780] RAX: ffffffffffffffda RBX: 00007efe2d805fa0 RCX: 00007efe2d5af749 [ 251.986450][T12780] RDX: ffffffffffffff95 RSI: 0000200000000240 RDI: 0000000000000004 [ 251.986463][T12780] RBP: 00007efe2c017090 R08: 0000200000b63fe4 R09: 000000000000001c [ 251.986475][T12780] R10: 0000000020000845 R11: 0000000000000246 R12: 0000000000000001 [ 251.986488][T12780] R13: 00007efe2d806038 R14: 00007efe2d805fa0 R15: 00007fffe2dff9c8 [ 251.986507][T12780] [ 252.151204][T12784] EXT4-fs: Ignoring removed orlov option [ 252.157068][T12784] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 252.169572][T12784] EXT4-fs error (device loop1): ext4_iget_extra_inode:5073: inode #15: comm syz.1.3344: corrupted in-inode xattr: e_value size too large [ 252.197881][T12784] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.3344: couldn't read orphan inode 15 (err -117) [ 252.224930][T12784] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 252.265945][T11426] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.321326][T12795] loop3: detected capacity change from 0 to 2048 [ 252.341304][T12795] EXT4-fs (loop3): failed to initialize system zone (-117) [ 252.357229][T12795] EXT4-fs (loop3): mount failed [ 252.376394][T12814] kernel read not supported for file /!selinuxwk1m9ɞ*T#jYmVvm(p-QZ#{ (pid: 12814 comm: syz.1.3352) [ 252.466308][T12819] loop1: detected capacity change from 0 to 736 [ 252.481320][T12819] iso9660: Unknown parameter '' [ 252.499490][T12816] loop3: detected capacity change from 0 to 4096 [ 252.500546][T12819] 9pnet_fd: Insufficient options for proto=fd [ 252.513756][T12816] EXT4-fs: Ignoring removed nomblk_io_submit option [ 252.531323][T12816] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 252.690686][T12806] loop0: detected capacity change from 0 to 32768 [ 252.725156][T11801] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.765990][ T29] kauditd_printk_skb: 2401 callbacks suppressed [ 252.766002][ T29] audit: type=1400 audit(1767907686.416:20901): avc: denied { kexec_image_load } for pid=12830 comm="syz.2.3358" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 252.800842][ T29] audit: type=1326 audit(1767907686.456:20902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12830 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 252.826837][ T29] audit: type=1326 audit(1767907686.456:20903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12830 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 252.850530][ T29] audit: type=1326 audit(1767907686.456:20904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12830 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 252.874041][ T29] audit: type=1326 audit(1767907686.456:20905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12830 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 252.897612][ T29] audit: type=1326 audit(1767907686.456:20906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12830 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 252.921180][ T29] audit: type=1326 audit(1767907686.456:20907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12830 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 252.944723][ T29] audit: type=1326 audit(1767907686.456:20908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12830 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 252.968298][ T29] audit: type=1326 audit(1767907686.456:20909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12830 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73029ff749 code=0x7ffc0000 [ 252.980032][T12837] loop3: detected capacity change from 0 to 1024 [ 252.991869][ T29] audit: type=1326 audit(1767907686.456:20910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12830 comm="syz.2.3358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7302a01667 code=0x7ffc0000 [ 253.020855][T12837] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.3359: bad orphan inode 134217728 [ 253.099877][T12837] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 253.124906][T11801] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.246922][T12853] loop5: detected capacity change from 0 to 512 [ 253.263884][T12854] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.3364: bad orphan inode 134217728 [ 253.275995][T12854] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 253.298092][T12031] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.308666][T12853] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 253.322262][T12853] ext4 filesystem being mounted at /490/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 253.354259][ T5602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.388791][T12864] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 253.398849][T12864] EXT4-fs (loop5): orphan cleanup on readonly fs [ 253.405438][T12864] EXT4-fs warning (device loop5): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 253.419983][T12864] EXT4-fs (loop5): Cannot turn on quotas: error -22 [ 253.426566][T12864] EXT4-fs error (device loop5): ext4_orphan_get:1417: comm syz.5.3366: bad orphan inode 768 [ 253.437257][T12864] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 253.452060][T12864] selinux_netlink_send: 23 callbacks suppressed [ 253.452175][T12864] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=12864 comm=syz.5.3366 [ 253.471347][T12864] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=12864 comm=syz.5.3366 [ 253.484044][T12864] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=12864 comm=syz.5.3366 [ 253.496788][T12864] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=12864 comm=syz.5.3366 [ 253.509480][T12864] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2562 sclass=netlink_route_socket pid=12864 comm=syz.5.3366 [ 253.522206][T12864] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=12864 comm=syz.5.3366 [ 253.635779][ T5602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.720704][T12874] FAULT_INJECTION: forcing a failure. [ 253.720704][T12874] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 253.733886][T12874] CPU: 0 UID: 0 PID: 12874 Comm: syz.5.3369 Not tainted syzkaller #0 PREEMPT(voluntary) [ 253.733946][T12874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 253.733958][T12874] Call Trace: [ 253.733964][T12874] [ 253.733972][T12874] __dump_stack+0x1d/0x30 [ 253.733993][T12874] dump_stack_lvl+0x95/0xd0 [ 253.734020][T12874] dump_stack+0x15/0x1b [ 253.734036][T12874] should_fail_ex+0x265/0x280 [ 253.734056][T12874] should_fail+0xb/0x20 [ 253.734072][T12874] should_fail_usercopy+0x1a/0x20 [ 253.734137][T12874] _copy_from_user+0x1c/0xb0 [ 253.734163][T12874] ___sys_sendmsg+0xc1/0x1d0 [ 253.734199][T12874] __x64_sys_sendmsg+0xd4/0x160 [ 253.734224][T12874] x64_sys_call+0x17ba/0x3000 [ 253.734319][T12874] do_syscall_64+0xca/0x2b0 [ 253.734350][T12874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.734374][T12874] RIP: 0033:0x7efe2d5af749 [ 253.734403][T12874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.734420][T12874] RSP: 002b:00007efe2c017038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 253.734476][T12874] RAX: ffffffffffffffda RBX: 00007efe2d805fa0 RCX: 00007efe2d5af749 [ 253.734491][T12874] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 253.734503][T12874] RBP: 00007efe2c017090 R08: 0000000000000000 R09: 0000000000000000 [ 253.734514][T12874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 253.734646][T12874] R13: 00007efe2d806038 R14: 00007efe2d805fa0 R15: 00007fffe2dff9c8 [ 253.734702][T12874] [ 253.916162][T12876] __nla_validate_parse: 2 callbacks suppressed [ 253.916177][T12876] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3370'. [ 254.115516][T12887] netlink: 'syz.3.3375': attribute type 1 has an invalid length. [ 254.342131][T12898] erspan0: entered promiscuous mode [ 254.607166][T12903] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3381'. [ 254.831868][T12910] netdevsim netdevsim3 netdevsim3 (unregistering): left promiscuous mode [ 254.852156][T12910] team0: Failed to send port change of device macvlan2 via netlink (err -105) [ 254.875566][T12910] team0: Failed to send options change via netlink (err -105) [ 254.888646][T12910] team0: Failed to send port change of device macvlan2 via netlink (err -105) [ 254.907777][T12910] team0: Port device macvlan2 removed [ 254.924694][T12910] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.980936][T12919] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3387'. [ 254.993416][T12910] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.027533][T12919] bond7: (slave vxcan3): The slave device specified does not support setting the MAC address [ 255.038618][T12919] bond7: (slave vxcan3): Error -95 calling set_mac_address [ 255.052868][T12910] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.108908][T12919] can: request_module (can-proto-4) failed. [ 255.142883][T12910] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.241961][ T9478] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.257230][ T9478] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.272345][ T9478] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.297438][ T9478] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.507517][T12956] FAULT_INJECTION: forcing a failure. [ 255.507517][T12956] name failslab, interval 1, probability 0, space 0, times 0 [ 255.520296][T12956] CPU: 1 UID: 0 PID: 12956 Comm: syz.5.3391 Not tainted syzkaller #0 PREEMPT(voluntary) [ 255.520326][T12956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 255.520338][T12956] Call Trace: [ 255.520345][T12956] [ 255.520420][T12956] __dump_stack+0x1d/0x30 [ 255.520441][T12956] dump_stack_lvl+0x95/0xd0 [ 255.520459][T12956] dump_stack+0x15/0x1b [ 255.520476][T12956] should_fail_ex+0x265/0x280 [ 255.520502][T12956] should_failslab+0x8c/0xb0 [ 255.520562][T12956] kmem_cache_alloc_lru_noprof+0x6d/0x4c0 [ 255.520584][T12956] ? __d_alloc+0x37/0x340 [ 255.520611][T12956] __d_alloc+0x37/0x340 [ 255.520667][T12956] d_alloc+0x2e/0x100 [ 255.520687][T12956] lookup_one_qstr_excl+0x99/0x250 [ 255.520710][T12956] filename_create+0x141/0x210 [ 255.520747][T12956] do_mkdirat+0x82/0x3b0 [ 255.520769][T12956] __x64_sys_mkdirat+0x4c/0x60 [ 255.520799][T12956] x64_sys_call+0x30c/0x3000 [ 255.520886][T12956] do_syscall_64+0xca/0x2b0 [ 255.520918][T12956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.520940][T12956] RIP: 0033:0x7efe2d5af749 [ 255.520993][T12956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.521008][T12956] RSP: 002b:00007efe2bfd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 255.521027][T12956] RAX: ffffffffffffffda RBX: 00007efe2d806180 RCX: 00007efe2d5af749 [ 255.521071][T12956] RDX: 00000000000001ff RSI: 0000200000000000 RDI: ffffffffffffff9c [ 255.521082][T12956] RBP: 00007efe2bfd5090 R08: 0000000000000000 R09: 0000000000000000 [ 255.521093][T12956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 255.521104][T12956] R13: 00007efe2d806218 R14: 00007efe2d806180 R15: 00007fffe2dff9c8 [ 255.521120][T12956] [ 255.873048][T12963] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=12963 comm=syz.3.3401 [ 255.982605][T12967] netlink: 'syz.1.3403': attribute type 16 has an invalid length. [ 255.990656][T12967] netlink: 'syz.1.3403': attribute type 3 has an invalid length. [ 255.998439][T12967] netlink: 64066 bytes leftover after parsing attributes in process `syz.1.3403'. [ 256.073063][T12965] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.126123][T12968] bond_slave_0: entered promiscuous mode [ 256.131862][T12968] bond_slave_1: entered promiscuous mode [ 256.138113][T12968] macvtap1: entered allmulticast mode [ 256.143643][T12968] bond0: entered allmulticast mode [ 256.148822][T12968] bond_slave_0: entered allmulticast mode [ 256.154693][T12968] bond_slave_1: entered allmulticast mode [ 256.220819][T12968] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 256.257126][T12968] bond0: left allmulticast mode [ 256.262105][T12968] bond_slave_0: left allmulticast mode [ 256.267640][T12968] bond_slave_1: left allmulticast mode [ 256.273221][T12968] bond_slave_0: left promiscuous mode [ 256.278684][T12968] bond_slave_1: left promiscuous mode [ 256.376444][T12985] EXT4-fs: inline encryption not supported [ 256.413280][T12985] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 256.437359][T12965] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.540340][T12965] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.640809][T12965] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.701502][T11306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.770617][T12993] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=12993 comm=syz.2.3412 [ 256.925325][T13003] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3417'. [ 257.007558][T13006] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3418'. [ 257.265537][T13014] set_capacity_and_notify: 4 callbacks suppressed [ 257.265552][T13014] loop5: detected capacity change from 0 to 2048 [ 257.313436][T13016] netlink: 'syz.0.3421': attribute type 1 has an invalid length. [ 257.321122][T13014] loop5: p1 p2 p3 [ 257.369536][T13019] usb usb8: usbfs: process 13019 (syz.0.3422) did not claim interface 4 before use [ 257.633088][T13024] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3424'. [ 257.870813][T13030] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=13030 comm=syz.2.3426 [ 257.896095][ T29] kauditd_printk_skb: 192 callbacks suppressed [ 257.896108][ T29] audit: type=1400 audit(1767907691.546:21103): avc: denied { write } for pid=13027 comm="syz.0.3425" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 257.926514][T13028] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 257.935616][ T29] audit: type=1400 audit(1767907691.586:21104): avc: denied { ioctl } for pid=13027 comm="syz.0.3425" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 257.961605][T13028] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 257.972385][T13034] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3428'. [ 258.034682][ T29] audit: type=1400 audit(1767907691.686:21105): avc: denied { setcurrent } for pid=13039 comm="syz.2.3431" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 258.055011][ T29] audit: type=1401 audit(1767907691.686:21106): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 258.164263][ T29] audit: type=1326 audit(1767907691.816:21107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13044 comm="syz.5.3433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe2d5af749 code=0x7ffc0000 [ 258.192613][ T29] audit: type=1326 audit(1767907691.846:21108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13044 comm="syz.5.3433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe2d5af749 code=0x7ffc0000 [ 258.216522][ T29] audit: type=1326 audit(1767907691.846:21109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13044 comm="syz.5.3433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7efe2d5af749 code=0x7ffc0000 [ 258.240122][ T29] audit: type=1326 audit(1767907691.846:21110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13044 comm="syz.5.3433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe2d5af749 code=0x7ffc0000 [ 258.263717][ T29] audit: type=1326 audit(1767907691.846:21111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13044 comm="syz.5.3433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe2d5af749 code=0x7ffc0000 [ 258.287327][ T29] audit: type=1326 audit(1767907691.846:21112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13044 comm="syz.5.3433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe2d5af749 code=0x7ffc0000 [ 258.440678][T13048] netlink: 'syz.5.3434': attribute type 1 has an invalid length. [ 258.472938][T13051] loop5: detected capacity change from 0 to 164 [ 258.481918][T13051] Unsupported NM flag settings (240) [ 258.558573][T13058] loop5: detected capacity change from 0 to 512 [ 258.571642][T13058] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 258.590605][T13058] ext4 filesystem being mounted at /510/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 258.671798][ T5602] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.696430][T13066] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3440'. [ 258.784855][T13069] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3441'. [ 258.841042][T13071] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.881200][T13071] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.932598][T13071] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.021314][T13071] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.074006][ T2167] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.090585][ T41] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.106748][T13084] loop1: detected capacity change from 0 to 164 [ 259.109977][ T2167] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.123092][T13084] Unsupported NM flag settings (240) [ 259.129011][ T2167] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.171479][T13086] bridge0: port 3(gretap0) entered blocking state [ 259.177958][T13086] bridge0: port 3(gretap0) entered disabled state [ 259.184620][T13086] gretap0: entered allmulticast mode [ 259.190357][T13086] gretap0: entered promiscuous mode [ 259.195739][T13086] bridge0: port 3(gretap0) entered blocking state [ 259.202312][T13086] bridge0: port 3(gretap0) entered forwarding state [ 259.212533][T13086] gretap0: left allmulticast mode [ 259.217582][T13086] gretap0: left promiscuous mode [ 259.222763][T13086] bridge0: port 3(gretap0) entered disabled state [ 259.250310][T13094] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3452'. [ 259.274622][ T334] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.286426][ T41] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.298004][ T41] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.310065][ T41] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.323585][T13099] netlink: 'syz.2.3454': attribute type 1 has an invalid length. [ 259.348076][T13099] 8021q: adding VLAN 0 to HW filter on device bond2 [ 259.401560][T13107] loop2: detected capacity change from 0 to 1024 [ 259.431421][T13109] netlink: 'syz.3.3457': attribute type 1 has an invalid length. [ 259.498907][T13118] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3460'. [ 259.585280][T13132] netlink: 'syz.0.3461': attribute type 3 has an invalid length. [ 259.613981][T13136] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3464'. [ 259.665057][T13142] netlink: 'syz.0.3467': attribute type 1 has an invalid length. [ 259.679018][T13142] 8021q: adding VLAN 0 to HW filter on device bond1 [ 259.712396][T13147] netlink: 'syz.0.3469': attribute type 1 has an invalid length. [ 259.909088][T13161] FAULT_INJECTION: forcing a failure. [ 259.909088][T13161] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 259.922248][T13161] CPU: 0 UID: 0 PID: 13161 Comm: syz.0.3473 Not tainted syzkaller #0 PREEMPT(voluntary) [ 259.922273][T13161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 259.922365][T13161] Call Trace: [ 259.922373][T13161] [ 259.922383][T13161] __dump_stack+0x1d/0x30 [ 259.922408][T13161] dump_stack_lvl+0x95/0xd0 [ 259.922427][T13161] dump_stack+0x15/0x1b [ 259.922484][T13161] should_fail_ex+0x265/0x280 [ 259.922508][T13161] should_fail+0xb/0x20 [ 259.922527][T13161] should_fail_usercopy+0x1a/0x20 [ 259.922557][T13161] _copy_from_user+0x1c/0xb0 [ 259.922580][T13161] ___sys_sendmsg+0xc1/0x1d0 [ 259.922619][T13161] __sys_sendmmsg+0x178/0x300 [ 259.922659][T13161] __x64_sys_sendmmsg+0x57/0x70 [ 259.922686][T13161] x64_sys_call+0x1e28/0x3000 [ 259.922709][T13161] do_syscall_64+0xca/0x2b0 [ 259.922795][T13161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.922813][T13161] RIP: 0033:0x7fa443fbf749 [ 259.922826][T13161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.922855][T13161] RSP: 002b:00007fa442a27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 259.922876][T13161] RAX: ffffffffffffffda RBX: 00007fa444215fa0 RCX: 00007fa443fbf749 [ 259.922890][T13161] RDX: 0000000000000001 RSI: 0000200000000880 RDI: 0000000000000006 [ 259.922907][T13161] RBP: 00007fa442a27090 R08: 0000000000000000 R09: 0000000000000000 [ 259.922920][T13161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 259.922934][T13161] R13: 00007fa444216038 R14: 00007fa444215fa0 R15: 00007ffc786d39d8 [ 259.922954][T13161] [ 260.360411][T13175] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3478'. [ 260.598894][T13182] wireguard0: entered promiscuous mode [ 260.604458][T13182] wireguard0: entered allmulticast mode [ 260.605829][ T3487] hid_parser_main: 179 callbacks suppressed [ 260.605852][ T3487] hid-generic 0003:0000:0000.0002: unknown main item tag 0x0 [ 260.623512][ T3487] hid-generic 0003:0000:0000.0002: unknown main item tag 0x0 [ 260.630907][ T3487] hid-generic 0003:0000:0000.0002: unknown main item tag 0x0 [ 260.638282][ T3487] hid-generic 0003:0000:0000.0002: unknown main item tag 0x0 [ 260.645683][ T3487] hid-generic 0003:0000:0000.0002: unknown main item tag 0x2 [ 260.653135][ T3487] hid-generic 0003:0000:0000.0002: unknown main item tag 0x0 [ 260.660549][ T3487] hid-generic 0003:0000:0000.0002: unknown main item tag 0x0 [ 260.667928][ T3487] hid-generic 0003:0000:0000.0002: unknown main item tag 0x0 [ 260.675385][ T3487] hid-generic 0003:0000:0000.0002: unknown main item tag 0x0 [ 260.682804][ T3487] hid-generic 0003:0000:0000.0002: unknown main item tag 0x0 [ 260.699637][ T3487] hid-generic 0003:0000:0000.0002: hidraw0: USB HID v0.00 Device [syz1] on syz1 [ 260.710881][T13185] FAULT_INJECTION: forcing a failure. [ 260.710881][T13185] name failslab, interval 1, probability 0, space 0, times 0 [ 260.723549][T13185] CPU: 1 UID: 0 PID: 13185 Comm: syz.2.3482 Not tainted syzkaller #0 PREEMPT(voluntary) [ 260.723575][T13185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 260.723587][T13185] Call Trace: [ 260.723593][T13185] [ 260.723602][T13185] __dump_stack+0x1d/0x30 [ 260.723628][T13185] dump_stack_lvl+0x95/0xd0 [ 260.723662][T13185] dump_stack+0x15/0x1b [ 260.723678][T13185] should_fail_ex+0x265/0x280 [ 260.723700][T13185] should_failslab+0x8c/0xb0 [ 260.723797][T13185] __kmalloc_cache_noprof+0x65/0x4c0 [ 260.723822][T13185] ? uhid_queue_event+0x3a/0x160 [ 260.723844][T13185] uhid_queue_event+0x3a/0x160 [ 260.723874][T13185] ? __pfx_uhid_hid_stop+0x10/0x10 [ 260.723984][T13185] uhid_hid_stop+0x45/0x50 [ 260.724000][T13185] hid_device_remove+0x198/0x210 [ 260.724024][T13185] ? __pfx_hid_device_remove+0x10/0x10 [ 260.724046][T13185] device_release_driver_internal+0x2be/0x4e0 [ 260.724148][T13185] device_release_driver+0x19/0x20 [ 260.724172][T13185] bus_remove_device+0x26d/0x290 [ 260.724190][T13185] device_del+0x36a/0x790 [ 260.724213][T13185] hid_destroy_device+0x54/0x120 [ 260.724302][T13185] uhid_dev_destroy+0x6a/0xb0 [ 260.724424][T13185] uhid_char_write+0x3aa/0x650 [ 260.724451][T13185] ? __pfx_uhid_char_write+0x10/0x10 [ 260.724611][T13185] vfs_write+0x269/0x960 [ 260.724630][T13185] ? __rcu_read_unlock+0x4f/0x70 [ 260.724719][T13185] ? __fget_files+0x184/0x1c0 [ 260.724745][T13185] ksys_write+0xda/0x1a0 [ 260.724766][T13185] __x64_sys_write+0x40/0x50 [ 260.724784][T13185] x64_sys_call+0x2847/0x3000 [ 260.724808][T13185] do_syscall_64+0xca/0x2b0 [ 260.724872][T13185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.724890][T13185] RIP: 0033:0x7f73029ff749 [ 260.724904][T13185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.724919][T13185] RSP: 002b:00007f730145f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 260.724938][T13185] RAX: ffffffffffffffda RBX: 00007f7302c55fa0 RCX: 00007f73029ff749 [ 260.724984][T13185] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 0000000000000006 [ 260.724998][T13185] RBP: 00007f730145f090 R08: 0000000000000000 R09: 0000000000000000 [ 260.725012][T13185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 260.725104][T13185] R13: 00007f7302c56038 R14: 00007f7302c55fa0 R15: 00007ffd30b2ee08 [ 260.725125][T13185] [ 260.997742][T13196] loop2: detected capacity change from 0 to 1024 [ 261.754548][T13226] syz.5.3493 uses obsolete (PF_INET,SOCK_PACKET) [ 261.774894][T13227] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3495'. [ 261.783965][T13227] netlink: 'syz.0.3495': attribute type 7 has an invalid length. [ 261.791685][T13227] netlink: 'syz.0.3495': attribute type 8 has an invalid length. [ 261.799408][T13227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3495'. [ 261.871551][T13227] dummy0: entered promiscuous mode [ 261.886603][T13227] syz_tun: entered promiscuous mode [ 261.898408][T13227] gretap0: entered promiscuous mode [ 261.938280][T13230] loop2: detected capacity change from 0 to 512 [ 261.953631][T13230] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 261.972539][T13230] EXT4-fs (loop2): orphan cleanup on readonly fs [ 261.988916][T13230] EXT4-fs warning (device loop2): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 262.003529][T13230] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 262.010323][T13230] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.3496: bad orphan inode 768 [ 262.070808][T13230] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 262.091107][T13230] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=13230 comm=syz.2.3496 [ 262.103866][T13230] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=13230 comm=syz.2.3496 [ 262.116570][T13230] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=13230 comm=syz.2.3496 [ 262.129265][T13230] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=13230 comm=syz.2.3496 [ 262.142124][T13230] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2562 sclass=netlink_route_socket pid=13230 comm=syz.2.3496 [ 262.154889][T13230] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=13230 comm=syz.2.3496 [ 262.274667][T11306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.351817][T13242] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3500'. [ 262.401782][T13242] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 262.441767][T13242] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 262.482932][T13244] can: request_module (can-proto-4) failed. [ 262.566756][T13249] loop2: detected capacity change from 0 to 164 [ 262.607856][T13249] Unsupported NM flag settings (240) [ 262.703721][T13268] loop0: detected capacity change from 0 to 1024 [ 262.802694][T13276] netlink: 'syz.0.3514': attribute type 1 has an invalid length. [ 262.818359][T13276] 8021q: adding VLAN 0 to HW filter on device bond2 [ 262.920594][ T29] kauditd_printk_skb: 621 callbacks suppressed [ 262.920607][ T29] audit: type=1400 audit(1767907696.576:21734): avc: denied { append } for pid=13285 comm="syz.0.3518" name="001" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 262.968528][ T29] audit: type=1400 audit(1767907696.616:21735): avc: denied { read } for pid=13285 comm="syz.0.3518" name="ppp" dev="devtmpfs" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 262.991580][ T29] audit: type=1400 audit(1767907696.616:21736): avc: denied { open } for pid=13285 comm="syz.0.3518" path="/dev/ppp" dev="devtmpfs" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 263.022104][ T29] audit: type=1400 audit(1767907696.676:21737): avc: denied { ioctl } for pid=13285 comm="syz.0.3518" path="/dev/ppp" dev="devtmpfs" ino=139 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 263.109175][ T29] audit: type=1326 audit(1767907696.766:21738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13294 comm="syz.0.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa443fbf749 code=0x7ffc0000 [ 263.133636][ T29] audit: type=1326 audit(1767907696.786:21739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13294 comm="syz.0.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa443fbf749 code=0x7ffc0000 [ 263.159098][ T29] audit: type=1326 audit(1767907696.816:21740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13294 comm="syz.0.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa443fbf749 code=0x7ffc0000 [ 263.182758][ T29] audit: type=1326 audit(1767907696.816:21741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13294 comm="syz.0.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa443fbf749 code=0x7ffc0000 [ 263.206445][ T29] audit: type=1326 audit(1767907696.816:21742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13294 comm="syz.0.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa443fbf749 code=0x7ffc0000 [ 263.230024][ T29] audit: type=1326 audit(1767907696.816:21743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13294 comm="syz.0.3521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa443fbf749 code=0x7ffc0000 [ 263.453608][T13305] loop1: detected capacity change from 0 to 2048 [ 263.486109][T13305] EXT4-fs (loop1): failed to initialize system zone (-117) [ 263.498042][T13305] EXT4-fs (loop1): mount failed [ 263.505006][T13319] netlink: 'syz.0.3526': attribute type 1 has an invalid length. [ 263.528931][T13319] 8021q: adding VLAN 0 to HW filter on device bond3 [ 263.551046][T13319] macvlan2: entered promiscuous mode [ 263.556449][T13319] macvlan2: entered allmulticast mode [ 263.630768][T13327] team0 (unregistering): Port device team_slave_0 removed [ 263.656605][T13327] team0 (unregistering): Port device team_slave_1 removed [ 263.673574][T13327] bond1: left promiscuous mode [ 263.678467][T13327] ip6gretap1: left promiscuous mode [ 263.688675][T13327] team0 (unregistering): Port device macvlan2 removed [ 263.696954][T13327] bond4: left promiscuous mode [ 263.702842][T13327] team0 (unregistering): Port device macvlan4 removed [ 263.710463][T13327] bond6: left promiscuous mode [ 263.716384][T13327] team0 (unregistering): Port device macvlan5 removed [ 263.729971][ T3507] syz!: Port: 1 Link DOWN [ 263.738935][T13335] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.753249][T13334] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.772920][T13336] bond_slave_0: entered promiscuous mode [ 263.778578][T13336] bond_slave_1: entered promiscuous mode [ 263.784458][T13336] macvtap1: entered allmulticast mode [ 263.789950][T13336] bond0: entered allmulticast mode [ 263.795131][T13336] bond_slave_0: entered allmulticast mode [ 263.800912][T13336] bond_slave_1: entered allmulticast mode [ 263.820263][T13336] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 263.830112][T13336] bond0: left allmulticast mode [ 263.835058][T13336] bond_slave_0: left allmulticast mode [ 263.840667][T13336] bond_slave_1: left allmulticast mode [ 263.846152][T13336] bond_slave_0: left promiscuous mode [ 263.851581][T13336] bond_slave_1: left promiscuous mode [ 263.863854][T13334] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.881448][T13341] bond_slave_0: entered promiscuous mode [ 263.887189][T13341] bond_slave_1: entered promiscuous mode [ 263.918539][T13341] macvtap1: entered allmulticast mode [ 263.923996][T13341] bond0: entered allmulticast mode [ 263.929158][T13341] bond_slave_0: entered allmulticast mode [ 263.934901][T13341] bond_slave_1: entered allmulticast mode [ 263.966439][T13341] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 263.985018][T13341] bond0: left allmulticast mode [ 263.989935][T13341] bond_slave_0: left allmulticast mode [ 263.995393][T13341] bond_slave_1: left allmulticast mode [ 264.000931][T13341] bond_slave_0: left promiscuous mode [ 264.006378][T13341] bond_slave_1: left promiscuous mode [ 264.076557][T13335] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.114627][T13334] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.172546][T13335] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.195948][T13334] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.233028][T13335] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.255681][T10320] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.266833][T10320] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.277657][T10320] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.288579][T10320] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.308582][T10320] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.323136][T10320] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.338146][T10320] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.351032][T10320] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.672080][T13366] netlink: 'syz.2.3541': attribute type 1 has an invalid length. [ 264.704587][T13371] netlink: 'syz.0.3543': attribute type 1 has an invalid length. [ 264.709118][T13366] 8021q: adding VLAN 0 to HW filter on device bond4 [ 264.726758][T13366] macvlan3: entered promiscuous mode [ 264.732121][T13366] macvlan3: entered allmulticast mode [ 264.761373][T13376] loop2: detected capacity change from 0 to 164 [ 264.780534][T13376] Unsupported NM flag settings (240) [ 264.885740][T13381] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.947876][T13382] bond_slave_0: entered promiscuous mode [ 264.953580][T13382] bond_slave_1: entered promiscuous mode [ 264.979160][T13382] macvtap1: entered allmulticast mode [ 264.984593][T13382] bond0: entered allmulticast mode [ 264.989731][T13382] bond_slave_0: entered allmulticast mode [ 264.995463][T13382] bond_slave_1: entered allmulticast mode [ 265.026147][T13382] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 265.043354][T13382] bond0: left allmulticast mode [ 265.048255][T13382] bond_slave_0: left allmulticast mode [ 265.053803][T13382] bond_slave_1: left allmulticast mode [ 265.059388][T13382] bond_slave_0: left promiscuous mode [ 265.064800][T13382] bond_slave_1: left promiscuous mode [ 265.078525][T13381] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.140997][T13381] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.210835][T13381] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.277664][T10320] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.293457][ T334] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.309298][ T334] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.324964][ T334] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.652630][T13404] netlink: 'syz.1.3555': attribute type 1 has an invalid length. [ 265.853546][T13410] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=13410 comm=syz.3.3557 [ 265.866293][T13410] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=13410 comm=syz.3.3557 [ 265.879295][T13410] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=13410 comm=syz.3.3557 [ 265.892336][T13410] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=13410 comm=syz.3.3557 [ 266.158468][T13430] ================================================================== [ 266.166584][T13430] BUG: KCSAN: data-race in __perf_event_read_value / perf_event_set_state [ 266.175089][T13430] [ 266.177451][T13430] write to 0xffff88811b2d0e10 of 8 bytes by task 13378 on cpu 0: [ 266.185165][T13430] perf_event_set_state+0x195/0x440 [ 266.190375][T13430] event_sched_out+0x2d4/0x4d0 [ 266.195148][T13430] __pmu_ctx_sched_out+0x3e7/0x530 [ 266.200273][T13430] ctx_sched_out+0x273/0x2d0 [ 266.204868][T13430] task_ctx_sched_out+0x4d/0x70 [ 266.209726][T13430] __perf_event_task_sched_out+0x286/0x370 [ 266.215539][T13430] __schedule+0xbf0/0xcd0 [ 266.219876][T13430] schedule+0x5f/0xd0 [ 266.223868][T13430] __futex_wait+0x117/0x260 [ 266.228374][T13430] futex_wait+0x9d/0x1d0 [ 266.232617][T13430] do_futex+0x2bf/0x380 [ 266.236775][T13430] __se_sys_futex+0x2ed/0x360 [ 266.241456][T13430] __x64_sys_futex+0x78/0x90 [ 266.246050][T13430] x64_sys_call+0x2bc2/0x3000 [ 266.250733][T13430] do_syscall_64+0xca/0x2b0 [ 266.255247][T13430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.261147][T13430] [ 266.263456][T13430] read to 0xffff88811b2d0e10 of 8 bytes by task 13430 on cpu 1: [ 266.271078][T13430] __perf_event_read_value+0x82/0x1d0 [ 266.276437][T13430] perf_read+0x173/0x4d0 [ 266.280669][T13430] loop_rw_iter+0x2c6/0x3f0 [ 266.285153][T13430] __io_read+0xbd5/0xc30 [ 266.289380][T13430] io_read+0x4a/0x190 [ 266.293347][T13430] __io_issue_sqe+0xfe/0x2e0 [ 266.297920][T13430] io_issue_sqe+0x56/0xa80 [ 266.302321][T13430] io_wq_submit_work+0x3f7/0x5f0 [ 266.307246][T13430] io_worker_handle_work+0x44e/0x9b0 [ 266.312516][T13430] io_wq_worker+0x22e/0x860 [ 266.317010][T13430] ret_from_fork+0x149/0x290 [ 266.321587][T13430] ret_from_fork_asm+0x1a/0x30 [ 266.326337][T13430] [ 266.328643][T13430] value changed: 0x000000003c67c288 -> 0x000000003c67defe [ 266.335755][T13430] [ 266.338066][T13430] Reported by Kernel Concurrency Sanitizer on: [ 266.344207][T13430] CPU: 1 UID: 0 PID: 13430 Comm: iou-wrk-13378 Not tainted syzkaller #0 PREEMPT(voluntary) [ 266.354251][T13430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 266.364292][T13430] ==================================================================