last executing test programs: 5m34.10125068s ago: executing program 0 (id=431): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000b00)={[{@user_xattr}, {@nodioread_nolock}, {@nodelalloc}]}, 0x1, 0x4a3, &(0x7f0000000580)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9IE3XjSl0UxIIbhRqTaayZZEJmUpvQRaq7LlyIoiAu3PsXuLEriyCudS8upKI1ggrCyDkzk+Zr4qBpBnJ+Pzid95z3dJ73zfC8nHnPOXMCyKyzyT+5iMGI+DwijjZWN+9wtvGydv/mVLLkol6//F0u3S9Zb+3a+n9HImI1Ivoi4tknI17KbY9bXV6ZnSyXS4vN9WJtbqFYXV65cG1ucqY0U5ofGb84MTE+PDY6sWd9vf3GK7cvffR074c/vX7v7puffJw0a7BZt7Efe6nR9Z44vmHboYh4/GEE64JCsz/93W4If0jy+f0tIs6l+X80CumnCWRBvV6v/1o/3K56tQ4cWPn0GDiXH4qIRjmfHxpqHMP/PQby5Uq19v+rlaX56cax8rHoyV+9Vi4NN78rHIueXLI+kpYfrI9uWR+LSI+B3yr0p+tDU5Xy9P4OdcAWR7bk/4+FRv4DGeErP2SX/Ifskv+QXfIfskv+Q3bJf8gu+Q/ZJf8hu+Q/ZJf8h+yS/5BJz1y6lCz11v3v09eXl2Yr1y9Ml6qzQ3NLU0NTlcWFoZlKZSa9Z2fu996vXKksjDwSSzeKtVK1Vqwur1yZqyzN166k9/VfKfXsS6+AThw/c+fLXESsPtqfLoneZp1chYOtXs9Ft+9BBrqj0O0BCOgaU3+QXb7jAzv8RO8mfe0qFva+LcD+yHe7AUDXnD/l/B9klfl/yC7z/5BdjvEB8/+QPeb/IbsG2zz/6y8bnt01HBF/jYgvCj2HW8/6Ag6C/De55vH/+aP/Htxa25v7OT1F0BsRr753+Z0bk7Xa4kiy/fv17bV3m9tHu9F+oFOtPG3lMQCQXWv3b061lv2M++0TjYsQtsc/1Jyb7EvPUQ6s5TZdq5Dbo2sXVm9FxMmd4ueazztvnPkYWCtsi3+i+ZprvEXa3kPpc9P3J/6pDfH/tSH+6T/9V4FsuJOMP8M75V8+zelYz7/N48/gHl070X78y6+Pf4U249+ZDmO8/P5rX7eNfyvi9I7xW/H60lhb4ydtO99h/HsvPPePdnX1Dxrvs1P8lqRUrM0tFKvLKxfS35GbKc2PjF+cmBgfHhudKKZz1MXWTPV2j5387O5u/R9oE3+3/ifb/tth/3/556fPn90l/n/O7fz5n9glfn9E/K/D+D+MfvViu7ok/nSb/ud3iZ9sG+swfvXtpw53uCsAsA+qyyuzk+VyaVFBQUFhvdDtkQl42B4kfbdbAgAAAAAAAAAAAHRqPy4n7nYfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOgt8CAAD//1kn1ls=") close_range(r0, 0xffffffffffffffff, 0x0) 5m33.374592692s ago: executing program 0 (id=436): getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_int(r0, &(0x7f0000000540), 0xfffffdd8) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0xc8df, 0xc000, 0xa, 0x20002f7}) 5m32.010470892s ago: executing program 0 (id=459): r0 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="8e"], 0x1) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000200)={0x0, @local, @local}, &(0x7f0000000140)=0xc) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x40, r1}) r3 = socket(0xa, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)}, 0x0) ioctl(r2, 0x8916, &(0x7f0000000000)) ioctl(r3, 0x8936, &(0x7f0000000000)) 5m31.832994022s ago: executing program 0 (id=463): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) chroot(&(0x7f0000000100)='./file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000a80)='./file0/file0\x00') 5m31.762642676s ago: executing program 0 (id=464): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) eventfd2(0x0, 0x0) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(0xffffffffffffffff, 0x10, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001a80)=[{0x0}], 0x0, 0x1}, 0x20) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01010000000000000000010000000900030073797a310000000014000480080002400000000008000140000000000900010073797a300000000074000000060a010400000000e5000000010000004c000480240001800b00010072656a656374000014000280080001400000000005000200fc000000240001800b000100736f636b6574000014000280080002400000000a080001400000000208000b40000000000900010073797a300000000014000000110001"], 0xfc}, 0x1, 0x0, 0x0, 0x20040080}, 0x0) 5m31.36673542s ago: executing program 0 (id=470): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x4682}, 0x1c) r2 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x48, 0x10, 0x437, 0x3, 0xffffffff, {0x0, 0x0, 0x0, r3, 0x51b0b}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @remote}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010) sendto$packet(r0, &(0x7f0000000000)="6f3d12caa1", 0x5, 0x4, &(0x7f0000000180)={0x11, 0x8100, r3, 0x1, 0xe9, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14) 5m31.36657908s ago: executing program 32 (id=470): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x4682}, 0x1c) r2 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x48, 0x10, 0x437, 0x3, 0xffffffff, {0x0, 0x0, 0x0, r3, 0x51b0b}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @remote}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010) sendto$packet(r0, &(0x7f0000000000)="6f3d12caa1", 0x5, 0x4, &(0x7f0000000180)={0x11, 0x8100, r3, 0x1, 0xe9, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14) 5m9.030524453s ago: executing program 5 (id=890): unshare(0x6a040000) sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x4000080) unshare(0x6a040000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000400)={0x0, 0x100000, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r2, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0xb0) 5m8.922829879s ago: executing program 5 (id=891): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000180)=@file={0x1}, 0x6e) listen(r0, 0x0) r1 = io_uring_setup(0x4822, &(0x7f0000000100)={0x0, 0x7437, 0x80}) close_range(r1, 0xffffffffffffffff, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000000)=@file={0x1}, 0x6e) connect$unix(r2, &(0x7f0000000080)=@file={0x1}, 0x6e) 5m8.100670377s ago: executing program 5 (id=901): syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x108, 0x0, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x4a6, 0xcf2a, 0x200000000000003c, 0x0, 0x0) setsockopt$MRT6_DEL_MIF(0xffffffffffffffff, 0x29, 0xcb, 0x0, 0x2f) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000001, 0x8031, 0xffffffffffffffff, 0xa8af1000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) openat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz0\x00', 0x200002, 0x0) 5m7.331317501s ago: executing program 5 (id=921): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x28a5291, 0x0) unshare(0x22020400) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1) 5m7.261185306s ago: executing program 5 (id=922): bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24002040) r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0xe459d, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0, 0x2}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000ccb000)={0x2, 0x4e22, @loopback}, 0x10) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) 5m6.654069091s ago: executing program 5 (id=927): socket$pptp(0x18, 0x1, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_io_uring_setup(0x276e, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000007, 0x20b}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x2d3e, 0xec84, 0x0, 0x0, 0x0) 5m6.630684562s ago: executing program 33 (id=927): socket$pptp(0x18, 0x1, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_io_uring_setup(0x276e, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000007, 0x20b}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x2d3e, 0xec84, 0x0, 0x0, 0x0) 1.302508204s ago: executing program 6 (id=5197): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x1, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x800}, 0x200, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x84, 0x5, [{{@in6=@remote, 0x0, 0x3c}, 0x0, @in6=@dev}, {{@in=@dev={0xac, 0x14, 0x14, 0x43}, 0x0, 0x33}, 0x0, @in=@empty}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x1}, 0x4000) 1.252221817s ago: executing program 6 (id=5200): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="12000000090000000400000002"], 0x50) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000040)}, 0x20) 1.148149463s ago: executing program 6 (id=5201): perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x22, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xfffffffffffffffe, 0x2}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setresuid(0xee00, 0xee00, 0x0) r0 = syz_io_uring_setup(0x4e0, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x400252}, &(0x7f0000000640)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_MKDIRAT={0x25, 0x17, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1f, 0x0, 0xf9b7a26b18f77d51}) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2}, 0x0) ptrace(0x10, 0x0) unshare(0x26020400) wait4(0x0, 0x0, 0x8, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d7, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) 725.030908ms ago: executing program 1 (id=5207): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x484, &(0x7f0000000200)={0x6, @local, 0x4e23, 0x3, 'rr\x00', 0x20, 0x3, 0x28}, 0x2c) 704.815899ms ago: executing program 1 (id=5208): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000b80)={{0x14}, [@NFT_MSG_DELCHAIN={0x20, 0x5, 0xa, 0x301, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x0) 683.86105ms ago: executing program 1 (id=5209): r0 = socket$inet6(0xa, 0x2, 0x3a) sendmmsg$inet6(r0, &(0x7f0000000b80)=[{{&(0x7f00000000c0)={0xa, 0x4e20, 0x7ffb, @mcast1, 0x4}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000080)="8000102e7577d401", 0x8}], 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000000000002900000008"], 0x18}}], 0x1, 0x4000084) 619.712454ms ago: executing program 1 (id=5210): r0 = socket$kcm(0x11, 0x2, 0x300) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x890c, 0x0) 619.466834ms ago: executing program 1 (id=5211): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="380000000314010029bd7000fcdbdf250900020000007a31000000000800410072786500140033"], 0x38}, 0x1, 0x0, 0x0, 0x4040815}, 0x800) 619.091274ms ago: executing program 1 (id=5212): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x9, 0x690bb, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x100a0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_bp={0x0}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2ef}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x3, 0x8, 0xcdb0, 0x0, 0x0, 0x0, 0x0, 0x2000000020000006}, 0x0, 0xffffffffffffffff, r0, 0x2) socket$inet_tcp(0x2, 0x1, 0x0) close(0x3) r1 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r1, &(0x7f0000000200)={0x2, 0x4e24, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, 0x0, 0x0) sendmmsg(r1, 0x0, 0x0, 0x4000045) bind$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x40}, 0x1c) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, &(0x7f00000001c0)) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x8}, &(0x7f00000000c0)=0x8) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(0xffffffffffffffff, 0x0, 0x20040800) modify_ldt$write(0x1, 0x0, 0x0) syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) 360.562149ms ago: executing program 3 (id=5223): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4ea5, 0x403, @private0, 0x1ddf}, 0xd) 360.253949ms ago: executing program 3 (id=5224): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x0, 0x0, 0x30, 0x9d, @in6={0x1b, 0x0, 0x7, @empty, 0x3aa7}, @ib={0x1b, 0xffff, 0x1, {}, 0x8, 0xfffffffffffffffc, 0x6}}}, 0x118) 341.12814ms ago: executing program 3 (id=5227): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newlink={0x34, 0x12, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x800) 330.586381ms ago: executing program 4 (id=5228): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffbffffb, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x17}, @call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f00000003c0)="6f11ba816056a1827a33ae059cf3", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) 295.385173ms ago: executing program 2 (id=5230): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SFACILITIES(r0, 0x89e3, &(0x7f00000000c0)={0x400003a, 0x5, 0xc, 0x4, 0x6}) 294.926523ms ago: executing program 3 (id=5231): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x0, &(0x7f00000001c0)={[{@init_itable_val={'init_itable', 0x3d, 0x1}}, {@user_xattr}, {@minixdf}, {@mblk_io_submit}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x7}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000}}]}, 0x1, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR") lsetxattr$trusted_overlay_upper(&(0x7f0000000040)='./file1\x00', &(0x7f0000000000), &(0x7f0000000040)=ANY=[], 0xe01, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@delchain={0x24, 0x65, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x509d884560ba1ba6, 0x3}, {}, {0x8, 0x10}}}, 0x24}}, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x4, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000054}, 0x84) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f00000000c0)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e22, 0x3, 'lc\x00', 0x1, 0x2, 0x6}, 0x2c) r3 = socket$kcm(0xa, 0x2, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e23, 0x10000, 0x4, 0x12d5c, 0x1255c}}, 0x44) sendmsg$sock(r3, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000080)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'vcan0\x00', &(0x7f0000000000)=@ethtool_cmd={0xa, 0x6, 0x4, 0x0, 0x0, 0x1, 0x0, 0x9, 0xff, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x5, [0x6]}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0x4, 0xc0000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x3}, {0xa, 0xe}, {0x0, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}]}, 0x34}}, 0x20004015) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r5 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) 294.294863ms ago: executing program 6 (id=5232): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x17c, 0x19, 0x1, 0x1, 0x0, {{@in=@private=0xa010100, @in=@private=0xa010103, 0x0, 0x3, 0x0, 0x0, 0xa, 0x0, 0x20, 0x8}, {0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1e}, {0x1, 0x0, 0xfffffffffffffffd, 0x40000402dd}, 0x4, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0xc4, 0x5, [{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x2b}, 0x0, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x3502, 0x0, 0x0, 0xff}, {{@in6=@loopback, 0x0, 0x3c}, 0x2, @in6=@empty, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x9}, {{@in=@multicast2, 0x0, 0x2b}, 0xa, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0xffffffff, 0x4, 0x1}]}]}, 0x17c}}, 0x8000000) 284.911223ms ago: executing program 4 (id=5233): setuid(0xee01) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0xa4}, [@ldst={0x7, 0x3, 0x0, 0x1c10a1}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 268.921404ms ago: executing program 6 (id=5234): r0 = syz_open_dev$loop(&(0x7f0000000000), 0x10001, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x40081271, 0x0) 261.458955ms ago: executing program 4 (id=5235): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x2010008, &(0x7f00000001c0), 0xff, 0x545, &(0x7f0000001300)="$eJzs3c9vHFcdAPDvrL2Okzi1CxygUktFi5IKshvXtLU4lCIhOFVClHsw9saysvZG9rqNrQo2fwESQoDECS5ckPgDkFAkLhwRUiQ4g1QEQpCCBIfSQbM7G5v1rL0xa2+8/nykybw3v77f5/iNZ3aeZgM4t56PiDci4sM0TV+KiNl8eSmfotWZsu3ef/jucjYlkaZv/S2JJF+WbZamado95uV8t+mI+NpXIr6Z7As4nc93dm8v1eu1zbxaba7fqW7t7F5fW19ara3WNhYW5l9dfG3xlcUbQ2nnlYh4/Ut/+v53fvrl13/52Xf+ePMv176VpTWTr++24xgmD1vZaXr5wnTPDpvHDPYkytpT/iCvXBxsn3snmRAAAH1l1/gfiYhPRcRLMRsTh1/OAgAAAGdQ+oWZ+CDpPL8rMNVnOQAAAHCGlNpjYJNSJR8LMBOlUqXSGcP7sbhUqje2mp+51djeWOmMlZ2LcunWWr12Ix8rPBflJKvPt8t79Zd76gsR8XREfG/2YrteWW7UV0b94QcAAACcE5d77v//Odu5/z9ccjrJAQAAAMMzN+oEAAAAgBPn/h8AAADGWnnUCQAAAAAn7qtvvplNaff7r1fe3tm+3Xj7+kpt63ZlfXu5stzYvFNZbTRW2+/sWz/qePVG487nYmP7brVZ22pWr+zs3lxvbG80b67F9Kk0CAAAADjg6U/e/30SEa3PX2xPmalRJwWcislHpe47PQt6/x+e6szfO6WkgFMxMcA2710oXu46Ac62yd4Fffo6MH6M/weO+kaPvoN3ftOZlYacDwAAMHxXP1H8/P/o6/mWS34443RiOL96nv+ns6NKBDh17ef/gw7kcbEAY6U80AhAYJz9v8//j5amj5UQAAAwdDPtKSlV8o/3ZqJUqlQirrS/FrCc3Fqr125ExFMR8bvZ8oWsPt/eMznyngEAAAAAAAAAAAAAAAAAAAAAAAAA6EjTJFIAAABgrEWU/pz8qvMu/6uzL870fj4wlfy7/ZXAUxHxzo/e+sHdpWZzcz5b/vdHy5s/zJe/PIpPMAAAAIBe3fv09vxfo84GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHHz/sN3l7vTAJtfHFbcv34xIuaK4k/GdHs+HeWIuPSPJCb37ZdExMQQ4rfuRcTHi+InWVqPQhbFH8YPoXUvaaVthfFjLv8pFMW/PIT4cJ7dz84/bxT1/1I8354X97/JiP+pH1f/8188Ov9N9On/VwaM8cyDn1f7xr8X8cxk8fmvGz/pE/+FgaKX4xtf393ttzb9ccTV7t+f9hlvf4S9UrW5fqe6tbN7fW19abW2WttYWJh/dfG1xVcWb1RvrdVr+b+FMb777C8+PKz9lwr//iV5Nv3b/2LB8SYK8v/Pg7sPP9qttA7Gv/ZCQfxf/yTf4mD8Uh7n03k5W3+1W251yvs997PfPndY+1f22l9+nP//a/0O2utAR3l2sF8dAOBEbO3s3l6q12ubY1vI7tKfgDSOU5iKJyKN8S18Oys8GNYB0zRNsz5VsOp+RAxynCSG3NJScT57hb5ngFGfmQAAgGHbu+gfdSYAAAAAAAAAAAAAAAAAAABwfp3GW9Z6Y+69AjkZxiu0AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG4r8BAAD//7gG3Ac=") creat(&(0x7f0000000480)='./file0\x00', 0x41) 222.992487ms ago: executing program 6 (id=5236): perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x63, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x800000, 0x6, 0x2, 0xcb, 0xffff, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xfff7ffffffffffff, 0xffffffffffffffff, 0x8) r0 = socket$rxrpc(0x21, 0x2, 0xa) bpf$MAP_CREATE(0x0, 0x0, 0x50) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={0x0, 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x880) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000f, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) poll(&(0x7f0000000a40)=[{r0, 0x2}], 0x1, 0x7f) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000300)=0x10, 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="f000000010000d0400"/20, @ANYRES32=0x0, @ANYBLOB="0008000000020000bc0012800c0001006d6163766c616e00ac000280080006000100000008000100100000000a0004000180c200000300000a00040000000000030000000800070005000000080007000a0000004c0005800a000400aaaaaaaaaabb00000a000400aaaaaaaaaabb00000a0004"], 0xf0}, 0x1, 0x0, 0x0, 0x4}, 0x0) fsetxattr$trusted_overlay_origin(r2, &(0x7f0000000000), &(0x7f0000000040), 0x2, 0x3) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r4) sendmsg$GTP_CMD_NEWPDP(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="010000000000008000f002000000"], 0x14}}, 0x0) sendmsg$GTP_CMD_GETPDP(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x54, r5, 0x200, 0x70bd29, 0x25dfdbfc, {}, [@GTPA_I_TEI={0x8, 0x8, 0x1}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FAMILY={0x5, 0xd, 0x8}, @GTPA_FLOW={0x6, 0x6, 0x2}, @GTPA_TID={0xc, 0x3, 0x2}, @GTPA_PEER_ADDRESS={0x8, 0x4, @remote}]}, 0x54}, 0x1, 0x0, 0x0, 0x20008090}, 0x40090) 222.325667ms ago: executing program 3 (id=5237): syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./bus\x00', 0x4000, &(0x7f0000000500)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRES64, @ANYRES32, @ANYRESHEX, @ANYRESDEC], 0x1, 0x2cb, &(0x7f0000000ac0)="$eJzs3U9LW1kYx/GfJmNiHE0Ww8AMDHOY2cxsgpN5ATNhUBgmMMUaabsoXOtNG3KbyL3BEik1m9JtX4d02V2h7RtwU7rpvjspFLpxUXqL9yaaaJLGkD9avx+Q8yTPeXKO5ihPLiTuX3t8t1Tw0gWrqum40bRU14GUOowaphrjdBDPqFVdv899ePPT1es3/svmcksrxixnV//MGGMWfn5+7/6TX15W59aeLjyLaS91c/995u3ezN4P+59W7xQ9U/RMuVI1llmvVKrWumObjaJXShtzxbEtzzbFsme7bfmCU9ncrBmrvDGf2HRtzzNWuWZKds1UK6bq1ox12yqWTTqdNvMJXW7RPubkd1dWrGzXtB8Z6o4wcrOd7nTdbL1zMr87hj0BAIBzpnf/H/b63fv/3Fo4nqX///7L/b9E/z8i9bZbXfr/b8e4IYyc62atROP3tx39PwAAAAAAAAAAAAAAAAAAAAAAF8GB7yd9308ejo27gtsxSXFJfiN/VNDP28pxYbQ+/37LV9fnP/TXhLaLIWt5415cch5t5bfy4RjmswUV5cjWopL6GJyHhjBe/je3tGgCKb1wdhr1O1v5iGLN+qZUp/qpqBQ+QHv9N0q0rp9RUt91Xj9jOtXP6LdfW+rTSurVLVXkaCM418f1D/4w5p//cyfqZ4N5AAAAAAB8DdLmyKnX70E+mBDX6XxY33J9wPf9nV7XB068vo7qR64lAgAAAAAwFl5tu2Q5ju0OEMQkDVYuDbxor8D3paE+4EBBRJNcvVvwt6RzsI1xBXE1z5gZpPydznRE/T7mRCVN/MdyhmDSf5kAAAAADJtX2z7+Bz/9ev1wRLsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBy6vfzwJrzT6WaiZ6f9nckMvZvEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADhHPgcAAP//ps0YVA==") r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x240008c4}, 0x800c054) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106}}, 0x20) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000700)={&(0x7f0000000780)=ANY=[@ANYRES16=r1, @ANYBLOB="00082dbd7000fedbdf25010000000000000007410000004c00180000000773797a3000"/94], 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002080)=@newtaction={0xe98, 0x30, 0x25, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x4}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {0x0, 0x5, 0x0, 0x0, 0x0, 0x20000000}, {}, {}, {0x8, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x20000}, {}, {}, {0x0, 0x9}, {0x1}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x7}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x0, 0x2}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0xfffffffc}, {0xfffffffe}, {}, {0x81}, {}, {0x0, 0x10000}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x0, 0x1}, {0x7}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x80}, {}, {0x0, 0x800000}, {}, {}, {}, {0x0, 0x0, 0x2, 0x8}, {0x4, 0x4000000, 0x0, 0x8000}, {}, {0x0, 0x80000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {0x0, 0x3}, {}, {}, {0x0, 0x3}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x2, 0xfffffffd}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x100000}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x3}, {}, {}, {0x3}, {}, {}, {}, {}, {0xfffffffd}, {}, {}, {0x0, 0x0, 0x1, 0x0, 0x747}, {0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x9}, {}, {}, {}, {0x0, 0x200}, {}, {}, {}, {0xfffffffd}, {}, {}, {}, {0x0, 0x0, 0x0, 0x6}, {0x0, 0x6, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x0, 0x5}], [{0x2}, {}, {0x4, 0x1}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file3\x00', 0x1c0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r3) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000340)={&(0x7f0000000200)={0x38, 0x1403, 0x200, 0x70bd28, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'macvlan0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40040}, 0x4040) r5 = gettid() tkill(r5, 0x12) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x25, 0x3, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x100}, 0x510d, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x4) symlink(&(0x7f0000000240)='./file1/file0\x00', &(0x7f0000000600)='./file0/file3\x00') 214.691558ms ago: executing program 2 (id=5238): setrlimit(0x9, &(0x7f0000000080)={0x8606, 0xffff}) mremap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) 150.823191ms ago: executing program 2 (id=5239): r0 = socket$l2tp(0x2, 0x2, 0x73) sendto$inet(r0, 0x0, 0x0, 0x10, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0xf) 150.650301ms ago: executing program 2 (id=5240): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8923, &(0x7f00000000c0)={'bond_slave_0\x00', @random="0135014010ff"}) 144.420562ms ago: executing program 2 (id=5241): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000001140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r0, 0x0, 0x10, 0x38, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x60ff, 0x0, 0x0, 0xffffffffffffffe8, 0x0, 0x0, 0x6}, 0xf) 135.841302ms ago: executing program 4 (id=5242): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8949, &(0x7f0000000900)={'vlan0\x00', @remote}) 121.587803ms ago: executing program 2 (id=5243): perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x22, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xfffffffffffffffe, 0x2}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setresuid(0xee00, 0xee00, 0x0) r0 = syz_io_uring_setup(0x4e0, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x400252}, &(0x7f0000000640)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_MKDIRAT={0x25, 0x17, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1f, 0x0, 0xf9b7a26b18f77d51}) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) ptrace(0x10, 0x0) unshare(0x26020400) wait4(0x0, 0x0, 0x8, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) 58.724457ms ago: executing program 4 (id=5244): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) pipe(&(0x7f0000000080)={0xffffffffffffffff}) pipe(&(0x7f00000000c0)) socket$tipc(0x1e, 0x5, 0x0) socket$tipc(0x1e, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) socket(0xa, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0xe}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="00008000", @ANYRES16, @ANYBLOB="2d01620000000900509072fb60cb080003"], 0x2c}}, 0x4044010) sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r6, @ANYRES8=r1], 0x4}}, 0x0) sendfile(r5, r4, 0x0, 0x100000002) 52.034837ms ago: executing program 4 (id=5245): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x1d, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0xb, 0x0, 0xfffffffffffffffa}}}, 0xb8}}, 0x0) 0s ago: executing program 3 (id=5246): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x400400c0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_type(r0, 0x0, 0x2, 0x0) write$cgroup_type(r1, 0x0, 0x0) r2 = openat$cgroup_procs(r0, 0x0, 0x2, 0x0) write$cgroup_pid(r2, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) epoll_create1(0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB, @ANYRES32=r7, @ANYBLOB], 0x1c}}, 0x0) write$nci(r4, &(0x7f0000000140)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x2, @f={0xff, 0x4, 0x2, 0x1, {0xfd, 0x3, "40b36b"}, 0x1}}, 0xd) sendmsg$NFC_CMD_ACTIVATE_TARGET(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000640)={&(0x7f00000006c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf251c000000230003000100deff0700040000000000080004000100000008000400ffffffff0800030003000000c0f57d93414469b9189d75fb09dc317ee2b22b7998419e9b04703af94c9b3ef68f3991780ddef1545ef2956e5716b502cdac9e56054896e21f9daa772bb265f51208265324ee8eceb0a4c3409b6758b1058e13914b800c91c515bc2bc9511a0988b3097ec12949c8a0ab3da2c3bceb9967a05d235f2637bce2e3177f02324cda6524428580fe8958e501a602862a00092e62ef60eadf64ebd96f7485d471a4aa221a2d260151d3dafc78af206c420c58bce5c2690bb5b1eec76fdb660f3de1ed627cc127a795670cd19a61787578c1585be8e4138c46da6a9c99d1cda3cb70bfbe17b532939f1d2aec82fb54cb6c61ce88deb96163dd7e8057d1d4588211cb551b7d42193127919183fb2080be8fe0797364150c485db6275fbd"], 0x3c}}, 0x4008000) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000003a80)={0x0, 0x1c, &(0x7f0000003980)=[@in6={0xa, 0x2, 0x8001, @mcast1, 0xffffffff}]}, &(0x7f00000001c0)=0x10) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)=0x1, 0x12) r8 = socket(0x400000000010, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000380)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r8, 0x0, 0x0) kernel console output (not intermixed with test programs): 0 [ 322.490519][T15028] oom_kill_process+0x295/0x350 [ 322.490555][T15028] out_of_memory+0x97d/0xb80 [ 322.490593][T15028] try_charge_memcg+0x62e/0xa10 [ 322.490632][T15028] obj_cgroup_charge_pages+0x23/0xc0 [ 322.490728][T15028] __memcg_kmem_charge_page+0x9e/0x170 [ 322.490839][T15028] __alloc_frozen_pages_noprof+0x18a/0x350 [ 322.491046][T15028] alloc_pages_mpol+0xb3/0x260 [ 322.491091][T15028] alloc_pages_noprof+0x8f/0x130 [ 322.491135][T15028] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 322.491263][T15028] __kvmalloc_node_noprof+0x471/0x680 [ 322.491341][T15028] ? ip_set_alloc+0x24/0x30 [ 322.491381][T15028] ? ip_set_alloc+0x24/0x30 [ 322.491425][T15028] ip_set_alloc+0x24/0x30 [ 322.491481][T15028] hash_netiface_create+0x282/0x740 [ 322.491575][T15028] ? __pfx_hash_netiface_create+0x10/0x10 [ 322.491616][T15028] ip_set_create+0x3cf/0x970 [ 322.491689][T15028] ? __nla_parse+0x40/0x60 [ 322.491819][T15028] nfnetlink_rcv_msg+0x509/0x5d0 [ 322.491902][T15028] netlink_rcv_skb+0x123/0x220 [ 322.492023][T15028] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 322.492061][T15028] nfnetlink_rcv+0x167/0x1720 [ 322.492104][T15028] ? __list_add_valid_or_report+0x38/0xe0 [ 322.492135][T15028] ? merge_sched_in+0x5db/0xbe0 [ 322.492213][T15028] ? rb_next+0x5c/0x80 [ 322.492248][T15028] ? visit_groups_merge+0xf7e/0xfd0 [ 322.492291][T15028] ? event_sched_out+0x896/0x8f0 [ 322.492328][T15028] ? _raw_spin_lock_bh+0x56/0xb0 [ 322.492396][T15028] ? should_fail_ex+0x30/0x280 [ 322.492495][T15028] ? selinux_nlmsg_lookup+0x99/0x890 [ 322.492527][T15028] ? __rcu_read_unlock+0x33/0x70 [ 322.492570][T15028] ? __netlink_lookup+0x276/0x2b0 [ 322.492669][T15028] netlink_unicast+0x5c0/0x690 [ 322.492718][T15028] netlink_sendmsg+0x5c8/0x6f0 [ 322.492750][T15028] ? __pfx_netlink_sendmsg+0x10/0x10 [ 322.492778][T15028] ____sys_sendmsg+0x5af/0x600 [ 322.492814][T15028] ___sys_sendmsg+0x195/0x1e0 [ 322.492861][T15028] __x64_sys_sendmsg+0xd4/0x160 [ 322.492890][T15028] x64_sys_call+0x17ba/0x3000 [ 322.492926][T15028] do_syscall_64+0xc0/0x2a0 [ 322.493012][T15028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.493043][T15028] RIP: 0033:0x7f15d816aeb9 [ 322.493062][T15028] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 322.493088][T15028] RSP: 002b:00007f15d6bc7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 322.493196][T15028] RAX: ffffffffffffffda RBX: 00007f15d83e5fa0 RCX: 00007f15d816aeb9 [ 322.493217][T15028] RDX: 0000000000000880 RSI: 0000200000000040 RDI: 0000000000000005 [ 322.493312][T15028] RBP: 00007f15d81d8c1f R08: 0000000000000000 R09: 0000000000000000 [ 322.493336][T15028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 322.493355][T15028] R13: 00007f15d83e6038 R14: 00007f15d83e5fa0 R15: 00007ffea030eeb8 [ 322.493380][T15028] [ 322.493390][T15028] memory: usage 307200kB, limit 307200kB, failcnt 594 [ 322.825630][T15028] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 322.833595][T15028] kmem: usage 236528kB, limit 9007199254740988kB, failcnt 0 [ 322.840939][T15028] Memory cgroup stats for /syz6: [ 322.844439][T15028] cache 69365760 [ 322.853060][T15028] rss 2953216 [ 322.856372][T15028] shmem 65536 [ 322.859724][T15028] mapped_file 0 [ 322.863267][T15028] dirty 0 [ 322.866326][T15028] writeback 0 [ 322.869636][T15028] workingset_refault_anon 287 [ 322.874364][T15028] workingset_refault_file 0 [ 322.878878][T15028] swap 0 [ 322.881801][T15028] swapcached 0 [ 322.885188][T15028] pgpgin 455537 [ 322.888662][T15028] pgpgout 437881 [ 322.892344][T15028] pgfault 364609 [ 322.895923][T15028] pgmajfault 43 [ 322.899434][T15028] inactive_anon 184320 [ 322.903666][T15028] active_anon 909312 [ 322.907660][T15028] inactive_file 1925120 [ 322.911930][T15028] active_file 0 [ 322.915495][T15028] unevictable 69300224 [ 322.919731][T15028] hierarchical_memory_limit 314572800 [ 322.925308][T15028] hierarchical_memsw_limit 9223372036854771712 [ 322.931512][T15028] total_cache 69365760 [ 322.935681][T15028] total_rss 2953216 [ 322.939501][T15028] total_shmem 65536 [ 322.943376][T15028] total_mapped_file 0 [ 322.947372][T15028] total_dirty 0 [ 322.950894][T15028] total_writeback 0 [ 322.954726][T15028] total_workingset_refault_anon 287 [ 322.960009][T15028] total_workingset_refault_file 0 [ 322.965129][T15028] total_swap 0 [ 322.968551][T15028] total_swapcached 0 [ 322.972506][T15028] total_pgpgin 455537 [ 322.976573][T15028] total_pgpgout 437881 [ 322.980693][T15028] total_pgfault 364609 [ 322.984905][T15028] total_pgmajfault 43 [ 322.988957][T15028] total_inactive_anon 184320 [ 322.993608][T15028] total_active_anon 909312 [ 322.998050][T15028] total_inactive_file 1925120 [ 323.002797][T15028] total_active_file 0 [ 323.006804][T15028] total_unevictable 69300224 [ 323.011543][T15028] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.3942,pid=15027,uid=0 [ 323.026679][T15028] Memory cgroup out of memory: Killed process 15028 (syz.6.3942) total-vm:94264kB, anon-rss:3384kB, file-rss:22308kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:0 [ 323.373655][T15052] bond0: Caught tx_queue_len zero misconfig [ 324.367183][T15097] bond0: Caught tx_queue_len zero misconfig [ 324.375298][T15097] syz_tun: entered allmulticast mode [ 324.417350][ T29] kauditd_printk_skb: 36 callbacks suppressed [ 324.417369][ T29] audit: type=1326 audit(2000000930.053:6601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15100 comm="syz.6.3966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d816aeb9 code=0x7ffc0000 [ 324.449050][ T29] audit: type=1326 audit(2000000930.053:6602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15100 comm="syz.6.3966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d816aeb9 code=0x7ffc0000 [ 324.491634][ T29] audit: type=1326 audit(2000000930.093:6603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15100 comm="syz.6.3966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15d816aeb9 code=0x7ffc0000 [ 324.515378][ T29] audit: type=1326 audit(2000000930.093:6604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15100 comm="syz.6.3966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d816aeb9 code=0x7ffc0000 [ 324.539024][ T29] audit: type=1326 audit(2000000930.093:6605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15100 comm="syz.6.3966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d816aeb9 code=0x7ffc0000 [ 324.562569][ T29] audit: type=1326 audit(2000000930.113:6606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15100 comm="syz.6.3966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15d816aeb9 code=0x7ffc0000 [ 324.586121][ T29] audit: type=1326 audit(2000000930.113:6607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15100 comm="syz.6.3966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d816aeb9 code=0x7ffc0000 [ 324.609739][ T29] audit: type=1326 audit(2000000930.113:6608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15100 comm="syz.6.3966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d816aeb9 code=0x7ffc0000 [ 324.615502][T15101] netlink: 83992 bytes leftover after parsing attributes in process `syz.6.3966'. [ 324.633586][ T29] audit: type=1326 audit(2000000930.123:6609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15100 comm="syz.6.3966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f15d816aeb9 code=0x7ffc0000 [ 324.645268][T15101] netlink: zone id is out of range [ 324.666272][ T29] audit: type=1326 audit(2000000930.123:6610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15100 comm="syz.6.3966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d816aeb9 code=0x7ffc0000 [ 324.671465][T15101] netlink: zone id is out of range [ 324.701961][T15101] netlink: zone id is out of range [ 324.724055][T15101] netlink: zone id is out of range [ 324.757447][T15101] netlink: set zone limit has 8 unknown bytes [ 324.877255][T15089] syz.3.3960 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=0 [ 324.891548][T15089] CPU: 1 UID: 0 PID: 15089 Comm: syz.3.3960 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 324.891583][T15089] Tainted: [W]=WARN [ 324.891590][T15089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 324.891603][T15089] Call Trace: [ 324.891608][T15089] [ 324.891618][T15089] __dump_stack+0x1d/0x30 [ 324.891680][T15089] dump_stack_lvl+0x95/0xd0 [ 324.891702][T15089] dump_stack+0x15/0x1b [ 324.891737][T15089] dump_header+0x80/0x240 [ 324.891762][T15089] oom_kill_process+0x295/0x350 [ 324.891787][T15089] out_of_memory+0x97d/0xb80 [ 324.891814][T15089] try_charge_memcg+0x62e/0xa10 [ 324.891851][T15089] obj_cgroup_charge_pages+0x23/0xc0 [ 324.891964][T15089] __memcg_kmem_charge_page+0x9e/0x170 [ 324.892010][T15089] __alloc_frozen_pages_noprof+0x18a/0x350 [ 324.892070][T15089] alloc_pages_mpol+0xb3/0x260 [ 324.892133][T15089] alloc_pages_noprof+0x8f/0x130 [ 324.892175][T15089] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 324.892288][T15089] __kvmalloc_node_noprof+0x471/0x680 [ 324.892321][T15089] ? ip_set_alloc+0x24/0x30 [ 324.892356][T15089] ? ip_set_alloc+0x24/0x30 [ 324.892397][T15089] ip_set_alloc+0x24/0x30 [ 324.892506][T15089] hash_netiface_create+0x282/0x740 [ 324.892543][T15089] ? __pfx_hash_netiface_create+0x10/0x10 [ 324.892578][T15089] ip_set_create+0x3cf/0x970 [ 324.892699][T15089] ? __nla_parse+0x40/0x60 [ 324.892738][T15089] nfnetlink_rcv_msg+0x509/0x5d0 [ 324.892834][T15089] netlink_rcv_skb+0x123/0x220 [ 324.892876][T15089] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 324.892927][T15089] nfnetlink_rcv+0x167/0x1720 [ 324.893037][T15089] ? __list_del_entry_valid_or_report+0x65/0x130 [ 324.893130][T15089] ? __rmqueue_pcplist+0x9b6/0xb80 [ 324.893322][T15089] ? _raw_spin_lock_bh+0x56/0xb0 [ 324.893380][T15089] ? should_fail_ex+0x30/0x280 [ 324.893409][T15089] ? selinux_nlmsg_lookup+0x99/0x890 [ 324.893429][T15089] ? __rcu_read_unlock+0x33/0x70 [ 324.893457][T15089] ? __netlink_lookup+0x276/0x2b0 [ 324.893527][T15089] netlink_unicast+0x5c0/0x690 [ 324.893604][T15089] netlink_sendmsg+0x5c8/0x6f0 [ 324.893634][T15089] ? __pfx_netlink_sendmsg+0x10/0x10 [ 324.893732][T15089] ____sys_sendmsg+0x5af/0x600 [ 324.893765][T15089] ___sys_sendmsg+0x195/0x1e0 [ 324.893803][T15089] __x64_sys_sendmsg+0xd4/0x160 [ 324.893828][T15089] x64_sys_call+0x17ba/0x3000 [ 324.893916][T15089] do_syscall_64+0xc0/0x2a0 [ 324.893955][T15089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.893984][T15089] RIP: 0033:0x7f04c7acaeb9 [ 324.894004][T15089] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 324.894095][T15089] RSP: 002b:00007f04c6506028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 324.894121][T15089] RAX: ffffffffffffffda RBX: 00007f04c7d46090 RCX: 00007f04c7acaeb9 [ 324.894139][T15089] RDX: 0000000000000880 RSI: 0000200000000040 RDI: 0000000000000004 [ 324.894156][T15089] RBP: 00007f04c7b38c1f R08: 0000000000000000 R09: 0000000000000000 [ 324.894197][T15089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 324.894213][T15089] R13: 00007f04c7d46128 R14: 00007f04c7d46090 R15: 00007ffcb168eeb8 [ 324.894239][T15089] [ 324.894260][T15089] memory: usage 307200kB, limit 307200kB, failcnt 4535 [ 325.212853][T15089] memory+swap: usage 374908kB, limit 9007199254740988kB, failcnt 0 [ 325.220863][T15089] kmem: usage 306208kB, limit 9007199254740988kB, failcnt 0 [ 325.228264][T15089] Memory cgroup stats for /syz3: [ 325.232445][T15089] cache 69632 [ 325.240903][T15089] rss 753664 [ 325.244146][T15089] shmem 69632 [ 325.247456][T15089] mapped_file 0 [ 325.250957][T15089] dirty 0 [ 325.253985][T15089] writeback 0 [ 325.257339][T15089] workingset_refault_anon 2563 [ 325.262230][T15089] workingset_refault_file 8175 [ 325.267131][T15089] swap 69332992 [ 325.270634][T15089] swapcached 188416 [ 325.274449][T15089] pgpgin 455957 [ 325.277935][T15089] pgpgout 455709 [ 325.281564][T15089] pgfault 341070 [ 325.285201][T15089] pgmajfault 411 [ 325.288783][T15089] inactive_anon 0 [ 325.292476][T15089] active_anon 1011712 [ 325.296496][T15089] inactive_file 0 [ 325.300206][T15089] active_file 4096 [ 325.303947][T15089] unevictable 0 [ 325.307444][T15089] hierarchical_memory_limit 314572800 [ 325.312918][T15089] hierarchical_memsw_limit 9223372036854771712 [ 325.319145][T15089] total_cache 69632 [ 325.323009][T15089] total_rss 753664 [ 325.326762][T15089] total_shmem 69632 [ 325.330612][T15089] total_mapped_file 0 [ 325.334612][T15089] total_dirty 0 [ 325.338079][T15089] total_writeback 0 [ 325.341956][T15089] total_workingset_refault_anon 2563 [ 325.347347][T15089] total_workingset_refault_file 8175 [ 325.352689][T15089] total_swap 69332992 [ 325.356690][T15089] total_swapcached 188416 [ 325.361058][T15089] total_pgpgin 455957 [ 325.365065][T15089] total_pgpgout 455709 [ 325.369186][T15089] total_pgfault 341070 [ 325.373292][T15089] total_pgmajfault 411 [ 325.377376][T15089] total_inactive_anon 0 [ 325.381630][T15089] total_active_anon 1011712 [ 325.386149][T15089] total_inactive_file 0 [ 325.390403][T15089] total_active_file 4096 [ 325.394657][T15089] total_unevictable 0 [ 325.398673][T15089] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.3960,pid=15081,uid=0 [ 325.413697][T15089] Memory cgroup out of memory: Killed process 15081 (syz.3.3960) total-vm:94264kB, anon-rss:1332kB, file-rss:22152kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:0 [ 326.441444][T15138] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3974'. [ 326.445903][T15142] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15142 comm=syz.3.3978 [ 326.450585][T15138] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3974'. [ 326.745558][T15156] ip6_vti0 speed is unknown, defaulting to 1000 [ 327.362096][T15169] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3986'. [ 327.470037][T15170] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3986'. [ 327.546618][T15172] lo speed is unknown, defaulting to 1000 [ 327.553033][T15172] lo speed is unknown, defaulting to 1000 [ 327.559038][T15172] lo speed is unknown, defaulting to 1000 [ 327.604073][T15172] infiniband syz1: set down [ 327.608750][T15172] infiniband syz1: added lo [ 327.613383][ T5053] lo speed is unknown, defaulting to 1000 [ 327.641092][T15172] RDS/IB: syz1: added [ 327.660713][T15172] smc: adding ib device syz1 with port count 1 [ 327.677932][T15172] smc: ib device syz1 port 1 has no pnetid [ 327.685315][ T3394] lo speed is unknown, defaulting to 1000 [ 327.700743][T15172] lo speed is unknown, defaulting to 1000 [ 327.746932][T15172] lo speed is unknown, defaulting to 1000 [ 327.792881][T15172] lo speed is unknown, defaulting to 1000 [ 327.823605][T15182] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15182 comm=syz.3.3989 [ 327.842236][T15172] lo speed is unknown, defaulting to 1000 [ 327.868082][T15181] geneve2: entered promiscuous mode [ 327.873498][T15181] geneve2: entered allmulticast mode [ 327.890731][T15172] lo speed is unknown, defaulting to 1000 [ 327.907921][T15189] futex_wake_op: syz.3.3994 tries to shift op by 32; fix this program [ 328.053926][T15198] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3997'. [ 328.748453][T15207] ip6_vti0 speed is unknown, defaulting to 1000 [ 328.794405][T15207] lo speed is unknown, defaulting to 1000 [ 329.200427][T15202] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3997'. [ 329.287730][T15211] netlink: 'syz.4.4000': attribute type 1 has an invalid length. [ 329.324092][T15214] netlink: 148 bytes leftover after parsing attributes in process `syz.4.4001'. [ 329.411043][T15216] netlink: 148 bytes leftover after parsing attributes in process `syz.2.3999'. [ 329.989755][T15227] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15227 comm=syz.3.4004 [ 330.502905][T15236] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4008'. [ 330.520092][ T29] kauditd_printk_skb: 45 callbacks suppressed [ 330.526397][ T29] audit: type=1326 audit(2000000936.153:6656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.3.4005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04c7acaeb9 code=0x7ffc0000 [ 330.550090][ T29] audit: type=1326 audit(2000000936.153:6657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.3.4005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04c7acaeb9 code=0x7ffc0000 [ 330.623697][ T29] audit: type=1326 audit(2000000936.243:6658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.3.4005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f04c7acaeb9 code=0x7ffc0000 [ 330.647560][ T29] audit: type=1326 audit(2000000936.243:6659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.3.4005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04c7acaeb9 code=0x7ffc0000 [ 330.671212][ T29] audit: type=1326 audit(2000000936.243:6660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.3.4005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04c7acaeb9 code=0x7ffc0000 [ 330.740737][ T29] audit: type=1400 audit(2000000936.353:6661): avc: denied { checkpoint_restore } for pid=15235 comm="syz.1.4008" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 330.762927][ T29] audit: type=1326 audit(2000000936.373:6662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.3.4005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f04c7acaeb9 code=0x7ffc0000 [ 330.786524][ T29] audit: type=1326 audit(2000000936.373:6663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.3.4005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04c7acaeb9 code=0x7ffc0000 [ 330.810174][ T29] audit: type=1326 audit(2000000936.373:6664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.3.4005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04c7acaeb9 code=0x7ffc0000 [ 330.833744][ T29] audit: type=1326 audit(2000000936.373:6665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.3.4005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f04c7acaeb9 code=0x7ffc0000 [ 330.912295][T15252] Cannot find add_set index 0 as target [ 330.942827][T15255] netlink: 148 bytes leftover after parsing attributes in process `syz.1.4012'. [ 331.253388][T15267] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15267 comm=syz.3.4015 [ 331.439984][T15273] netlink: 'syz.3.4017': attribute type 1 has an invalid length. [ 331.467452][T15273] 8021q: adding VLAN 0 to HW filter on device bond20 [ 331.476389][T15279] netlink: 148 bytes leftover after parsing attributes in process `syz.6.4021'. [ 331.549522][T15286] netlink: 148 bytes leftover after parsing attributes in process `syz.1.4023'. [ 332.144126][T15273] 8021q: adding VLAN 0 to HW filter on device bond20 [ 332.151726][T15273] bond20: (slave vxcan1): The slave device specified does not support setting the MAC address [ 332.172667][T15273] bond20: (slave vxcan1): Error -95 calling set_mac_address [ 332.562021][T15298] gretap2: entered promiscuous mode [ 332.569070][T15298] bond20: (slave gretap2): making interface the new active one [ 332.610946][T15298] bond20: (slave gretap2): Enslaving as an active interface with an up link [ 332.631663][T15289] syz.4.4031 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 332.639901][T15303] macvlan3: entered promiscuous mode [ 332.641358][T15289] CPU: 1 UID: 0 PID: 15289 Comm: syz.4.4031 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 332.641529][T15289] Tainted: [W]=WARN [ 332.641592][T15289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 332.641634][T15289] Call Trace: [ 332.641654][T15289] [ 332.641742][T15289] __dump_stack+0x1d/0x30 [ 332.641825][T15289] dump_stack_lvl+0x95/0xd0 [ 332.641930][T15289] dump_stack+0x15/0x1b [ 332.642006][T15289] dump_header+0x80/0x240 [ 332.642092][T15289] oom_kill_process+0x295/0x350 [ 332.642185][T15289] out_of_memory+0x97d/0xb80 [ 332.642278][T15289] try_charge_memcg+0x62e/0xa10 [ 332.642398][T15289] __mem_cgroup_charge+0x65/0x150 [ 332.642516][T15289] handle_mm_fault+0x1140/0x3030 [ 332.642647][T15289] ? _raw_spin_lock+0x52/0xa0 [ 332.642764][T15289] ? __pte_offset_map_lock+0x1d9/0x240 [ 332.642909][T15289] __get_user_pages+0x1023/0x1ea0 [ 332.643146][T15289] __mm_populate+0x242/0x390 [ 332.643197][T15289] vm_mmap_pgoff+0x23b/0x2d0 [ 332.643262][T15289] ksys_mmap_pgoff+0xc1/0x310 [ 332.643352][T15289] ? __x64_sys_mmap+0x49/0x70 [ 332.643521][T15289] x64_sys_call+0x16bb/0x3000 [ 332.643632][T15289] do_syscall_64+0xc0/0x2a0 [ 332.643737][T15289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.643819][T15289] RIP: 0033:0x7f63625daeb9 [ 332.643878][T15289] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 332.643966][T15289] RSP: 002b:00007f6361016028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 332.644087][T15289] RAX: ffffffffffffffda RBX: 00007f6362856090 RCX: 00007f63625daeb9 [ 332.644132][T15289] RDX: 000000000300000f RSI: 0000000000b36000 RDI: 0000200000000000 [ 332.644244][T15289] RBP: 00007f6362648c1f R08: ffffffffffffffff R09: 0000000000000000 [ 332.644303][T15289] R10: 20c44fb6edc09a38 R11: 0000000000000246 R12: 0000000000000000 [ 332.644385][T15289] R13: 00007f6362856128 R14: 00007f6362856090 R15: 00007ffe9c2eb8b8 [ 332.644465][T15289] [ 332.644487][T15289] memory: usage 307200kB, limit 307200kB, failcnt 3115 [ 332.646716][T15303] macvlan3: entered allmulticast mode [ 332.658083][T15289] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 332.658100][T15289] kmem: usage 305444kB, limit 9007199254740988kB, failcnt 0 [ 332.658128][T15289] Memory cgroup stats for [ 332.701678][T15303] bond20: entered promiscuous mode [ 332.705515][T15289] /syz4 [ 332.712521][T15303] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 332.715565][T15289] : [ 332.893411][T15303] bond20: (slave macvlan3): the slave hw address is in use by the bond; giving it the hw address of gretap2 [ 332.893585][T15289] cache 139264 [ 332.910862][T15289] rss 1630208 [ 332.914147][T15289] shmem 139264 [ 332.917519][T15289] mapped_file 0 [ 332.921014][T15289] dirty 0 [ 332.923972][T15289] writeback 0 [ 332.927293][T15289] workingset_refault_anon 623 [ 332.932143][T15289] workingset_refault_file 7940 [ 332.936941][T15289] swap 0 [ 332.939793][T15289] swapcached 28672 [ 332.943590][T15289] pgpgin 445221 [ 332.947067][T15289] pgpgout 444782 [ 332.950652][T15289] pgfault 361671 [ 332.954214][T15289] pgmajfault 237 [ 332.957755][T15289] inactive_anon 491520 [ 332.961861][T15289] active_anon 438272 [ 332.965828][T15289] inactive_file 868352 [ 332.969891][T15289] active_file 0 [ 332.973407][T15289] unevictable 0 [ 332.976875][T15289] hierarchical_memory_limit 314572800 [ 332.982386][T15289] hierarchical_memsw_limit 9223372036854771712 [ 332.988584][T15289] total_cache 139264 [ 332.992538][T15289] total_rss 1630208 [ 332.996426][T15289] total_shmem 139264 [ 333.000399][T15289] total_mapped_file 0 [ 333.004398][T15289] total_dirty 0 [ 333.007856][T15289] total_writeback 0 [ 333.011698][T15289] total_workingset_refault_anon 623 [ 333.016903][T15289] total_workingset_refault_file 7940 [ 333.022224][T15289] total_swap 0 [ 333.025622][T15289] total_swapcached 28672 [ 333.029991][T15289] total_pgpgin 445221 [ 333.034138][T15289] total_pgpgout 444782 [ 333.038224][T15289] total_pgfault 361671 [ 333.042467][T15289] total_pgmajfault 237 [ 333.046547][T15289] total_inactive_anon 491520 [ 333.051206][T15289] total_active_anon 438272 [ 333.055636][T15289] total_inactive_file 868352 [ 333.060264][T15289] total_active_file 0 [ 333.064280][T15289] total_unevictable 0 [ 333.068261][T15289] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.4031,pid=15284,uid=0 [ 333.083238][T15289] Memory cgroup out of memory: Killed process 15284 (syz.4.4031) total-vm:94132kB, anon-rss:2264kB, file-rss:22156kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:0 [ 333.122759][T15303] bond20: left promiscuous mode [ 333.416790][T15319] netlink: 148 bytes leftover after parsing attributes in process `syz.4.4033'. [ 333.502346][T15330] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15330 comm=syz.3.4037 [ 333.592943][T15337] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4035'. [ 333.841972][T15348] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4042'. [ 333.851892][T15348] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15348 comm=syz.3.4042 [ 333.933441][T15354] netlink: 148 bytes leftover after parsing attributes in process `syz.3.4045'. [ 333.960006][T15356] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4046'. [ 334.051072][T15362] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15362 comm=syz.1.4048 [ 334.181274][T15373] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4053'. [ 334.191376][T15373] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15373 comm=syz.3.4053 [ 334.359222][T15384] rdma_rxe: rxe_newlink: failed to add lo [ 334.400844][T15388] xt_CT: No such helper "snmp_trap" [ 334.446491][T15394] netlink: 148 bytes leftover after parsing attributes in process `syz.6.4061'. [ 334.881799][T15423] netlink: 68 bytes leftover after parsing attributes in process `syz.2.4072'. [ 334.928718][T15423] IPVS: set_ctl: invalid protocol: 136 172.30.1.3:20003 [ 335.021416][T15433] netlink: 148 bytes leftover after parsing attributes in process `syz.1.4075'. [ 335.260396][T15444] bridge0: port 1(gretap0) entered blocking state [ 335.267146][T15444] bridge0: port 1(gretap0) entered disabled state [ 335.273901][T15444] gretap0: entered allmulticast mode [ 335.280529][T15444] gretap0: entered promiscuous mode [ 336.300677][T15475] netlink: 148 bytes leftover after parsing attributes in process `syz.4.4087'. [ 337.299216][T15499] netlink: 'syz.4.4095': attribute type 1 has an invalid length. [ 337.315324][T15499] 8021q: adding VLAN 0 to HW filter on device bond20 [ 337.335818][T15499] macsec2: entered promiscuous mode [ 337.341124][T15499] bond20: entered promiscuous mode [ 337.346370][T15499] macsec2: entered allmulticast mode [ 337.351739][T15499] bond20: entered allmulticast mode [ 337.389658][T15499] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 337.551670][T15511] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15511 comm=syz.4.4099 [ 337.586152][T15513] ip6_vti0 speed is unknown, defaulting to 1000 [ 337.626490][T15513] lo speed is unknown, defaulting to 1000 [ 338.375766][ T29] kauditd_printk_skb: 687 callbacks suppressed [ 338.375786][ T29] audit: type=1400 audit(2000000944.013:7353): avc: denied { map } for pid=15539 comm="syz.1.4110" path="socket:[55515]" dev="sockfs" ino=55515 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 338.481524][T15550] __nla_validate_parse: 8 callbacks suppressed [ 338.481545][T15550] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4110'. [ 338.505149][T15550] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15550 comm=syz.1.4110 [ 338.694873][T15554] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4108'. [ 338.864494][T15562] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15562 comm=syz.3.4111 [ 338.996871][T15566] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15566 comm=syz.1.4112 [ 339.242840][T15576] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4115'. [ 339.613491][T15591] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 339.871197][T15606] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4127'. [ 339.905199][T15610] netlink: 148 bytes leftover after parsing attributes in process `syz.1.4129'. [ 339.948645][ T29] audit: type=1326 audit(2000000945.583:7354): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15611 comm="syz.3.4128" exe="/root/syz-executor" sig=9 arch=c000003e syscall=39 compat=0 ip=0x7f04c7ac4cd7 code=0x0 [ 340.000899][T15615] netlink: 'syz.1.4130': attribute type 11 has an invalid length. [ 340.008805][T15615] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4130'. [ 340.320220][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 340.426600][ T29] audit: type=1326 audit(2000000946.053:7355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15632 comm="syz.1.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 340.450168][ T29] audit: type=1326 audit(2000000946.053:7356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15632 comm="syz.1.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 340.473732][ T29] audit: type=1326 audit(2000000946.063:7357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15632 comm="syz.1.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 340.497305][ T29] audit: type=1326 audit(2000000946.063:7358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15632 comm="syz.1.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 340.522015][ T29] audit: type=1326 audit(2000000946.063:7359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15632 comm="syz.1.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 340.545559][ T29] audit: type=1326 audit(2000000946.063:7360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15632 comm="syz.1.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 340.569167][ T29] audit: type=1326 audit(2000000946.063:7361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15632 comm="syz.1.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 340.592715][ T29] audit: type=1326 audit(2000000946.123:7362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15632 comm="syz.1.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 340.797097][T15636] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4134'. [ 340.806260][T15636] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4134'. [ 340.864959][T15647] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4141'. [ 340.895632][T15644] bridge8: entered promiscuous mode [ 341.257406][T15660] rdma_rxe: rxe_newlink: failed to add lo [ 341.360179][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 341.431955][T15662] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4146'. [ 341.515487][T15665] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 341.795868][T15680] netlink: 'syz.3.4152': attribute type 2 has an invalid length. [ 342.410303][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 342.878072][T15692] syz.2.4157 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=0 [ 342.892162][T15692] CPU: 1 UID: 0 PID: 15692 Comm: syz.2.4157 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 342.892209][T15692] Tainted: [W]=WARN [ 342.892227][T15692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 342.892246][T15692] Call Trace: [ 342.892254][T15692] [ 342.892264][T15692] __dump_stack+0x1d/0x30 [ 342.892291][T15692] dump_stack_lvl+0x95/0xd0 [ 342.892324][T15692] dump_stack+0x15/0x1b [ 342.892352][T15692] dump_header+0x80/0x240 [ 342.892380][T15692] oom_kill_process+0x295/0x350 [ 342.892414][T15692] out_of_memory+0x97d/0xb80 [ 342.892453][T15692] try_charge_memcg+0x62e/0xa10 [ 342.892540][T15692] obj_cgroup_charge_pages+0x23/0xc0 [ 342.892575][T15692] __memcg_kmem_charge_page+0x9e/0x170 [ 342.892608][T15692] __alloc_frozen_pages_noprof+0x18a/0x350 [ 342.892651][T15692] alloc_pages_mpol+0xb3/0x260 [ 342.892730][T15692] alloc_pages_noprof+0x8f/0x130 [ 342.892851][T15692] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 342.892939][T15692] __kvmalloc_node_noprof+0x471/0x680 [ 342.892978][T15692] ? ip_set_alloc+0x24/0x30 [ 342.893010][T15692] ? ip_set_alloc+0x24/0x30 [ 342.893128][T15692] ip_set_alloc+0x24/0x30 [ 342.893166][T15692] hash_netiface_create+0x282/0x740 [ 342.893201][T15692] ? __pfx_hash_netiface_create+0x10/0x10 [ 342.893241][T15692] ip_set_create+0x3cf/0x970 [ 342.893368][T15692] ? __nla_parse+0x40/0x60 [ 342.893407][T15692] nfnetlink_rcv_msg+0x509/0x5d0 [ 342.893473][T15692] netlink_rcv_skb+0x123/0x220 [ 342.893564][T15692] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 342.893614][T15692] nfnetlink_rcv+0x167/0x1720 [ 342.893659][T15692] ? event_sched_in+0xebd/0xf90 [ 342.893754][T15692] ? __list_add_valid_or_report+0x38/0xe0 [ 342.893784][T15692] ? merge_sched_in+0x5db/0xbe0 [ 342.893816][T15692] ? rb_next+0x5c/0x80 [ 342.893849][T15692] ? visit_groups_merge+0xf7e/0xfd0 [ 342.893878][T15692] ? event_sched_out+0x896/0x8f0 [ 342.893996][T15692] ? _raw_spin_lock_bh+0x56/0xb0 [ 342.894120][T15692] ? should_fail_ex+0x30/0x280 [ 342.894163][T15692] ? selinux_nlmsg_lookup+0x99/0x890 [ 342.894206][T15692] ? __rcu_read_unlock+0x33/0x70 [ 342.894289][T15692] ? __netlink_lookup+0x276/0x2b0 [ 342.894313][T15692] netlink_unicast+0x5c0/0x690 [ 342.894409][T15692] netlink_sendmsg+0x5c8/0x6f0 [ 342.894440][T15692] ? __pfx_netlink_sendmsg+0x10/0x10 [ 342.894460][T15692] ____sys_sendmsg+0x5af/0x600 [ 342.894485][T15692] ___sys_sendmsg+0x195/0x1e0 [ 342.894587][T15692] __x64_sys_sendmsg+0xd4/0x160 [ 342.894613][T15692] x64_sys_call+0x17ba/0x3000 [ 342.894708][T15692] do_syscall_64+0xc0/0x2a0 [ 342.894747][T15692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.894781][T15692] RIP: 0033:0x7f4bdc06aeb9 [ 342.894885][T15692] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 342.894942][T15692] RSP: 002b:00007f4bdaac7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 342.894963][T15692] RAX: ffffffffffffffda RBX: 00007f4bdc2e5fa0 RCX: 00007f4bdc06aeb9 [ 342.894978][T15692] RDX: 0000000000000880 RSI: 0000200000000040 RDI: 0000000000000005 [ 342.894992][T15692] RBP: 00007f4bdc0d8c1f R08: 0000000000000000 R09: 0000000000000000 [ 342.895100][T15692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 342.895116][T15692] R13: 00007f4bdc2e6038 R14: 00007f4bdc2e5fa0 R15: 00007ffc43d56068 [ 342.895145][T15692] [ 342.895154][T15692] memory: usage 307200kB, limit 307200kB, failcnt 1794 [ 343.232263][T15692] memory+swap: usage 363580kB, limit 9007199254740988kB, failcnt 0 [ 343.240222][T15692] kmem: usage 294912kB, limit 9007199254740988kB, failcnt 0 [ 343.247595][T15692] Memory cgroup stats for /syz2: [ 343.260165][T15692] cache 9355264 [ 343.268613][T15692] rss 2588672 [ 343.271959][T15692] shmem 9351168 [ 343.275445][T15692] mapped_file 0 [ 343.278929][T15692] dirty 0 [ 343.282173][T15692] writeback 0 [ 343.285573][T15692] workingset_refault_anon 2498 [ 343.290389][T15692] workingset_refault_file 15827 [ 343.295291][T15692] swap 57733120 [ 343.298824][T15692] swapcached 626688 [ 343.302691][T15692] pgpgin 506062 [ 343.306161][T15692] pgpgout 502990 [ 343.309722][T15692] pgfault 366396 [ 343.313328][T15692] pgmajfault 417 [ 343.316884][T15692] inactive_anon 466944 [ 343.321004][T15692] active_anon 10203136 [ 343.325175][T15692] inactive_file 1912832 [ 343.329347][T15692] active_file 0 [ 343.332868][T15692] unevictable 0 [ 343.336343][T15692] hierarchical_memory_limit 314572800 [ 343.341805][T15692] hierarchical_memsw_limit 9223372036854771712 [ 343.347978][T15692] total_cache 9355264 [ 343.352030][T15692] total_rss 2588672 [ 343.355986][T15692] total_shmem 9351168 [ 343.359985][T15692] total_mapped_file 0 [ 343.364540][T15692] total_dirty 0 [ 343.368029][T15692] total_writeback 0 [ 343.375754][T15692] total_workingset_refault_anon 2498 [ 343.381085][T15692] total_workingset_refault_file 15827 [ 343.386625][T15692] total_swap 57733120 [ 343.390652][T15692] total_swapcached 626688 [ 343.395004][T15692] total_pgpgin 506062 [ 343.399004][T15692] total_pgpgout 502990 [ 343.403137][T15692] total_pgfault 366396 [ 343.407231][T15692] total_pgmajfault 417 [ 343.411347][T15692] total_inactive_anon 466944 [ 343.415989][T15692] total_active_anon 10203136 [ 343.420628][T15692] total_inactive_file 1912832 [ 343.425325][T15692] total_active_file 0 [ 343.429339][T15692] total_unevictable 0 [ 343.433378][T15692] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.121,pid=3926,uid=0 [ 343.448321][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 343.455297][T15692] Memory cgroup out of memory: Killed process 3926 (syz.2.121) total-vm:96180kB, anon-rss:1244kB, file-rss:20736kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000 [ 343.533477][T15714] bond1: (slave ip6gretap1): Removing an active aggregator [ 343.541111][T15714] bond1: (slave ip6gretap1): Releasing backup interface [ 343.549959][T15714] ip6gretap1: left allmulticast mode [ 343.557845][T15714] bond3: (slave ip6gretap2): Releasing active interface [ 343.566533][T15714] bond1: (slave veth9): Releasing backup interface [ 343.574594][T15714] veth9: left allmulticast mode [ 343.584990][T15714] bond1: (slave veth11): Releasing backup interface [ 343.592560][T15714] veth11: left allmulticast mode [ 343.604262][T15714] bond5: (slave gretap1): Releasing active interface [ 343.723304][T15718] __nla_validate_parse: 2 callbacks suppressed [ 343.723325][T15718] netlink: 176 bytes leftover after parsing attributes in process `syz.1.4165'. [ 344.474999][T15691] syz.2.4157 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 344.486060][T15691] CPU: 0 UID: 0 PID: 15691 Comm: syz.2.4157 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 344.486137][T15691] Tainted: [W]=WARN [ 344.486146][T15691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 344.486177][T15691] Call Trace: [ 344.486184][T15691] [ 344.486194][T15691] __dump_stack+0x1d/0x30 [ 344.486227][T15691] dump_stack_lvl+0x95/0xd0 [ 344.486268][T15691] dump_stack+0x15/0x1b [ 344.486296][T15691] dump_header+0x80/0x240 [ 344.486325][T15691] oom_kill_process+0x295/0x350 [ 344.486436][T15691] out_of_memory+0x97d/0xb80 [ 344.486513][T15691] try_charge_memcg+0x62e/0xa10 [ 344.486555][T15691] __mem_cgroup_charge+0x65/0x150 [ 344.486703][T15691] filemap_add_folio+0x110/0x350 [ 344.486736][T15691] __filemap_get_folio_mpol+0x326/0x680 [ 344.486778][T15691] filemap_fault+0x473/0xbb0 [ 344.486940][T15691] ? css_rstat_updated+0xbb/0x280 [ 344.486977][T15691] ? balance_dirty_pages_ratelimited_flags+0x420/0x800 [ 344.487089][T15691] __do_fault+0xbc/0x200 [ 344.487117][T15691] handle_mm_fault+0x11d7/0x3030 [ 344.487166][T15691] ? vma_start_read+0x1c7/0x2c0 [ 344.487228][T15691] do_user_addr_fault+0x62f/0x1050 [ 344.487263][T15691] ? fpregs_assert_state_consistent+0xb3/0xe0 [ 344.487315][T15691] ? arch_exit_to_user_mode_prepare+0x26/0x80 [ 344.487378][T15691] ? irqentry_exit+0x3c/0x510 [ 344.487481][T15691] exc_page_fault+0x62/0xa0 [ 344.487516][T15691] asm_exc_page_fault+0x26/0x30 [ 344.487602][T15691] RIP: 0033:0x7f4bdbf3cf04 [ 344.487624][T15691] Code: 01 00 00 4d 39 f7 73 9a 0f b7 45 00 4c 8b 43 28 4d 89 fa 48 89 44 24 18 49 89 c3 41 8b 02 4c 89 c7 48 29 c7 49 89 c5 4c 01 ff <66> 44 3b 1f 75 56 48 8b 54 24 18 48 89 ee 4c 89 44 24 10 4c 89 54 [ 344.487697][T15691] RSP: 002b:00007ffc43d560b0 EFLAGS: 00010212 [ 344.487716][T15691] RAX: 000000000000001a RBX: 00007f4bdce15720 RCX: 00000000000040da [ 344.487761][T15691] RDX: 0000001b33d1ff2e RSI: 0000001b33924230 RDI: 0000001b33d23fe6 [ 344.487780][T15691] RBP: 0000001b33d1ff26 R08: 00000000003ffde8 R09: 00007f4bdc2e6128 [ 344.487799][T15691] R10: 0000001b33924218 R11: 000000000000000a R12: 00000000000040d0 [ 344.487845][T15691] R13: 000000000000001a R14: 0000001b33924220 R15: 0000001b33924218 [ 344.487874][T15691] [ 344.487925][T15691] memory: usage 307200kB, limit 307200kB, failcnt 2009 [ 344.490347][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 344.499358][T15691] memory+swap: usage 363456kB, limit 9007199254740988kB, failcnt 0 [ 344.499380][T15691] kmem: usage 294980kB, limit 9007199254740988kB, failcnt 0 [ 344.499397][T15691] Memory cgroup stats for /syz2: [ 344.559699][T15691] cache 9355264 [ 344.746826][T15691] rss 2490368 [ 344.750173][T15691] shmem 9351168 [ 344.753645][T15691] mapped_file 0 [ 344.757211][T15691] dirty 0 [ 344.760212][T15691] writeback 0 [ 344.763523][T15691] workingset_refault_anon 2498 [ 344.768292][T15691] workingset_refault_file 15919 [ 344.773226][T15691] swap 57606144 [ 344.776803][T15691] swapcached 655360 [ 344.780695][T15691] pgpgin 506156 [ 344.784176][T15691] pgpgout 503101 [ 344.787736][T15691] pgfault 366407 [ 344.791479][T15691] pgmajfault 423 [ 344.795076][T15691] inactive_anon 770048 [ 344.799287][T15691] active_anon 9830400 [ 344.803331][T15691] inactive_file 1912832 [ 344.807500][T15691] active_file 0 [ 344.811014][T15691] unevictable 0 [ 344.814489][T15691] hierarchical_memory_limit 314572800 [ 344.819868][T15691] hierarchical_memsw_limit 9223372036854771712 [ 344.826082][T15691] total_cache 9355264 [ 344.830080][T15691] total_rss 2490368 [ 344.833938][T15691] total_shmem 9351168 [ 344.837936][T15691] total_mapped_file 0 [ 344.842033][T15691] total_dirty 0 [ 344.845517][T15691] total_writeback 0 [ 344.849350][T15691] total_workingset_refault_anon 2498 [ 344.854723][T15691] total_workingset_refault_file 15919 [ 344.860141][T15691] total_swap 57606144 [ 344.864143][T15691] total_swapcached 655360 [ 344.868492][T15691] total_pgpgin 506156 [ 344.872534][T15691] total_pgpgout 503101 [ 344.876690][T15691] total_pgfault 366407 [ 344.880844][T15691] total_pgmajfault 423 [ 344.884930][T15691] total_inactive_anon 770048 [ 344.889579][T15691] total_active_anon 9830400 [ 344.894177][T15691] total_inactive_file 1912832 [ 344.898878][T15691] total_active_file 0 [ 344.902911][T15691] total_unevictable 0 [ 344.906913][T15691] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.4157,pid=15691,uid=0 [ 344.921909][T15691] Memory cgroup out of memory: Killed process 15691 (syz.2.4157) total-vm:94264kB, anon-rss:3384kB, file-rss:22332kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:0 [ 344.941971][T15727] ip6_vti0 speed is unknown, defaulting to 1000 [ 345.029827][T15727] lo speed is unknown, defaulting to 1000 [ 345.138229][T15732] netlink: 'syz.3.4169': attribute type 1 has an invalid length. [ 345.165054][T15732] 8021q: adding VLAN 0 to HW filter on device bond21 [ 345.194152][T15732] macvlan3: entered promiscuous mode [ 345.222618][T15732] bond21: entered promiscuous mode [ 345.233255][T15732] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 345.272311][T15732] bond21: left promiscuous mode [ 345.448578][T15747] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4172'. [ 345.467323][T15747] netlink: 29 bytes leftover after parsing attributes in process `syz.2.4172'. [ 345.531491][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 345.598555][T15751] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4177'. [ 345.636210][T15751] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4177'. [ 345.678349][T15757] netlink: 148 bytes leftover after parsing attributes in process `syz.3.4179'. [ 345.691496][ T29] kauditd_printk_skb: 217 callbacks suppressed [ 345.691513][ T29] audit: type=1326 audit(2000000951.333:7580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15758 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bdc06aeb9 code=0x7ffc0000 [ 345.722097][ T29] audit: type=1326 audit(2000000951.363:7581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15758 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4bdc06aeb9 code=0x7ffc0000 [ 345.746234][ T29] audit: type=1326 audit(2000000951.393:7582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15758 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bdc06aeb9 code=0x7ffc0000 [ 345.769969][ T29] audit: type=1326 audit(2000000951.413:7583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15758 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4bdc06aeb9 code=0x7ffc0000 [ 345.794326][ T29] audit: type=1326 audit(2000000951.433:7584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15758 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bdc06aeb9 code=0x7ffc0000 [ 345.818525][ T29] audit: type=1326 audit(2000000951.463:7585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15758 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f4bdc06aeb9 code=0x7ffc0000 [ 345.842517][ T29] audit: type=1326 audit(2000000951.483:7586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15758 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bdc06aeb9 code=0x7ffc0000 [ 345.866599][ T29] audit: type=1326 audit(2000000951.513:7587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15758 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4bdc06aeb9 code=0x7ffc0000 [ 345.890677][ T29] audit: type=1326 audit(2000000951.533:7588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15758 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bdc06aeb9 code=0x7ffc0000 [ 345.915152][ T29] audit: type=1326 audit(2000000951.553:7589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15758 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4bdc06aeb9 code=0x7ffc0000 [ 345.977169][T15764] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4181'. [ 345.990357][T15764] batman_adv: batadv0: Adding interface: macvtap1 [ 345.996883][T15764] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 346.022604][T15764] batman_adv: batadv0: Not using interface macvtap1 (retrying later): interface not active [ 346.570195][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 346.792168][T15788] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4189'. [ 346.831986][T15788] netlink: 29 bytes leftover after parsing attributes in process `syz.3.4189'. [ 347.478370][T15802] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4192'. [ 347.507491][T15802] ip6_vti0 speed is unknown, defaulting to 1000 [ 347.563444][T15802] lo speed is unknown, defaulting to 1000 [ 347.600262][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 348.650177][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 348.854810][T15832] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15832 comm=syz.1.4203 [ 349.200342][T15843] geneve2: entered promiscuous mode [ 349.211465][T13739] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 51093 - 0 [ 349.231403][T13739] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 51093 - 0 [ 349.239732][T13739] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 51093 - 0 [ 349.270191][T13739] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 51093 - 0 [ 349.528840][T15841] __nla_validate_parse: 3 callbacks suppressed [ 349.528860][T15841] netlink: 148 bytes leftover after parsing attributes in process `syz.2.4200'. [ 349.690173][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 349.733580][T15847] siw: device registration error -23 [ 349.784766][T15853] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4210'. [ 349.884976][T15865] netlink: 'syz.6.4215': attribute type 1 has an invalid length. [ 349.899469][T15865] 8021q: adding VLAN 0 to HW filter on device bond14 [ 349.910577][T15865] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15865 comm=syz.6.4215 [ 350.055129][T15876] ip6_vti0 speed is unknown, defaulting to 1000 [ 350.112055][T15876] lo speed is unknown, defaulting to 1000 [ 350.455961][T15891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4222'. [ 350.722127][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 350.736578][T15898] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4224'. [ 350.752926][T15898] 8021q: adding VLAN 0 to HW filter on device bond15 [ 350.762893][T15898] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4224'. [ 350.771897][T15898] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4224'. [ 350.781898][T15898] bond0: left promiscuous mode [ 350.786718][T15898] bridge6: left promiscuous mode [ 350.792012][T15898] bond0: left allmulticast mode [ 350.796999][T15898] bridge6: left allmulticast mode [ 350.803701][T15898] 8021q: adding VLAN 0 to HW filter on device bond0 [ 350.812420][T15898] bond15: (slave bond0): Enslaving as an active interface with an up link [ 350.825883][ T29] kauditd_printk_skb: 170 callbacks suppressed [ 350.825902][ T29] audit: type=1326 audit(2000000956.463:7760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15896 comm="syz.1.4225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 350.883832][ T29] audit: type=1326 audit(2000000956.493:7761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15896 comm="syz.1.4225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 350.907400][ T29] audit: type=1326 audit(2000000956.493:7762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15896 comm="syz.1.4225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb5653dac22 code=0x7ffc0000 [ 350.930756][ T29] audit: type=1326 audit(2000000956.513:7763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15896 comm="syz.1.4225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb56539b78e code=0x7ffc0000 [ 351.003180][ T29] audit: type=1400 audit(2000000956.603:7764): avc: denied { mount } for pid=15895 comm="syz.2.4224" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 351.025639][ T29] audit: type=1326 audit(2000000956.613:7765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15896 comm="syz.1.4225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fb5653dace7 code=0x7ffc0000 [ 351.049186][ T29] audit: type=1326 audit(2000000956.613:7766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15896 comm="syz.1.4225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb56539b78e code=0x7ffc0000 [ 351.072780][ T29] audit: type=1326 audit(2000000956.623:7767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15896 comm="syz.1.4225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fb56539b78e code=0x7ffc0000 [ 351.096176][ T29] audit: type=1326 audit(2000000956.633:7768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15896 comm="syz.1.4225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 351.119760][ T29] audit: type=1326 audit(2000000956.633:7769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15896 comm="syz.1.4225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 351.152063][T15905] netlink: 'syz.3.4226': attribute type 1 has an invalid length. [ 351.216020][T15905] 8021q: adding VLAN 0 to HW filter on device bond22 [ 351.248965][T15913] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4228'. [ 351.259702][T15905] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15905 comm=syz.3.4226 [ 351.649069][T15932] netlink: 164 bytes leftover after parsing attributes in process `syz.1.4233'. [ 351.699845][T15935] netlink: 14 bytes leftover after parsing attributes in process `syz.1.4233'. [ 351.750670][T15937] 9p: Bad value for 'wfdno' [ 351.760170][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 351.816364][T15939] netlink: 164 bytes leftover after parsing attributes in process `syz.1.4236'. [ 352.336069][T15974] ref_ctr_offset mismatch. inode: 0x11db offset: 0x0 ref_ctr_offset(old): 0x82 ref_ctr_offset(new): 0x0 [ 352.741849][T15992] netlink: zone id is out of range [ 352.747336][T15992] netlink: zone id is out of range [ 352.754545][T15992] netlink: zone id is out of range [ 352.764512][T15992] netlink: del zone limit has 8 unknown bytes [ 352.802464][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 352.893953][T16001] netlink: 'syz.6.4254': attribute type 6 has an invalid length. [ 353.510087][T16019] bond20: left allmulticast mode [ 353.515268][T16019] bond20: left promiscuous mode [ 353.850245][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 354.605819][T16033] syz.1.4264 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=0 [ 354.619884][T16033] CPU: 0 UID: 0 PID: 16033 Comm: syz.1.4264 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 354.619933][T16033] Tainted: [W]=WARN [ 354.619991][T16033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 354.620005][T16033] Call Trace: [ 354.620013][T16033] [ 354.620023][T16033] __dump_stack+0x1d/0x30 [ 354.620058][T16033] dump_stack_lvl+0x95/0xd0 [ 354.620137][T16033] dump_stack+0x15/0x1b [ 354.620166][T16033] dump_header+0x80/0x240 [ 354.620193][T16033] oom_kill_process+0x295/0x350 [ 354.620274][T16033] out_of_memory+0x97d/0xb80 [ 354.620313][T16033] try_charge_memcg+0x62e/0xa10 [ 354.620412][T16033] obj_cgroup_charge_pages+0x23/0xc0 [ 354.620458][T16033] __memcg_kmem_charge_page+0x9e/0x170 [ 354.620575][T16033] __alloc_frozen_pages_noprof+0x18a/0x350 [ 354.620613][T16033] alloc_pages_mpol+0xb3/0x260 [ 354.620711][T16033] alloc_pages_noprof+0x8f/0x130 [ 354.620838][T16033] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 354.620897][T16033] __kvmalloc_node_noprof+0x471/0x680 [ 354.621011][T16033] ? ip_set_alloc+0x24/0x30 [ 354.621050][T16033] ? ip_set_alloc+0x24/0x30 [ 354.621162][T16033] ip_set_alloc+0x24/0x30 [ 354.621339][T16033] hash_netiface_create+0x282/0x740 [ 354.621376][T16033] ? __pfx_hash_netiface_create+0x10/0x10 [ 354.621418][T16033] ip_set_create+0x3cf/0x970 [ 354.621528][T16033] ? __nla_parse+0x40/0x60 [ 354.621570][T16033] nfnetlink_rcv_msg+0x509/0x5d0 [ 354.621679][T16033] netlink_rcv_skb+0x123/0x220 [ 354.621801][T16033] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 354.621849][T16033] nfnetlink_rcv+0x167/0x1720 [ 354.621896][T16033] ? __list_del_entry_valid_or_report+0x65/0x130 [ 354.621925][T16033] ? __rmqueue_pcplist+0x9b6/0xb80 [ 354.622081][T16033] ? _raw_spin_lock_bh+0x56/0xb0 [ 354.622124][T16033] ? should_fail_ex+0x30/0x280 [ 354.622165][T16033] ? selinux_nlmsg_lookup+0x99/0x890 [ 354.622206][T16033] ? __rcu_read_unlock+0x33/0x70 [ 354.622280][T16033] ? __netlink_lookup+0x276/0x2b0 [ 354.622358][T16033] netlink_unicast+0x5c0/0x690 [ 354.622395][T16033] netlink_sendmsg+0x5c8/0x6f0 [ 354.622425][T16033] ? __pfx_netlink_sendmsg+0x10/0x10 [ 354.622512][T16033] ____sys_sendmsg+0x5af/0x600 [ 354.622546][T16033] ___sys_sendmsg+0x195/0x1e0 [ 354.622584][T16033] __x64_sys_sendmsg+0xd4/0x160 [ 354.622615][T16033] x64_sys_call+0x17ba/0x3000 [ 354.622667][T16033] do_syscall_64+0xc0/0x2a0 [ 354.622735][T16033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.622812][T16033] RIP: 0033:0x7fb5653daeb9 [ 354.622835][T16033] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 354.622858][T16033] RSP: 002b:00007fb563e16028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 354.622884][T16033] RAX: ffffffffffffffda RBX: 00007fb565656090 RCX: 00007fb5653daeb9 [ 354.622905][T16033] RDX: 0000000000000880 RSI: 0000200000000040 RDI: 0000000000000005 [ 354.622931][T16033] RBP: 00007fb565448c1f R08: 0000000000000000 R09: 0000000000000000 [ 354.622950][T16033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 354.622967][T16033] R13: 00007fb565656128 R14: 00007fb565656090 R15: 00007ffea1b57eb8 [ 354.622997][T16033] [ 354.881262][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 354.882354][T16033] memory: usage 307200kB, limit 307200kB, failcnt 4212 [ 354.947668][T16033] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 354.955629][T16033] kmem: usage 235904kB, limit 9007199254740988kB, failcnt 0 [ 354.962978][T16033] Memory cgroup stats for /syz1: [ 354.986093][T16033] cache 69419008 [ 354.994838][T16033] rss 3579904 [ 354.998315][T16033] shmem 69414912 [ 355.002007][T16033] mapped_file 4096 [ 355.005795][T16033] dirty 0 [ 355.008771][T16033] writeback 0 [ 355.012148][T16033] workingset_refault_anon 2921 [ 355.016932][T16033] workingset_refault_file 5201 [ 355.021787][T16033] swap 0 [ 355.024663][T16033] swapcached 0 [ 355.028124][T16033] pgpgin 592435 [ 355.031723][T16033] pgpgout 574611 [ 355.035297][T16033] pgfault 517650 [ 355.038896][T16033] pgmajfault 478 [ 355.042593][T16033] inactive_anon 70766592 [ 355.046860][T16033] active_anon 286720 [ 355.050887][T16033] inactive_file 1953792 [ 355.055109][T16033] active_file 0 [ 355.058591][T16033] unevictable 0 [ 355.062203][T16033] hierarchical_memory_limit 314572800 [ 355.067650][T16033] hierarchical_memsw_limit 9223372036854771712 [ 355.073903][T16033] total_cache 69419008 [ 355.077994][T16033] total_rss 3579904 [ 355.081853][T16033] total_shmem 69414912 [ 355.085993][T16033] total_mapped_file 4096 [ 355.090268][T16033] total_dirty 0 [ 355.093738][T16033] total_writeback 0 [ 355.097568][T16033] total_workingset_refault_anon 2921 [ 355.103020][T16033] total_workingset_refault_file 5201 [ 355.108331][T16033] total_swap 0 [ 355.111755][T16033] total_swapcached 0 [ 355.115672][T16033] total_pgpgin 609352 [ 355.119667][T16033] total_pgpgout 591528 [ 355.123886][T16033] total_pgfault 518372 [ 355.127977][T16033] total_pgmajfault 478 [ 355.132146][T16033] total_inactive_anon 70766592 [ 355.137014][T16033] total_active_anon 286720 [ 355.141477][T16033] total_inactive_file 1953792 [ 355.146172][T16033] total_active_file 0 [ 355.150231][T16033] total_unevictable 0 [ 355.154239][T16033] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.4264,pid=16029,uid=0 [ 355.169451][T16033] Memory cgroup out of memory: Killed process 16029 (syz.1.4264) total-vm:94264kB, anon-rss:3420kB, file-rss:22308kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:0 [ 355.363287][T16052] netlink: 'syz.4.4270': attribute type 1 has an invalid length. [ 355.445653][T16050] hugetlbfs: syz.2.4268 (16050): Using mlock ulimits for SHM_HUGETLB is obsolete [ 355.702834][T16052] 8021q: adding VLAN 0 to HW filter on device bond21 [ 355.930240][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 355.979578][T16074] __nla_validate_parse: 7 callbacks suppressed [ 355.979600][T16074] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4273'. [ 356.871375][T16093] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4280'. [ 356.970256][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 357.030184][T16087] netlink: 148 bytes leftover after parsing attributes in process `syz.4.4277'. [ 357.059747][T16101] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16101 comm=syz.1.4281 [ 357.128570][T16089] netlink: 148 bytes leftover after parsing attributes in process `syz.3.4278'. [ 357.160785][T16104] netlink: 188 bytes leftover after parsing attributes in process `syz.1.4282'. [ 357.249570][ T29] kauditd_printk_skb: 26 callbacks suppressed [ 357.249592][ T29] audit: type=1326 audit(2000000962.883:7796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16105 comm="syz.1.4283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 357.279313][ T29] audit: type=1326 audit(2000000962.883:7797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16105 comm="syz.1.4283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 357.370172][ T29] audit: type=1326 audit(2000000962.883:7798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16105 comm="syz.1.4283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 357.393801][ T29] audit: type=1326 audit(2000000962.883:7799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16105 comm="syz.1.4283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 357.417343][ T29] audit: type=1326 audit(2000000962.883:7800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16105 comm="syz.1.4283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 357.440919][ T29] audit: type=1326 audit(2000000962.883:7801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16105 comm="syz.1.4283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 357.464512][ T29] audit: type=1326 audit(2000000962.883:7802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16105 comm="syz.1.4283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 357.488204][ T29] audit: type=1326 audit(2000000962.883:7803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16105 comm="syz.1.4283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 357.511740][ T29] audit: type=1326 audit(2000000962.883:7804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16105 comm="syz.1.4283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 357.535257][ T29] audit: type=1326 audit(2000000962.883:7805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16105 comm="syz.1.4283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 357.754898][T16113] netlink: 131740 bytes leftover after parsing attributes in process `syz.1.4284'. [ 357.767002][T16113] netlink: zone id is out of range [ 357.773582][T16113] netlink: zone id is out of range [ 357.779877][T16113] netlink: zone id is out of range [ 357.786679][T16113] netlink: del zone limit has 8 unknown bytes [ 357.904023][T16121] netlink: 'syz.6.4287': attribute type 1 has an invalid length. [ 357.950286][T16121] 8021q: adding VLAN 0 to HW filter on device bond15 [ 357.968628][T16121] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16121 comm=syz.6.4287 [ 358.010196][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 358.035692][T16131] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4290'. [ 358.046059][T16131] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4290'. [ 358.062289][T16131] netlink: 3 bytes leftover after parsing attributes in process `syz.6.4290'. [ 358.113125][T16131] ip6_vti0 speed is unknown, defaulting to 1000 [ 358.154882][T15951] Process accounting resumed [ 358.168522][T16131] lo speed is unknown, defaulting to 1000 [ 358.201473][T16139] 8021q: adding VLAN 0 to HW filter on device bond23 [ 358.222093][T16139] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16139 comm=syz.3.4292 [ 358.453990][T16160] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16160 comm=syz.3.4299 [ 358.612017][T16150] netlink: 72 bytes leftover after parsing attributes in process `syz.4.4293'. [ 358.708981][T16175] futex_wake_op: syz.1.4303 tries to shift op by 32; fix this program [ 358.830092][T16179] netlink: 'syz.4.4293': attribute type 13 has an invalid length. [ 359.050267][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 359.938422][T16208] siw: device registration error -23 [ 360.090235][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 361.132040][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 361.347025][T16241] geneve3: entered promiscuous mode [ 361.352354][T16241] geneve3: entered allmulticast mode [ 361.368734][ T3452] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 361.387952][ T3452] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 361.396553][ T3452] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 361.404969][ T3452] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 361.512907][T16246] __nla_validate_parse: 5 callbacks suppressed [ 361.512928][T16246] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4325'. [ 361.653558][T16256] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4328'. [ 361.684566][T16256] batman_adv: batadv0: Adding interface: macvtap2 [ 361.691091][T16256] batman_adv: batadv0: The MTU of interface macvtap2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 361.716626][T16256] batman_adv: batadv0: Not using interface macvtap2 (retrying later): interface not active [ 361.768871][T16259] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4329'. [ 361.916935][T16273] netlink: 148 bytes leftover after parsing attributes in process `syz.3.4331'. [ 361.978042][T16276] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16276 comm=syz.1.4332 [ 361.991769][T16276] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=16276 comm=syz.1.4332 [ 362.047466][T16276] syz.1.4332 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 362.057157][T16276] CPU: 0 UID: 0 PID: 16276 Comm: syz.1.4332 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 362.057224][T16276] Tainted: [W]=WARN [ 362.057234][T16276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 362.057256][T16276] Call Trace: [ 362.057264][T16276] [ 362.057272][T16276] __dump_stack+0x1d/0x30 [ 362.057298][T16276] dump_stack_lvl+0x95/0xd0 [ 362.057326][T16276] dump_stack+0x15/0x1b [ 362.057373][T16276] dump_header+0x80/0x240 [ 362.057397][T16276] oom_kill_process+0x295/0x350 [ 362.057425][T16276] out_of_memory+0x97d/0xb80 [ 362.057455][T16276] try_charge_memcg+0x62e/0xa10 [ 362.057494][T16276] __mem_cgroup_charge+0x65/0x150 [ 362.057583][T16276] shmem_get_folio_gfp+0x47b/0xd60 [ 362.057699][T16276] shmem_fallocate+0x628/0x920 [ 362.057811][T16276] vfs_fallocate+0x3b6/0x450 [ 362.057852][T16276] file_ioctl+0x4e3/0x5c0 [ 362.057887][T16276] do_vfs_ioctl+0x7c9/0xe70 [ 362.057928][T16276] ? selinux_file_ioctl+0x5f7/0xcb0 [ 362.057981][T16276] ? __rcu_read_unlock+0x4e/0x70 [ 362.058013][T16276] ? __fget_files+0x184/0x1c0 [ 362.058046][T16276] __se_sys_ioctl+0x82/0x140 [ 362.058167][T16276] __x64_sys_ioctl+0x43/0x50 [ 362.058212][T16276] x64_sys_call+0x14b0/0x3000 [ 362.058246][T16276] do_syscall_64+0xc0/0x2a0 [ 362.058348][T16276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.058375][T16276] RIP: 0033:0x7fb5653daeb9 [ 362.058469][T16276] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 362.058570][T16276] RSP: 002b:00007fb563db1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 362.058594][T16276] RAX: ffffffffffffffda RBX: 00007fb565656090 RCX: 00007fb5653daeb9 [ 362.058618][T16276] RDX: 0000200000000000 RSI: 0000000040305828 RDI: 000000000000000d [ 362.058631][T16276] RBP: 00007fb565448c1f R08: 0000000000000000 R09: 0000000000000000 [ 362.058648][T16276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 362.058719][T16276] R13: 00007fb565656128 R14: 00007fb565656090 R15: 00007ffea1b57eb8 [ 362.058740][T16276] [ 362.058747][T16276] memory: usage 307200kB, limit 307200kB, failcnt 4284 [ 362.170316][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 362.170485][T16276] memory+swap: usage 303040kB, limit 9007199254740988kB, failcnt 0 [ 362.288083][T16276] kmem: usage 165856kB, limit 9007199254740988kB, failcnt 0 [ 362.295462][T16276] Memory cgroup stats for /syz1: [ 362.420452][T16276] cache 76926976 [ 362.429061][T16276] rss 1867776 [ 362.432476][T16276] shmem 76922880 [ 362.436041][T16276] mapped_file 417792 [ 362.439948][T16276] dirty 0 [ 362.442982][T16276] writeback 0 [ 362.446282][T16276] workingset_refault_anon 2921 [ 362.451178][T16276] workingset_refault_file 7507 [ 362.455963][T16276] swap 0 [ 362.458892][T16276] swapcached 0 [ 362.462313][T16276] pgpgin 621054 [ 362.465834][T16276] pgpgout 601815 [ 362.469437][T16276] pgfault 524920 [ 362.473017][T16276] pgmajfault 483 [ 362.476576][T16276] inactive_anon 71012352 [ 362.480894][T16276] active_anon 7778304 [ 362.484905][T16276] inactive_file 0 [ 362.488567][T16276] active_file 12288 [ 362.492420][T16276] unevictable 0 [ 362.495901][T16276] hierarchical_memory_limit 314572800 [ 362.501330][T16276] hierarchical_memsw_limit 9223372036854771712 [ 362.507497][T16276] total_cache 76926976 [ 362.511750][T16276] total_rss 1867776 [ 362.515600][T16276] total_shmem 76922880 [ 362.519782][T16276] total_mapped_file 417792 [ 362.524330][T16276] total_dirty 0 [ 362.527837][T16276] total_writeback 0 [ 362.531686][T16276] total_workingset_refault_anon 2921 [ 362.536985][T16276] total_workingset_refault_file 7507 [ 362.542344][T16276] total_swap 0 [ 362.545733][T16276] total_swapcached 0 [ 362.549729][T16276] total_pgpgin 637971 [ 362.553861][T16276] total_pgpgout 618732 [ 362.557954][T16276] total_pgfault 525642 [ 362.562074][T16276] total_pgmajfault 483 [ 362.566167][T16276] total_inactive_anon 71012352 [ 362.570992][T16276] total_active_anon 7778304 [ 362.575549][T16276] total_inactive_file 0 [ 362.579756][T16276] total_active_file 12288 [ 362.584130][T16276] total_unevictable 0 [ 362.588149][T16276] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.4332,pid=16270,uid=0 [ 362.603228][T16276] Memory cgroup out of memory: Killed process 16270 (syz.1.4332) total-vm:160204kB, anon-rss:1372kB, file-rss:22536kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:0 [ 362.679546][T16280] netlink: 'syz.4.4333': attribute type 1 has an invalid length. [ 362.697789][T16280] 8021q: adding VLAN 0 to HW filter on device bond22 [ 362.708206][T16280] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16280 comm=syz.4.4333 [ 362.782604][ T29] kauditd_printk_skb: 130 callbacks suppressed [ 362.782624][ T29] audit: type=1326 audit(2000000968.423:7936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16291 comm="syz.6.4338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d816aeb9 code=0x7ffc0000 [ 362.853171][ T29] audit: type=1326 audit(2000000968.453:7937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16291 comm="syz.6.4338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f15d816aeb9 code=0x7ffc0000 [ 362.876813][ T29] audit: type=1326 audit(2000000968.453:7938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16291 comm="syz.6.4338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f15d816ac22 code=0x7ffc0000 [ 362.900260][ T29] audit: type=1326 audit(2000000968.473:7939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16291 comm="syz.6.4338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f15d812b78e code=0x7ffc0000 [ 362.932141][ T29] audit: type=1326 audit(2000000968.573:7940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16291 comm="syz.6.4338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f15d816ace7 code=0x7ffc0000 [ 362.955965][ T29] audit: type=1326 audit(2000000968.603:7941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16291 comm="syz.6.4338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f15d812b78e code=0x7ffc0000 [ 362.990253][ T29] audit: type=1326 audit(2000000968.603:7942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16291 comm="syz.6.4338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f15d812b78e code=0x7ffc0000 [ 363.013659][ T29] audit: type=1326 audit(2000000968.623:7943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16291 comm="syz.6.4338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d816aeb9 code=0x7ffc0000 [ 363.037306][ T29] audit: type=1326 audit(2000000968.623:7944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16291 comm="syz.6.4338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15d816aeb9 code=0x7ffc0000 [ 363.060896][ T29] audit: type=1326 audit(2000000968.623:7945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16291 comm="syz.6.4338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f15d816aeb9 code=0x7ffc0000 [ 363.200720][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 363.708637][T16317] ip6_vti0 speed is unknown, defaulting to 1000 [ 363.780788][T16317] lo speed is unknown, defaulting to 1000 [ 364.173916][T16340] futex_wake_op: syz.6.4351 tries to shift op by 32; fix this program [ 364.207604][T16338] netlink: 148 bytes leftover after parsing attributes in process `syz.4.4348'. [ 364.241316][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 364.306312][T16317] netlink: 'syz.3.4344': attribute type 4 has an invalid length. [ 364.314226][T16317] netlink: 17 bytes leftover after parsing attributes in process `syz.3.4344'. [ 364.454831][T16345] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4353'. [ 364.491501][T16345] bridge0: port 1(macsec0) entered blocking state [ 364.498188][T16345] bridge0: port 1(macsec0) entered disabled state [ 364.523356][T16345] macsec0: entered allmulticast mode [ 364.528733][T16345] bridge0: entered allmulticast mode [ 364.556593][T16345] macsec0: left allmulticast mode [ 364.561791][T16345] bridge0: left allmulticast mode [ 364.651568][T16356] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4356'. [ 364.721949][T16356] veth1_to_team: Caught tx_queue_len zero misconfig [ 365.116867][T16379] netlink: 176 bytes leftover after parsing attributes in process `syz.6.4362'. [ 365.135245][T16366] netlink: 84 bytes leftover after parsing attributes in process `syz.2.4359'. [ 365.144357][T16366] openvswitch: netlink: Message has 8 unknown bytes. [ 365.291873][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 365.359716][T16390] openvswitch: netlink: Missing key (keys=40, expected=80) [ 365.480382][T16397] futex_wake_op: syz.4.4372 tries to shift op by 32; fix this program [ 366.159671][T16448] siw: device registration error -23 [ 366.321938][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 367.023916][T16474] __nla_validate_parse: 6 callbacks suppressed [ 367.023937][T16474] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4400'. [ 367.131122][T16485] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16485 comm=syz.2.4403 [ 367.222552][T16496] netlink: 'syz.2.4407': attribute type 1 has an invalid length. [ 367.260276][T16496] 8021q: adding VLAN 0 to HW filter on device bond16 [ 367.287592][T16496] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16496 comm=syz.2.4407 [ 367.362386][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 367.406665][T16512] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4415'. [ 367.535708][T16518] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4416'. [ 367.673239][T16539] netlink: 'syz.6.4423': attribute type 1 has an invalid length. [ 367.687696][T16539] 8021q: adding VLAN 0 to HW filter on device bond16 [ 367.697713][T16539] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16539 comm=syz.6.4423 [ 367.935624][T16546] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4426'. [ 368.037051][T16555] ip6_vti0 speed is unknown, defaulting to 1000 [ 368.122437][T16563] netlink: 188 bytes leftover after parsing attributes in process `syz.6.4431'. [ 368.253407][T16571] netlink: 'syz.3.4434': attribute type 1 has an invalid length. [ 368.265436][T16555] lo speed is unknown, defaulting to 1000 [ 368.304527][T16571] 8021q: adding VLAN 0 to HW filter on device bond24 [ 368.342382][T16571] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16571 comm=syz.3.4434 [ 368.400248][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 368.435857][T16579] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4437'. [ 368.665911][T16599] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4444'. [ 368.675060][T16605] syz.1.4446 (16605): attempted to duplicate a private mapping with mremap. This is not supported. [ 368.733397][ T29] kauditd_printk_skb: 213 callbacks suppressed [ 368.733444][ T29] audit: type=1326 audit(2000000974.373:8159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16611 comm="syz.3.4450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04c7acaeb9 code=0x7ffc0000 [ 368.764900][ T29] audit: type=1326 audit(2000000974.403:8160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16611 comm="syz.3.4450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f04c7acaeb9 code=0x7ffc0000 [ 368.789345][ T29] audit: type=1326 audit(2000000974.433:8161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16611 comm="syz.3.4450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04c7acaeb9 code=0x7ffc0000 [ 369.210738][T16637] lo: Caught tx_queue_len zero misconfig [ 369.440732][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 369.488107][ T29] audit: type=1326 audit(2000000975.123:8162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16650 comm="syz.4.4464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63625daeb9 code=0x7ffc0000 [ 369.513121][ T29] audit: type=1326 audit(2000000975.153:8163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16650 comm="syz.4.4464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f63625daeb9 code=0x7ffc0000 [ 369.537508][ T29] audit: type=1326 audit(2000000975.183:8164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16650 comm="syz.4.4464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63625daeb9 code=0x7ffc0000 [ 369.561913][ T29] audit: type=1326 audit(2000000975.203:8165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16650 comm="syz.4.4464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f63625daeb9 code=0x7ffc0000 [ 369.586201][ T29] audit: type=1326 audit(2000000975.233:8166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16650 comm="syz.4.4464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63625daeb9 code=0x7ffc0000 [ 369.630386][ T29] audit: type=1326 audit(2000000975.273:8167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16650 comm="syz.4.4464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f63625daeb9 code=0x7ffc0000 [ 369.654869][ T29] audit: type=1326 audit(2000000975.293:8168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16650 comm="syz.4.4464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63625daeb9 code=0x7ffc0000 [ 369.692265][T16657] ip6_vti0 speed is unknown, defaulting to 1000 [ 369.755403][T16657] lo speed is unknown, defaulting to 1000 [ 369.766985][T16665] netlink: 'syz.6.4472': attribute type 3 has an invalid length. [ 369.944804][T16652] ip6_vti0 speed is unknown, defaulting to 1000 [ 370.041626][T16652] lo speed is unknown, defaulting to 1000 [ 370.290823][T16677] xt_CT: You must specify a L4 protocol and not use inversions on it [ 370.480173][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 370.532885][T16684] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4480'. [ 370.969774][T16736] IPVS: ip_vs_edit_dest(): server weight less than zero [ 371.034590][T16749] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 371.054584][T16751] xt_hashlimit: max too large, truncated to 1048576 [ 371.162024][T16652] netlink: 'syz.4.4464': attribute type 4 has an invalid length. [ 371.169869][T16652] netlink: 17 bytes leftover after parsing attributes in process `syz.4.4464'. [ 371.188909][T16762] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4515'. [ 371.429949][T16802] futex_wake_op: syz.6.4528 tries to shift op by 32; fix this program [ 371.531123][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 372.110280][T16844] __nla_validate_parse: 5 callbacks suppressed [ 372.110303][T16844] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4545'. [ 372.122816][T16845] netlink: 148 bytes leftover after parsing attributes in process `syz.3.4546'. [ 372.125820][T16844] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4545'. [ 372.259496][T16857] netlink: 188 bytes leftover after parsing attributes in process `syz.1.4552'. [ 372.296200][T16864] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4554'. [ 372.305280][T16864] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4554'. [ 372.315429][T16863] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4555'. [ 372.319194][T16866] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4556'. [ 372.335127][T16863] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16863 comm=syz.6.4555 [ 372.419480][T16870] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4558'. [ 372.485665][T16890] netlink: 188 bytes leftover after parsing attributes in process `syz.6.4564'. [ 372.560197][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 372.602606][T16909] SELinux: security_context_str_to_sid (ƒyó²æb) failed with errno=-22 [ 373.600186][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 373.633073][T16983] netlink: 'syz.6.4602': attribute type 1 has an invalid length. [ 373.647637][T16983] 8021q: adding VLAN 0 to HW filter on device bond17 [ 373.658191][T16983] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16983 comm=syz.6.4602 [ 373.782932][T16991] netlink: 'syz.4.4606': attribute type 1 has an invalid length. [ 373.797709][T16991] 8021q: adding VLAN 0 to HW filter on device bond23 [ 374.114338][T17031] x_tables: ip_tables: dccp match: only valid for protocol 33 [ 374.171841][T17037] netlink: 'syz.1.4627': attribute type 1 has an invalid length. [ 374.207913][T17037] 8021q: adding VLAN 0 to HW filter on device bond11 [ 374.218334][T17037] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17037 comm=syz.1.4627 [ 374.257116][T17043] netlink: 'syz.3.4629': attribute type 1 has an invalid length. [ 374.311371][T17043] 8021q: adding VLAN 0 to HW filter on device bond25 [ 374.415900][ T29] kauditd_printk_skb: 92 callbacks suppressed [ 374.415916][ T29] audit: type=1400 audit(2000000980.053:8261): avc: denied { write } for pid=17056 comm="syz.2.4634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 374.650206][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 374.825340][T17006] syz.4.4612 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=0 [ 374.839337][T17006] CPU: 1 UID: 0 PID: 17006 Comm: syz.4.4612 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 374.839447][T17006] Tainted: [W]=WARN [ 374.839458][T17006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 374.839476][T17006] Call Trace: [ 374.839486][T17006] [ 374.839497][T17006] __dump_stack+0x1d/0x30 [ 374.839530][T17006] dump_stack_lvl+0x95/0xd0 [ 374.839553][T17006] dump_stack+0x15/0x1b [ 374.839610][T17006] dump_header+0x80/0x240 [ 374.839633][T17006] oom_kill_process+0x295/0x350 [ 374.839668][T17006] out_of_memory+0x97d/0xb80 [ 374.839751][T17006] try_charge_memcg+0x62e/0xa10 [ 374.839783][T17006] obj_cgroup_charge_pages+0x23/0xc0 [ 374.839895][T17006] __memcg_kmem_charge_page+0x9e/0x170 [ 374.839928][T17006] __alloc_frozen_pages_noprof+0x18a/0x350 [ 374.840038][T17006] alloc_pages_mpol+0xb3/0x260 [ 374.840137][T17006] alloc_pages_noprof+0x8f/0x130 [ 374.840227][T17006] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 374.840286][T17006] __kvmalloc_node_noprof+0x471/0x680 [ 374.840393][T17006] ? ip_set_alloc+0x24/0x30 [ 374.840434][T17006] ? ip_set_alloc+0x24/0x30 [ 374.840558][T17006] ip_set_alloc+0x24/0x30 [ 374.840599][T17006] hash_netiface_create+0x282/0x740 [ 374.840706][T17006] ? __pfx_hash_netiface_create+0x10/0x10 [ 374.840792][T17006] ip_set_create+0x3cf/0x970 [ 374.840896][T17006] ? __nla_parse+0x40/0x60 [ 374.840967][T17006] nfnetlink_rcv_msg+0x509/0x5d0 [ 374.841031][T17006] netlink_rcv_skb+0x123/0x220 [ 374.841070][T17006] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 374.841121][T17006] nfnetlink_rcv+0x167/0x1720 [ 374.841164][T17006] ? __list_add_valid_or_report+0x38/0xe0 [ 374.841189][T17006] ? merge_sched_in+0x5db/0xbe0 [ 374.841219][T17006] ? rb_next+0x5c/0x80 [ 374.841251][T17006] ? visit_groups_merge+0xf7e/0xfd0 [ 374.841316][T17006] ? event_sched_out+0x896/0x8f0 [ 374.841345][T17006] ? _raw_spin_lock_bh+0x56/0xb0 [ 374.841402][T17006] ? should_fail_ex+0x30/0x280 [ 374.841438][T17006] ? selinux_nlmsg_lookup+0x99/0x890 [ 374.841523][T17006] ? __rcu_read_unlock+0x33/0x70 [ 374.841554][T17006] ? __netlink_lookup+0x276/0x2b0 [ 374.841638][T17006] netlink_unicast+0x5c0/0x690 [ 374.841678][T17006] netlink_sendmsg+0x5c8/0x6f0 [ 374.841752][T17006] ? __pfx_netlink_sendmsg+0x10/0x10 [ 374.841779][T17006] ____sys_sendmsg+0x5af/0x600 [ 374.841811][T17006] ___sys_sendmsg+0x195/0x1e0 [ 374.841857][T17006] __x64_sys_sendmsg+0xd4/0x160 [ 374.841881][T17006] x64_sys_call+0x17ba/0x3000 [ 374.841915][T17006] do_syscall_64+0xc0/0x2a0 [ 374.842105][T17006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.842181][T17006] RIP: 0033:0x7f63625daeb9 [ 374.842215][T17006] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 374.842243][T17006] RSP: 002b:00007f6361037028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 374.842272][T17006] RAX: ffffffffffffffda RBX: 00007f6362855fa0 RCX: 00007f63625daeb9 [ 374.842292][T17006] RDX: 0000000000000880 RSI: 0000200000000040 RDI: 0000000000000004 [ 374.842311][T17006] RBP: 00007f6362648c1f R08: 0000000000000000 R09: 0000000000000000 [ 374.842335][T17006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 374.842348][T17006] R13: 00007f6362856038 R14: 00007f6362855fa0 R15: 00007ffe9c2eb8b8 [ 374.842444][T17006] [ 375.166060][T17006] memory: usage 307200kB, limit 307200kB, failcnt 3718 [ 375.172971][T17006] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 375.180934][T17006] kmem: usage 304420kB, limit 9007199254740988kB, failcnt 0 [ 375.188320][T17006] Memory cgroup stats for /syz4: [ 375.193903][T17006] cache 139264 [ 375.202509][T17006] rss 2707456 [ 375.205862][T17006] shmem 139264 [ 375.209263][T17006] mapped_file 0 [ 375.212798][T17006] dirty 0 [ 375.215862][T17006] writeback 0 [ 375.219175][T17006] workingset_refault_anon 681 [ 375.223978][T17006] workingset_refault_file 11140 [ 375.228855][T17006] swap 0 [ 375.231756][T17006] swapcached 0 [ 375.235209][T17006] pgpgin 494573 [ 375.238694][T17006] pgpgout 493878 [ 375.242326][T17006] pgfault 399346 [ 375.245887][T17006] pgmajfault 261 [ 375.249454][T17006] inactive_anon 299008 [ 375.253585][T17006] active_anon 614400 [ 375.257510][T17006] inactive_file 1933312 [ 375.261707][T17006] active_file 0 [ 375.265207][T17006] unevictable 0 [ 375.268696][T17006] hierarchical_memory_limit 314572800 [ 375.274191][T17006] hierarchical_memsw_limit 9223372036854771712 [ 375.280440][T17006] total_cache 139264 [ 375.284381][T17006] total_rss 2707456 [ 375.288236][T17006] total_shmem 139264 [ 375.292241][T17006] total_mapped_file 0 [ 375.296237][T17006] total_dirty 0 [ 375.299724][T17006] total_writeback 0 [ 375.303586][T17006] total_workingset_refault_anon 681 [ 375.308831][T17006] total_workingset_refault_file 11140 [ 375.314353][T17006] total_swap 0 [ 375.317745][T17006] total_swapcached 0 [ 375.321702][T17006] total_pgpgin 494573 [ 375.325715][T17006] total_pgpgout 493878 [ 375.329845][T17006] total_pgfault 399346 [ 375.333980][T17006] total_pgmajfault 261 [ 375.338095][T17006] total_inactive_anon 299008 [ 375.342750][T17006] total_active_anon 614400 [ 375.347193][T17006] total_inactive_file 1933312 [ 375.352068][T17006] total_active_file 0 [ 375.356100][T17006] total_unevictable 0 [ 375.360194][T17006] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.4612,pid=17005,uid=0 [ 375.375281][T17006] Memory cgroup out of memory: Killed process 17005 (syz.4.4612) total-vm:94264kB, anon-rss:3416kB, file-rss:22324kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:0 [ 375.540731][T17086] futex_wake_op: syz.6.4646 tries to shift op by 32; fix this program [ 375.680217][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 375.822060][T17127] netlink: 'syz.3.4664': attribute type 1 has an invalid length. [ 375.841022][T17127] 8021q: adding VLAN 0 to HW filter on device bond26 [ 375.851628][T17127] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17127 comm=syz.3.4664 [ 376.277589][T17159] netlink: 'syz.3.4677': attribute type 1 has an invalid length. [ 376.294198][T17159] 8021q: adding VLAN 0 to HW filter on device bond27 [ 376.304512][T17159] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17159 comm=syz.3.4677 [ 376.342068][ T29] audit: type=1326 audit(2000000981.983:8262): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17161 comm="syz.3.4678" exe="/root/syz-executor" sig=9 arch=c000003e syscall=39 compat=0 ip=0x7f04c7ac4cd7 code=0x0 [ 376.720192][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 376.849109][T17192] netlink: 'syz.4.4688': attribute type 1 has an invalid length. [ 376.883554][T17194] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 376.941287][T17192] 8021q: adding VLAN 0 to HW filter on device bond24 [ 376.953979][ T5052] ip6_vti0 speed is unknown, defaulting to 1000 [ 376.960340][ T5052] syz2: Port: 1 Link ACTIVE [ 376.965483][T17192] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17192 comm=syz.4.4688 [ 376.965829][ T3452] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 376.993556][ T5052] ip6_vti0 speed is unknown, defaulting to 1000 [ 377.137803][T17220] netlink: 'syz.2.4702': attribute type 1 has an invalid length. [ 377.154176][T17220] 8021q: adding VLAN 0 to HW filter on device bond17 [ 377.164445][T17220] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17220 comm=syz.2.4702 [ 377.184573][T17225] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 377.246793][T17237] __nla_validate_parse: 26 callbacks suppressed [ 377.246815][T17237] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4708'. [ 377.267960][T17237] batman_adv: batadv0: Adding interface: macvtap4 [ 377.274643][T17237] batman_adv: batadv0: The MTU of interface macvtap4 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 377.300142][T17237] batman_adv: batadv0: Not using interface macvtap4 (retrying later): interface not active [ 377.364763][T17233] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17233 comm=syz.2.4707 [ 377.401444][T17247] netlink: 148 bytes leftover after parsing attributes in process `syz.6.4713'. [ 377.494633][ T29] audit: type=1326 audit(2000000983.133:8263): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17256 comm="syz.4.4718" exe="/root/syz-executor" sig=9 arch=c000003e syscall=39 compat=0 ip=0x7f63625d4cd7 code=0x0 [ 377.678709][T17262] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4720'. [ 377.760248][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 377.954221][T17289] netlink: 'syz.1.4729': attribute type 1 has an invalid length. [ 377.969707][T17289] 8021q: adding VLAN 0 to HW filter on device bond12 [ 377.990624][T17289] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17289 comm=syz.1.4729 [ 378.049820][T17297] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4731'. [ 378.110668][T17304] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4735'. [ 378.299037][T17314] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4739'. [ 378.371627][T17320] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4741'. [ 378.407796][ T29] audit: type=1326 audit(2000000984.043:8264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17317 comm="syz.1.4740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 378.446161][ T29] audit: type=1326 audit(2000000984.073:8265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17317 comm="syz.1.4740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fb5653daeb9 code=0x7ffc0000 [ 378.469748][ T29] audit: type=1326 audit(2000000984.073:8266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17317 comm="syz.1.4740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb5653dac22 code=0x7ffc0000 [ 378.539683][ T29] audit: type=1326 audit(2000000984.133:8267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17317 comm="syz.1.4740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb56539b78e code=0x7ffc0000 [ 378.563169][ T29] audit: type=1326 audit(2000000984.153:8268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17317 comm="syz.1.4740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fb5653dace7 code=0x7ffc0000 [ 378.586829][ T29] audit: type=1326 audit(2000000984.153:8269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17317 comm="syz.1.4740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb56539b78e code=0x7ffc0000 [ 378.610394][ T29] audit: type=1326 audit(2000000984.163:8270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17317 comm="syz.1.4740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fb56539b78e code=0x7ffc0000 [ 378.696621][T17334] netlink: 'syz.1.4745': attribute type 1 has an invalid length. [ 378.735926][T17334] 8021q: adding VLAN 0 to HW filter on device bond13 [ 378.757994][T17340] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17340 comm=syz.1.4745 [ 378.810180][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 379.249333][T17375] netlink: 'syz.4.4760': attribute type 1 has an invalid length. [ 379.283254][T17375] 8021q: adding VLAN 0 to HW filter on device bond25 [ 379.300736][T17375] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17375 comm=syz.4.4760 [ 379.707606][T17382] syz.4.4764 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=0 [ 379.721556][T17382] CPU: 0 UID: 0 PID: 17382 Comm: syz.4.4764 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 379.721594][T17382] Tainted: [W]=WARN [ 379.721601][T17382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 379.721617][T17382] Call Trace: [ 379.721626][T17382] [ 379.721636][T17382] __dump_stack+0x1d/0x30 [ 379.721718][T17382] dump_stack_lvl+0x95/0xd0 [ 379.721740][T17382] dump_stack+0x15/0x1b [ 379.721768][T17382] dump_header+0x80/0x240 [ 379.721796][T17382] oom_kill_process+0x295/0x350 [ 379.721926][T17382] out_of_memory+0x97d/0xb80 [ 379.721961][T17382] try_charge_memcg+0x62e/0xa10 [ 379.721999][T17382] obj_cgroup_charge_pages+0x23/0xc0 [ 379.722048][T17382] __memcg_kmem_charge_page+0x9e/0x170 [ 379.722170][T17382] __alloc_frozen_pages_noprof+0x18a/0x350 [ 379.722219][T17382] alloc_pages_mpol+0xb3/0x260 [ 379.722265][T17382] alloc_pages_noprof+0x8f/0x130 [ 379.722347][T17382] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 379.722398][T17382] __kvmalloc_node_noprof+0x471/0x680 [ 379.722490][T17382] ? ip_set_alloc+0x24/0x30 [ 379.722601][T17382] ? ip_set_alloc+0x24/0x30 [ 379.722637][T17382] ip_set_alloc+0x24/0x30 [ 379.722673][T17382] hash_netiface_create+0x282/0x740 [ 379.722771][T17382] ? __pfx_hash_netiface_create+0x10/0x10 [ 379.722887][T17382] ip_set_create+0x3cf/0x970 [ 379.722936][T17382] ? __nla_parse+0x40/0x60 [ 379.723046][T17382] nfnetlink_rcv_msg+0x509/0x5d0 [ 379.723107][T17382] netlink_rcv_skb+0x123/0x220 [ 379.723173][T17382] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 379.723219][T17382] nfnetlink_rcv+0x167/0x1720 [ 379.723323][T17382] ? __list_del_entry_valid_or_report+0x65/0x130 [ 379.723429][T17382] ? __rmqueue_pcplist+0x9b6/0xb80 [ 379.723477][T17382] ? _raw_spin_lock_bh+0x56/0xb0 [ 379.723529][T17382] ? should_fail_ex+0x30/0x280 [ 379.723563][T17382] ? selinux_nlmsg_lookup+0x99/0x890 [ 379.723588][T17382] ? __rcu_read_unlock+0x33/0x70 [ 379.723620][T17382] ? __netlink_lookup+0x276/0x2b0 [ 379.723682][T17382] netlink_unicast+0x5c0/0x690 [ 379.723721][T17382] netlink_sendmsg+0x5c8/0x6f0 [ 379.723744][T17382] ? __pfx_netlink_sendmsg+0x10/0x10 [ 379.723833][T17382] ____sys_sendmsg+0x5af/0x600 [ 379.723860][T17382] ___sys_sendmsg+0x195/0x1e0 [ 379.723937][T17382] __x64_sys_sendmsg+0xd4/0x160 [ 379.723966][T17382] x64_sys_call+0x17ba/0x3000 [ 379.724017][T17382] do_syscall_64+0xc0/0x2a0 [ 379.724051][T17382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.724074][T17382] RIP: 0033:0x7f63625daeb9 [ 379.724160][T17382] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 379.724179][T17382] RSP: 002b:00007f6361037028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 379.724200][T17382] RAX: ffffffffffffffda RBX: 00007f6362855fa0 RCX: 00007f63625daeb9 [ 379.724291][T17382] RDX: 0000000000000880 RSI: 0000200000000040 RDI: 0000000000000004 [ 379.724304][T17382] RBP: 00007f6362648c1f R08: 0000000000000000 R09: 0000000000000000 [ 379.724318][T17382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 379.724330][T17382] R13: 00007f6362856038 R14: 00007f6362855fa0 R15: 00007ffe9c2eb8b8 [ 379.724359][T17382] [ 379.724368][T17382] memory: usage 307044kB, limit 307200kB, failcnt 4137 [ 379.850399][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 379.851070][T17382] memory+swap: usage 307152kB, limit 9007199254740988kB, failcnt 0 [ 380.058485][T17382] kmem: usage 305856kB, limit 9007199254740988kB, failcnt 0 [ 380.065945][T17382] Memory cgroup stats for /syz4: [ 380.066293][T17382] cache 143360 [ 380.074708][T17382] rss 1232896 [ 380.078015][T17382] shmem 139264 [ 380.081473][T17382] mapped_file 4096 [ 380.085215][T17382] dirty 0 [ 380.088179][T17382] writeback 0 [ 380.091743][T17382] workingset_refault_anon 681 [ 380.096593][T17382] workingset_refault_file 12047 [ 380.101524][T17382] swap 0 [ 380.104412][T17382] swapcached 0 [ 380.107845][T17382] pgpgin 499519 [ 380.111560][T17382] pgpgout 499183 [ 380.115249][T17382] pgfault 404348 [ 380.118908][T17382] pgmajfault 269 [ 380.122627][T17382] inactive_anon 294912 [ 380.126713][T17382] active_anon 606208 [ 380.130676][T17382] inactive_file 425984 [ 380.134762][T17382] active_file 49152 [ 380.138593][T17382] unevictable 0 [ 380.142143][T17382] hierarchical_memory_limit 314572800 [ 380.147552][T17382] hierarchical_memsw_limit 9223372036854771712 [ 380.153938][T17382] total_cache 143360 [ 380.155305][T17393] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4766'. [ 380.158122][T17382] total_rss 1232896 [ 380.170666][T17382] total_shmem 139264 [ 380.174579][T17382] total_mapped_file 4096 [ 380.178839][T17382] total_dirty 0 [ 380.182375][T17382] total_writeback 0 [ 380.186209][T17382] total_workingset_refault_anon 681 [ 380.191507][T17382] total_workingset_refault_file 12047 [ 380.196961][T17382] total_swap 0 [ 380.200505][T17382] total_swapcached 0 [ 380.204426][T17382] total_pgpgin 499519 [ 380.208453][T17382] total_pgpgout 499183 [ 380.212602][T17382] total_pgfault 404348 [ 380.216687][T17382] total_pgmajfault 269 [ 380.220949][T17382] total_inactive_anon 294912 [ 380.225630][T17382] total_active_anon 606208 [ 380.230058][T17382] total_inactive_file 425984 [ 380.234802][T17382] total_active_file 49152 [ 380.239152][T17382] total_unevictable 0 [ 380.243201][T17382] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.4764,pid=17381,uid=0 [ 380.258413][T17382] Memory cgroup out of memory: Killed process 17381 (syz.4.4764) total-vm:94132kB, anon-rss:1880kB, file-rss:22024kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:0 [ 380.430800][T17423] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4773'. [ 380.611855][T17445] netlink: 72 bytes leftover after parsing attributes in process `syz.4.4786'. [ 380.629767][T17447] netlink: 'syz.1.4787': attribute type 1 has an invalid length. [ 380.646167][T17447] 8021q: adding VLAN 0 to HW filter on device bond14 [ 380.880285][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 381.440225][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 381.510375][T17454] syz.1.4790 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=0 [ 381.524510][T17454] CPU: 1 UID: 0 PID: 17454 Comm: syz.1.4790 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 381.524547][T17454] Tainted: [W]=WARN [ 381.524554][T17454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 381.524662][T17454] Call Trace: [ 381.524672][T17454] [ 381.524684][T17454] __dump_stack+0x1d/0x30 [ 381.524719][T17454] dump_stack_lvl+0x95/0xd0 [ 381.524742][T17454] dump_stack+0x15/0x1b [ 381.524763][T17454] dump_header+0x80/0x240 [ 381.524787][T17454] oom_kill_process+0x295/0x350 [ 381.524823][T17454] out_of_memory+0x97d/0xb80 [ 381.524859][T17454] try_charge_memcg+0x62e/0xa10 [ 381.524897][T17454] obj_cgroup_charge_pages+0x23/0xc0 [ 381.525014][T17454] __memcg_kmem_charge_page+0x9e/0x170 [ 381.525094][T17454] __alloc_frozen_pages_noprof+0x18a/0x350 [ 381.525133][T17454] alloc_pages_mpol+0xb3/0x260 [ 381.525297][T17454] alloc_pages_noprof+0x8f/0x130 [ 381.525336][T17454] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 381.525387][T17454] __kvmalloc_node_noprof+0x471/0x680 [ 381.525447][T17454] ? ip_set_alloc+0x24/0x30 [ 381.525488][T17454] ? ip_set_alloc+0x24/0x30 [ 381.525605][T17454] ip_set_alloc+0x24/0x30 [ 381.525683][T17454] hash_netiface_create+0x282/0x740 [ 381.525727][T17454] ? __pfx_hash_netiface_create+0x10/0x10 [ 381.525771][T17454] ip_set_create+0x3cf/0x970 [ 381.525915][T17454] ? __nla_parse+0x40/0x60 [ 381.525964][T17454] nfnetlink_rcv_msg+0x509/0x5d0 [ 381.526035][T17454] netlink_rcv_skb+0x123/0x220 [ 381.526161][T17454] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 381.526212][T17454] nfnetlink_rcv+0x167/0x1720 [ 381.526254][T17454] ? __kfree_skb+0x109/0x150 [ 381.526403][T17454] ? nlmon_xmit+0x4f/0x60 [ 381.526443][T17454] ? consume_skb+0x49/0x140 [ 381.526539][T17454] ? nlmon_xmit+0x4f/0x60 [ 381.526656][T17454] ? dev_hard_start_xmit+0x3a8/0x3e0 [ 381.526744][T17454] ? __dev_queue_xmit+0x139a/0x1f20 [ 381.526839][T17454] ? __dev_queue_xmit+0x148/0x1f20 [ 381.526968][T17454] ? ref_tracker_free+0x37d/0x3e0 [ 381.527020][T17454] ? __netlink_deliver_tap+0x4dc/0x500 [ 381.527120][T17454] netlink_unicast+0x5c0/0x690 [ 381.527176][T17454] netlink_sendmsg+0x5c8/0x6f0 [ 381.527208][T17454] ? __pfx_netlink_sendmsg+0x10/0x10 [ 381.527246][T17454] ____sys_sendmsg+0x5af/0x600 [ 381.527282][T17454] ___sys_sendmsg+0x195/0x1e0 [ 381.527323][T17454] __x64_sys_sendmsg+0xd4/0x160 [ 381.527352][T17454] x64_sys_call+0x17ba/0x3000 [ 381.527463][T17454] do_syscall_64+0xc0/0x2a0 [ 381.527651][T17454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 381.527752][T17454] RIP: 0033:0x7fb5653daeb9 [ 381.527772][T17454] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 381.527827][T17454] RSP: 002b:00007fb563e37028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 381.527854][T17454] RAX: ffffffffffffffda RBX: 00007fb565655fa0 RCX: 00007fb5653daeb9 [ 381.527874][T17454] RDX: 0000000000000880 RSI: 0000200000000040 RDI: 0000000000000004 [ 381.527892][T17454] RBP: 00007fb565448c1f R08: 0000000000000000 R09: 0000000000000000 [ 381.527909][T17454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 381.527925][T17454] R13: 00007fb565656038 R14: 00007fb565655fa0 R15: 00007ffea1b57eb8 [ 381.527955][T17454] [ 381.528061][T17454] memory: usage 307200kB, limit 307200kB, failcnt 5101 [ 381.854736][T17454] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 381.862683][T17454] kmem: usage 235432kB, limit 9007199254740988kB, failcnt 0 [ 381.870013][T17454] Memory cgroup stats for /syz1: [ 381.870546][T17454] cache 69419008 [ 381.879067][T17454] rss 4063232 [ 381.882407][T17454] shmem 69419008 [ 381.886045][T17454] mapped_file 0 [ 381.889605][T17454] dirty 0 [ 381.892579][T17454] writeback 0 [ 381.896000][T17454] workingset_refault_anon 2971 [ 381.900800][T17454] workingset_refault_file 7970 [ 381.905655][T17454] swap 0 [ 381.908599][T17454] swapcached 0 [ 381.912023][T17454] pgpgin 634891 [ 381.915509][T17454] pgpgout 616949 [ 381.919075][T17454] pgfault 547001 [ 381.922749][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 381.929717][T17454] pgmajfault 505 [ 381.933345][T17454] inactive_anon 70868992 [ 381.937596][T17454] active_anon 598016 [ 381.941604][T17454] inactive_file 2023424 [ 381.945779][T17454] active_file 0 [ 381.949260][T17454] unevictable 0 [ 381.952860][T17454] hierarchical_memory_limit 314572800 [ 381.958344][T17454] hierarchical_memsw_limit 9223372036854771712 [ 381.964655][T17454] total_cache 69419008 [ 381.968811][T17454] total_rss 4063232 [ 381.972706][T17454] total_shmem 69419008 [ 381.976876][T17454] total_mapped_file 0 [ 381.980931][T17454] total_dirty 0 [ 381.984457][T17454] total_writeback 0 [ 381.988305][T17454] total_workingset_refault_anon 2971 [ 381.993647][T17454] total_workingset_refault_file 7970 [ 381.998960][T17454] total_swap 0 [ 382.002432][T17454] total_swapcached 0 [ 382.006367][T17454] total_pgpgin 651808 [ 382.010528][T17454] total_pgpgout 633866 [ 382.014618][T17454] total_pgfault 547723 [ 382.018745][T17454] total_pgmajfault 505 [ 382.022912][T17454] total_inactive_anon 70868992 [ 382.027693][T17454] total_active_anon 598016 [ 382.032203][T17454] total_inactive_file 2023424 [ 382.036905][T17454] total_active_file 0 [ 382.040947][T17454] total_unevictable 0 [ 382.044988][T17454] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.4790,pid=17453,uid=0 [ 382.060045][T17454] Memory cgroup out of memory: Killed process 17453 (syz.1.4790) total-vm:94264kB, anon-rss:3420kB, file-rss:22300kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:0 [ 382.240240][T17511] netlink: 'syz.1.4813': attribute type 1 has an invalid length. [ 382.534014][T17550] netlink: 'syz.1.4828': attribute type 1 has an invalid length. [ 382.562292][T17550] 8021q: adding VLAN 0 to HW filter on device bond15 [ 382.574221][T17550] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17550 comm=syz.1.4828 [ 382.960217][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 383.147592][T17605] netlink: 'syz.6.4851': attribute type 1 has an invalid length. [ 383.220657][T17610] __nla_validate_parse: 6 callbacks suppressed [ 383.220678][T17610] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4853'. [ 383.547387][T17634] netlink: 148 bytes leftover after parsing attributes in process `syz.2.4858'. [ 383.901871][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 383.901940][ T29] audit: type=1326 audit(2000000989.543:8275): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17662 comm="syz.6.4875" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f15d816aeb9 code=0x0 [ 384.010210][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 384.033906][T17667] netlink: 148 bytes leftover after parsing attributes in process `syz.1.4877'. [ 384.146936][T17673] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 384.347664][T17678] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4870'. [ 384.356809][T17678] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4870'. [ 384.706187][ T29] audit: type=1400 audit(2000000990.343:8276): avc: denied { setopt } for pid=17691 comm="syz.2.4887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 384.761705][T17696] netlink: 148 bytes leftover after parsing attributes in process `syz.6.4889'. [ 384.838022][T17698] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4890'. [ 384.951953][T17711] netlink: 'syz.6.4895': attribute type 1 has an invalid length. [ 384.968031][T17711] 8021q: adding VLAN 0 to HW filter on device bond18 [ 384.980608][T17711] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17711 comm=syz.6.4895 [ 385.040172][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 385.317178][T17746] netlink: 36 bytes leftover after parsing attributes in process `syz.6.4909'. [ 385.492127][T17767] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4917'. [ 385.648016][T17783] netlink: 'syz.4.4922': attribute type 1 has an invalid length. [ 385.662220][T17783] 8021q: adding VLAN 0 to HW filter on device bond26 [ 385.672787][T17783] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17783 comm=syz.4.4922 [ 385.688757][T17787] netlink: 'syz.3.4923': attribute type 1 has an invalid length. [ 385.890838][T17811] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4927'. [ 385.930288][T17816] futex_wake_op: syz.3.4937 tries to shift op by 32; fix this program [ 386.043026][T17826] netlink: 'syz.4.4942': attribute type 1 has an invalid length. [ 386.058711][T17826] 8021q: adding VLAN 0 to HW filter on device bond27 [ 386.069723][T17826] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17826 comm=syz.4.4942 [ 386.082655][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 386.364961][T17857] netlink: del zone limit has 8 unknown bytes [ 386.389694][ T29] audit: type=1400 audit(2000000992.023:8277): avc: denied { lock } for pid=17858 comm="syz.4.4956" path="socket:[61169]" dev="sockfs" ino=61169 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 386.467285][T17869] netlink: 'syz.6.4959': attribute type 1 has an invalid length. [ 386.484438][T17875] netlink: 'syz.4.4962': attribute type 1 has an invalid length. [ 386.501942][T17869] 8021q: adding VLAN 0 to HW filter on device bond19 [ 386.518683][T17875] 8021q: adding VLAN 0 to HW filter on device bond28 [ 386.530674][T17875] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17875 comm=syz.4.4962 [ 386.531792][T17869] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17869 comm=syz.6.4959 [ 387.122195][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 387.326434][T17910] netlink: 'syz.1.4977': attribute type 1 has an invalid length. [ 387.347425][T17910] 8021q: adding VLAN 0 to HW filter on device bond16 [ 387.359007][T17910] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17910 comm=syz.1.4977 [ 387.628483][ T29] audit: type=1326 audit(2000000993.263:8278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17928 comm="syz.1.4986" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb5653daeb9 code=0x0 [ 387.818756][ T29] audit: type=1326 audit(2000000993.453:8279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17944 comm="syz.2.4990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bdc06aeb9 code=0x7ffc0000 [ 387.853635][ T29] audit: type=1326 audit(2000000993.453:8280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17944 comm="syz.2.4990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=306 compat=0 ip=0x7f4bdc06aeb9 code=0x7ffc0000 [ 387.877252][ T29] audit: type=1326 audit(2000000993.453:8281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17944 comm="syz.2.4990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bdc06aeb9 code=0x7ffc0000 [ 387.900939][ T29] audit: type=1326 audit(2000000993.453:8282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17944 comm="syz.2.4990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bdc06aeb9 code=0x7ffc0000 [ 387.979122][T17960] xt_hashlimit: size too large, truncated to 1048576 [ 387.986050][T17960] xt_hashlimit: invalid rate [ 388.048369][ T29] audit: type=1400 audit(2000000993.683:8283): avc: denied { connect } for pid=17966 comm="syz.2.4999" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 388.160210][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 388.209156][ T29] audit: type=1400 audit(2000000993.843:8284): avc: denied { getopt } for pid=17985 comm="syz.6.5007" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 388.438287][T18022] __nla_validate_parse: 10 callbacks suppressed [ 388.438309][T18022] netlink: 160 bytes leftover after parsing attributes in process `syz.2.5024'. [ 388.457416][T18024] futex_wake_op: syz.1.5025 tries to shift op by 32; fix this program [ 388.790065][T18057] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5037'. [ 388.799202][T18057] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5037'. [ 388.814257][T18059] 9p: Unknown Cache mode or invalid value f [ 388.830803][T18061] netlink: 'syz.4.5039': attribute type 1 has an invalid length. [ 388.848879][T18065] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5041'. [ 388.859417][T18065] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5041'. [ 388.862357][T18061] 8021q: adding VLAN 0 to HW filter on device bond29 [ 388.889947][T18061] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=18061 comm=syz.4.5039 [ 388.958641][T18078] netlink: 284 bytes leftover after parsing attributes in process `syz.3.5047'. [ 388.999150][T18086] netlink: 160 bytes leftover after parsing attributes in process `syz.3.5051'. [ 389.118354][T18101] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5057'. [ 389.200224][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 389.254337][T18113] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5063'. [ 389.953509][T18147] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5076'. [ 390.153482][T18159] netlink: 'syz.1.5078': attribute type 1 has an invalid length. [ 390.174610][T18159] 8021q: adding VLAN 0 to HW filter on device bond17 [ 390.185956][T18159] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=18159 comm=syz.1.5078 [ 390.240190][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 390.378248][T18173] netlink: 'syz.2.5084': attribute type 1 has an invalid length. [ 390.402727][T18173] 8021q: adding VLAN 0 to HW filter on device bond18 [ 390.417323][T18173] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=18173 comm=syz.2.5084 [ 390.661262][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 390.661351][ T29] audit: type=1400 audit(2000000996.303:8295): avc: denied { getopt } for pid=18192 comm="syz.4.5092" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 390.802564][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 390.890056][ T29] audit: type=1326 audit(2000000996.523:8296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18211 comm="syz.2.5100" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4bdc06aeb9 code=0x0 [ 391.213661][ T29] audit: type=1326 audit(2000000996.853:8297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18240 comm="syz.4.5111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63625daeb9 code=0x7ffc0000 [ 391.246146][ T29] audit: type=1326 audit(2000000996.883:8298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18240 comm="syz.4.5111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f63625daeb9 code=0x7ffc0000 [ 391.271971][ T29] audit: type=1326 audit(2000000996.913:8299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18240 comm="syz.4.5111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f63625dac22 code=0x7ffc0000 [ 391.295648][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 391.321454][ T29] audit: type=1326 audit(2000000996.963:8300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18240 comm="syz.4.5111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f636259b78e code=0x7ffc0000 [ 391.366084][ T29] audit: type=1326 audit(2000000997.003:8301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18240 comm="syz.4.5111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f63625dace7 code=0x7ffc0000 [ 391.391459][ T29] audit: type=1326 audit(2000000997.033:8302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18240 comm="syz.4.5111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f636259b78e code=0x7ffc0000 [ 391.421611][ T29] audit: type=1326 audit(2000000997.053:8303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18240 comm="syz.4.5111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f636259b78e code=0x7ffc0000 [ 391.449037][ T29] audit: type=1326 audit(2000000997.083:8304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18240 comm="syz.4.5111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63625daeb9 code=0x7ffc0000 [ 391.595378][T18291] netlink: 'syz.6.5132': attribute type 13 has an invalid length. [ 391.612800][T18291] syz_tun: refused to change device tx_queue_len [ 391.619339][T18291] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 392.126928][T18368] batman_adv: batadv0: Adding interface: macvtap5 [ 392.133552][T18368] batman_adv: batadv0: The MTU of interface macvtap5 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 392.159527][T18368] batman_adv: batadv0: Not using interface macvtap5 (retrying later): interface not active [ 392.191138][T18375] netlink: 'syz.2.5171': attribute type 1 has an invalid length. [ 392.205759][T18375] 8021q: adding VLAN 0 to HW filter on device bond19 [ 392.217250][T18375] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=18375 comm=syz.2.5171 [ 392.320230][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 392.558569][T18411] tipc: Can't bind to reserved service type 0 [ 393.360223][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 393.535423][T18479] __nla_validate_parse: 15 callbacks suppressed [ 393.535445][T18479] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5206'. [ 393.550858][T18479] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5206'. [ 393.565814][T18496] netlink: 3 bytes leftover after parsing attributes in process `syz.3.5219'. [ 393.602441][T18501] netlink: 'syz.4.5221': attribute type 1 has an invalid length. [ 393.618647][T18501] 8021q: adding VLAN 0 to HW filter on device bond30 [ 393.624683][T18504] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5222'. [ 393.636880][T18501] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=18501 comm=syz.4.5221 [ 393.864827][T18538] @ÿ: renamed from bond_slave_0 [ 393.938297][T18547] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5236'. [ 393.947388][T18547] netlink: 36 bytes leftover after parsing attributes in process `syz.6.5236'. [ 394.002605][T18553] netlink: 168 bytes leftover after parsing attributes in process `syz.4.5245'. [ 394.040222][T18546] ================================================================== [ 394.048387][T18546] BUG: KCSAN: data-race in memcpy_and_pad / trc_wait_for_one_reader [ 394.056455][T18546] [ 394.058805][T18546] write to 0xffff888156ec35dc of 4 bytes by task 28 on cpu 0: [ 394.066284][T18546] trc_wait_for_one_reader+0x282/0x380 [ 394.071781][T18546] check_all_holdout_tasks_trace+0xc3/0x480 [ 394.077713][T18546] rcu_tasks_wait_gp+0x408/0x540 [ 394.082687][T18546] rcu_tasks_one_gp+0x7f1/0x8e0 [ 394.087567][T18546] rcu_tasks_kthread+0xf6/0x110 [ 394.092452][T18546] kthread+0x488/0x510 [ 394.096556][T18546] ret_from_fork+0x148/0x280 [ 394.101182][T18546] ret_from_fork_asm+0x1a/0x30 [ 394.105982][T18546] [ 394.108322][T18546] read to 0xffff888156ec3180 of 3264 bytes by task 18546 on cpu 1: [ 394.116238][T18546] memcpy_and_pad+0x48/0x80 [ 394.120873][T18546] arch_dup_task_struct+0x2c/0x40 [ 394.125935][T18546] dup_task_struct+0x6e/0x940 [ 394.130657][T18546] copy_process+0x37e/0x1f10 [ 394.135296][T18546] create_io_thread+0x8f/0xc0 [ 394.140006][T18546] create_io_worker+0xde/0x360 [ 394.144806][T18546] io_wq_enqueue+0x461/0x540 [ 394.149424][T18546] io_queue_iowq+0x207/0x2f0 [ 394.154046][T18546] io_req_task_submit+0x69/0xa0 [ 394.158922][T18546] __io_run_local_work+0x2eb/0x580 [ 394.164084][T18546] io_run_local_work_locked+0x5a/0x70 [ 394.169491][T18546] __se_sys_io_uring_enter+0x34c/0x1c70 [ 394.175065][T18546] __x64_sys_io_uring_enter+0x78/0x90 [ 394.180464][T18546] x64_sys_call+0x27e4/0x3000 [ 394.185174][T18546] do_syscall_64+0xc0/0x2a0 [ 394.189709][T18546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.195626][T18546] [ 394.197964][T18546] Reported by Kernel Concurrency Sanitizer on: [ 394.204135][T18546] CPU: 1 UID: 60928 PID: 18546 Comm: syz.2.5243 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 394.215881][T18546] Tainted: [W]=WARN [ 394.219698][T18546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 394.229769][T18546] ================================================================== [ 394.400216][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 395.440531][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 396.480212][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 397.520237][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 398.560212][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 399.600222][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 400.640215][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 401.680224][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 402.720212][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 403.760222][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available