last executing test programs:

6m15.808924933s ago: executing program 4 (id=108):
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f00000004c0)={0x20, 0x2, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x6}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x1820}]}]}, 0x20}}, 0x20004810)

6m15.808704743s ago: executing program 4 (id=109):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000400000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff850000000400000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="0213f803030000002cbd"], 0x18}}, 0x2000)

6m15.777272754s ago: executing program 4 (id=111):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
inotify_init()
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$kcm(0x2, 0xa, 0x73)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
socket$kcm(0x2, 0xa, 0x73)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
socket$kcm(0x2, 0xa, 0x73)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000e20000001801000020786c2500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10)
tee(r3, 0xffffffffffffffff, 0x4, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffff", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
lstat(0x0, 0x0)
r4 = open(0x0, 0x200200, 0xc)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
rmdir(&(0x7f0000004340)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82)
kexec_load(0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x4c, '\x00', 0x0, r4, 0x2, 0x1, 0x2}, 0x50)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6)
socket(0x21, 0x2, 0x10000000000002)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB="2c000000070a01010000020000000900020073797a32000000000900010073367a300000000000000000000086f35679e338e40394a71ac4bc78606b7bd8ab552cbf36f576bf855611556fe76c08081415626c13bb0b005eea8e9bf3c3993d159063d7073bd3761a4b2591c3a1869a2f6f3930e188a3306593256e1bcca53ac47dea74ca8f22cf72a5a6ffea56c599ccc9cda1ec0aad6f1aa500000000000000007c0688f945303f82073786418d17ea3e6f51ff29c4d7cfdee2e5eae7d1790a98bbf39fe76185098d166b62c8555b047f4b42e8761b845a"], 0x2c}, 0x1, 0x0, 0x0, 0x4040}, 0x0)

6m14.916389741s ago: executing program 4 (id=117):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
r4 = pidfd_getfd(r3, r3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010000104010000003198d47900000000", @ANYRES32=0x0, @ANYBLOB="ffef000040100000140012800b0001006970366772650000040002801400030069703667726530"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0)
perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0xa, 0x510, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0xa, 0x0, 0x1, 0x7, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3800480, &(0x7f0000002200), 0x45, 0x786, &(0x7f00000007c0)="$eJzs3d9rW2UfAPDvSX93e9/2hRd0XhUELYyldtZNwYuJFyI4GOi1W0mzMps2o0nHWgpuiOCNoOKFoDe79se889Yft/pfeCEbU7vhxAupnDRZszXpkq1J5vb5wGme5zwnfZ5vnnOe8yTnkATwyJpI/2QiDkTEB0nEWHV9EhEDlVR/xLGt7W5urOfSJYnNzdd/Syrb3NhYz0Xdc1L7qpnHI+L7dyMOZnbWW1pdW5gtFPLL1fxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88dPbJ3sf7x09r+qx++8vRXx/5657HL7/+QxLHYXy2rj2OvTMRE9TUZSF/C27y815X1WLJ7cYM9gAdB2jF9W0d5HIix6KukmhjpZssAgE55OyI2m+lrWgIA/Kslzc//AMBDqfY5wI2N9Vxt6e0nEt117aWIGN6Kv3Z9c6ukv3rNbrhyHXT0RnLblZEkIsb3oP6JiPjsmze/SJfo0HVIgEYuXIyIU+MTO8f/ZMc9C+16poVtJu7IG/+ge75N5z/PN5r/ZW7Nf6LB/GeowbF7L+5+/Geu7EE1TaXzvxfr7m27WRd/1XhfNfefypxvIDl9ppBPx7b/RsRkDAyl+eld6pi8/vf1ZmX187/fP3rr87T+9HF7i8yV/qHbnzM3W569n5jrXbsY8UR/o/iTW/2fNJn/nmixjldfeO/TZmVp/Gm8tWVn/J21eSniqYb9v31HW7Lr/YlTld1hqrZTNPD1z5+MNqu/vv/TJa2/9l6gG9L+H909/vGk/n7NUvt1/Hhp7LtmZXePv/H+P5i8UUkPVtedny2Xl6cjBpPXdq4/vP3cWr62fRr/5JONj//d9v/0PeGpFuPvv/rrl/cef2el8c+11f/tJy7fXOhrVn9r/T9TSU1W17Qy/rXawPt57QAAAAAAAAAAAAAAAAAAAAAAAACgVZmI2B9JJnsrnclks1u/4f3/GM0UiqXywdPFlaW5qPxW9ngMZGpfdTlW932o09Xvw6/lD9+RfzYi/hcRHw+NVPLZXLEw1+vgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBqX5Pf/0/9MtTr1gEAHTPc1+sWAADdNtzf6xYAAN023NbWIx1rBwDQPe2d/wGAh4HzPwA8epz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6LATx4+ny+afG+u5ND93bnVloXju0Fy+tJBdXMllc8Xls9n5YnG+kM/miotN/9GFrYdCsXh2JpZWzk+V86XyVGl17eRicWWpfPLM4ux8/mR+oGuRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDrSqtrC7OFQn5ZQkKi7URc2DqOHpT27F0iBrdHiZGejU8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7p/AgAA//+mAybn")
creat(&(0x7f0000000100)='./bus\x00', 0x4)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r6 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x100)
preadv2(r6, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x100000}], 0x2, 0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_INFO(r4, 0x80e85411, &(0x7f0000000580))
setns(r4, 0x66020000)
syz_clone(0x50a60080, 0x0, 0x0, 0x0, 0x0, 0x0)

6m14.687294345s ago: executing program 4 (id=122):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
readv(r0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x9, 0x10, 0x1, 0x81, 0x0, 0x8, 0x32044, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x40, 0x1, @perf_bp={&(0x7f00000002c0), 0xc}, 0x400, 0x3, 0x1000, 0x6, 0xa, 0x5, 0x0, 0x0, 0x8675, 0x0, 0x7}, 0x0, 0x9, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x400007, 0x8102, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb}, 0x0, 0xffffffffffffffff, r1, 0x2)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a40)=@newtaction={0x64, 0x30, 0x800, 0x0, 0x25dfdbfd, {}, [{0x50, 0x1, [@m_mpls={0x4c, 0xfe, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x0, 0xfffffffe, 0xffffffffffffffff}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000a850000000f000000c5"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xc, 0x2, &(0x7f0000000540)=ANY=[@ANYBLOB="850000002900000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0x7, 0x0, &(0x7f00000004c0)="630b008646dc3f", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0xa, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000003000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b70300000000ecff850000000c000000b700000000050000950000000000000085200000020000000000e3988f1b28b058caa24564990a1d63cc725d0e80435e5000100000c853a215364fff3489436f5a1e7a3243b3f37ec5261c295e3d0a44d0e4c5c42ce601f3caef746c"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x71, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="c0020000100063d10000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa0000000000000000000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc01000000000000000000000000000000000000330000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000b000000000000000000000000000000ffffffffffffffff000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001600000000020000000000000000000000bf010100636d61632861657329"], 0x2c0}, 0x1, 0x0, 0x0, 0x40000}, 0x4004)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r5 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000180), &(0x7f00000001c0)=r5}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
setuid(0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000680)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x473, &(0x7f0000000bc0)="$eJzs281rHGUYAPBnJh9t7UdirR+tVaNFCIpJk1btwYuiIFJR0EM9xiQtodtGmii2FpuK1IsgBT2LR9G/wJsIop4Er3rxJIWivbT1FJnZmXSzzabGbDKx+/vBZt93592d58l8vfO+uwF0rIHsTxKxLSJ+jYi+enVxg4H607UrZ8evXzk7nsT8/Gt/Jnm7q1fOjpdNy/dtLSqDaUT6YVKsZLGZ02eOj9Vqk6eK+vDsibeGZ06feeKdE2PHJo9Nnhw9dOjggZGnnxp9si15Znld3fP+9N7dL75x8eXxIxff/PHrLN5txfLGPNplIEv8r/lc87JH272yim1vKCfdFQbCinRFRLa5evLjvy+64sbG64sXPqg0OGBNZdemTa0Xz80Dt7Ekqo4AqEZ5oc/uf8vHOnU9NoTLz9ZvgLK8rxWP+pLuSIs2PU33t+00EBFH5v7+PHvEGo1DAAA0+nj8s8O9EfHe9a9eyvoefQtL0rgnf/49/7ujmEPpj4g7I2JnRNwVEbsi4u6IvO29EXHfKuO5uf+TXlrlRy4r6/89U8xtLe7/lb2/6O8qatvz/HuSo1O1yf3F/2QwejZl9ZFl1vHt87980mpZY/8ve2TrL/uCRRyXupsG6CbGZsfyTmkbXD4fsad7qfyThZmAJCJ2R8SelX30jrIw9diXe1s1unX+y2jDPNP8F1l6c1n+c9GUfylpnJ+cuml+cnhz1Cb3D5d7xc1++vnCq63Wv6r82+DyZP25Yfs3N+lPGudrZ1a+jgu/fdTynuY/7v9pb/J6Ps/cW7z27tjs7KmRiN7kcF5f9ProjfeW9bJ9tv8P7lv6+N9ZvCfL//6IyHbiByLiwYh4qIj94Yh4JCL2LZP/D8+1XlbmH2lF2/98xMSS57+F/b9p+6+80HX8+29arf/fbf+DeWmweCU//93CUuFkp4vmAFfzvwMAAID/izT/DnySDi2U03RoqP4d/l1xR1qbnpl9/Oj02ycn6t+V74+etBzp6ivGQ2tTtcmRZK74xPr46GgxVlyOlx4oxo0/7dqS14fGp2sTFecOnW5ri+M/80dX1dEBa2zLkq+O9q57IEAFmufR08XVc6+EkwHcrvxeGzrXLY7/dL3iANaf6z90rqWO/3NNdXMBcHty/YfO5fiHDpV+V3UEQIVc/6EjreZ3/WtY2LwxwqimsFE3Sl6IKAvphohHYY0KVZ+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2uOfAAAA//+Kn+jO")

6m13.91692785s ago: executing program 4 (id=135):
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x20001e, 0x800000000004, @thr={&(0x7f0000000140)="4e8f08b887d87594b2eec25bc476dacc58b10fe79430e403720fcbed5ac3b3a2310276738d692d7f337be2f05fb1cd3fae4747d4e669e7ea07955d8e0773410ac89a69adf0fe84c215c925340804f58462bf5726838804170d0b7fbfff44", &(0x7f0000000080)="294f216e22be683c28b05b0300825d9658d79b5995e110291244ef8ae06c643b134762a41dfb6d4723ec2bc6af1532f9a4a509569994761317a5c5e4d94867a22c442641c2926dc2efd834a6945fe788a22b0c668f54da1d656552e088e89f18217c9b5d"}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
kexec_load(0x3e00, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0xff600000, 0x1000000}], 0x0)
ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000300)={0x0, @hci={0x1f, 0x3, 0x2}, @phonet={0x23, 0x8, 0x5, 0xe1}, @l2tp={0x2, 0x0, @private=0xa010100, 0x3}, 0x8001, 0x0, 0x0, 0x0, 0x8, 0x0, 0x7f1, 0x5, 0x3})

6m13.916720601s ago: executing program 32 (id=135):
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x20001e, 0x800000000004, @thr={&(0x7f0000000140)="4e8f08b887d87594b2eec25bc476dacc58b10fe79430e403720fcbed5ac3b3a2310276738d692d7f337be2f05fb1cd3fae4747d4e669e7ea07955d8e0773410ac89a69adf0fe84c215c925340804f58462bf5726838804170d0b7fbfff44", &(0x7f0000000080)="294f216e22be683c28b05b0300825d9658d79b5995e110291244ef8ae06c643b134762a41dfb6d4723ec2bc6af1532f9a4a509569994761317a5c5e4d94867a22c442641c2926dc2efd834a6945fe788a22b0c668f54da1d656552e088e89f18217c9b5d"}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
kexec_load(0x3e00, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0xff600000, 0x1000000}], 0x0)
ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000300)={0x0, @hci={0x1f, 0x3, 0x2}, @phonet={0x23, 0x8, 0x5, 0xe1}, @l2tp={0x2, 0x0, @private=0xa010100, 0x3}, 0x8001, 0x0, 0x0, 0x0, 0x8, 0x0, 0x7f1, 0x5, 0x3})

1.441445862s ago: executing program 5 (id=7235):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r2 = getpid()
madvise(&(0x7f0000a5e000/0x1000)=nil, 0x1000, 0x17)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0xfd, 0x7ffc0001}]})
rt_sigpending(0x0, 0x0)
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x48, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x42, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)=ANY=[])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000f100"/20], 0x48)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002800010004000000fcdbdf250401f2800c00180008ac0f0000000100140001"], 0x114}], 0x1, 0x0, 0x0, 0x20000001}, 0x0)

1.255556226s ago: executing program 5 (id=7240):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x1ffffffffffffffd}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x40110, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f00005ae000/0x1000)=nil, 0x1000, 0x3)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x29ba, 0x80, 0x1, 0x357}, &(0x7f0000000080)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r5 = socket(0x10, 0x3, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYRES16=r4, @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x5}, 0x2004c000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x4040095}, 0x8010)
sendmmsg(r5, &(0x7f0000000000), 0x4000000000001f2, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2c, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x42, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, {0x2}})
io_uring_enter(r2, 0x47bc, 0x2, 0x8, 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='kfree\x00', r8}, 0x18)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r10, 0x0, 0x10000000000ac6}, 0x18)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="580000000206010800000000000000000000000005000400000000000900020073797a31000000000c00078008001240f2ffff08050005000a000000050001000600000014000300686173683a69702c706f72742c6970"], 0x58}}, 0x20000000)

1.204229727s ago: executing program 5 (id=7243):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x7fff}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000200), &(0x7f0000000240)=r1}, 0x20)
r3 = socket(0x10, 0x80003, 0x0)
write(r3, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
close_range(r3, 0xffffffffffffffff, 0x1000000000000000)

1.196407917s ago: executing program 5 (id=7244):
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b70200000000f400850000008600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x392b8a4ff77e3f7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d4, 0x0)
memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xce\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7\x7f\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x2)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
sendto$inet(r2, &(0x7f0000000000), 0xfffffffffffffd74, 0x40004, 0x0, 0x0)
recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
setsockopt$inet_tcp_int(r2, 0x6, 0xc, &(0x7f0000000040)=0x8, 0x4)

1.169861927s ago: executing program 0 (id=7246):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r2 = memfd_secret(0x80000)
fchownat(r2, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)

1.152295208s ago: executing program 0 (id=7247):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r0=>0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10)
mlock2(&(0x7f0000008000/0x2000)=nil, 0x2000, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYRESHEX=r0, @ANYRES32, @ANYBLOB="000000a66d", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000030800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000004850000008200000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$packet(0x11, 0x3, 0x300)
socket$key(0xf, 0x3, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]})
gettid()
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r5=>0x0})
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b5181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000380), &(0x7f00000003c0)=r6}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r7}, 0x10)
sendto$packet(0xffffffffffffffff, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14)
r8 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000000300))
r9 = inotify_init()
readv(r9, &(0x7f0000000140)=[{&(0x7f0000000340)=""/263, 0x107}], 0x1)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
r10 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
syz_clone(0x111, 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r10, r10, 0x0, 0x40000f63c)
socket(0x11, 0x80000, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94)

687.583787ms ago: executing program 2 (id=7259):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xb, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2d00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000001c0)=[{{0x0, 0x803e, 0x0, 0x0, 0x0, 0x0, 0x14008051}}, {{&(0x7f00000000c0)=@file={0x1, './file1\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x40080}}], 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='kmem_cache_free\x00', r2}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0xe, &(0x7f00000007c0)={[{@errors_continue}, {@jqfmt_vfsv1}, {@data_writeback}, {@nobh}, {@test_dummy_encryption}, {@noload}]}, 0x83, 0x479, &(0x7f0000001300)="$eJzs3MtvG8UfAPDvOo82fcW/qj+gDyAIEKVA0qSl9MAFBBIHkJDgUI4hSatSt0FNkEhVQUCoHFElTlwQRyT+Ak5wQcAJCQ4c4I4qVaiXFk5Gm91NHdfOw3Xstv58pHVmdtee+Xpn7NmdeAPoWSPpQxKxIyL+iIjhLLtyh5Hsz41rF6f+uXZxKolq9Y2/k/508/VrF6eKXYvnbS8y/RGlT5LY36DcuYULZyYrlZnzeX5s/uy7Y3MLF545fXby1MypmXMTx48fPTL+3LGJZ9sSZxrX9X0fzB7Y+8pbl1+bOnH57Z++SYr46+K4xW8tFTmy2sbHq9WWXvQONJg+7KxZkbUM7gZ9WTeNgaX+Pxx9cfPgDcfLH3e1csCmqlar1fuab16sAvewJLpdA6A7ii/69Py3WDo09LgjXH0hOwFK476RL9mW/ijl+wzUnd+200hEnFj898t0ibWuQwAAtMF36fjn6Ubjv1LUXhfalc+hlCPifxGxOyKORcSeiPh/xNK+90fEAxssv36S5NbxT+lKS4GtUzr+ez6f21o5/itGf1Huy3M7l+IfSE6erswczt+TgzGwJc2Pr1LG9y/9+lmzbbXjv3RJyy/Ggnk9rvRvWfmc6cn5yduJudbVjyL29TeKP1meCUgiYm9E7GuxjNOHvj7QbNva8a+iDfNM1a8insiO/2LUxV9IsvnJcpP5ybGtUZk5PFa0ihiqefnF9ND9/Mul15uVf1vxt0F6/Lc1bP/L8ZeT2vnauY28+hdPpo+X/vy06TlNq+1/MHlzxbr3J+fnz49HDCavZpWuXT9Rt9/Ezf3T+A8+2rj/746b78T+iEgb8YMR8VBEPJzX/ZHfd635Lvz44mPvtB7/5krjn17/8a8ORxQNYWEw8sTymsaJvjM/fLui0HLj+Hc1Pf5Hl1IH8zXr+fxbT7022poBAADgblWKiB2RlEaX06XS6Gj2P/x7YlupMjs3/9TJ2ffOTWe/ESjHQKm40jVccz10PD+tL/ITdfkj+XXjz/uGlvKjU7OV6W4HDz1ue5P+n/qrr9u1Azad32tB79L/oXfp/9C7sv5fe7a/tWt1ATqrwff/UDfqAXReo/H/h+t54o721wXorLr+b9oPeojrf9C7Wun/PjPg3tC/2i2bBztaFaBz5oZi7R/J32uJrRu4QcDdlyjuXLMZRQykreVQRCxciFLXI5XYxES3P5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADa478AAAD//9OC4M8=")
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
r6 = socket$inet6(0xa, 0x3, 0xff)
recvmmsg(r6, &(0x7f00000074c0)=[{{0x0, 0x0, 0x0}, 0xe7f}], 0x1, 0x1, 0x0)
setsockopt$CAN_RAW_FILTER(r5, 0x65, 0x1, 0x0, 0xf00)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000002200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000000)='sys_enter\x00', r7}, 0x18)
ioctl$FS_IOC_GETFSLABEL(r5, 0x81009431, &(0x7f00000004c0))
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r8 = gettid()
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b703000000060000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r10}, 0x18)
r11 = gettid()
tkill(r8, 0x12)
tkill(r8, 0x1)
tkill(r11, 0x14)
timer_create(0x2, 0x0, &(0x7f0000000480))
timer_delete(0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)

572.895089ms ago: executing program 2 (id=7261):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="0200000004000000070000000200"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
mlock2(&(0x7f0000008000/0x2000)=nil, 0x2000, 0x0)

559.030399ms ago: executing program 2 (id=7262):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00')
writev(r2, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000080)='=', 0x1}], 0x2)

525.78344ms ago: executing program 2 (id=7265):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000010000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00')
writev(r2, &(0x7f0000000240)=[{&(0x7f00000004c0)='\n', 0x1}, {&(0x7f0000000080)='=', 0x1}], 0x2)

487.67583ms ago: executing program 2 (id=7267):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0500000004000000080000000c"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bridge0\x00'})
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000300)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, <r4=>0x0}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x18, 0x4, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa1b96aadc3618c72}, 0x94)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r3, 0xc400941d, &(0x7f0000000600)={r4, 0xbd63, 0x5})
r5 = syz_clone3(&(0x7f0000000540)={0x2000, &(0x7f0000000080), &(0x7f0000000200)=<r6=>0x0, &(0x7f0000000300), {}, &(0x7f00000003c0), 0x0, &(0x7f0000000400)=""/188, &(0x7f0000000500)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x9}, 0x58)
fcntl$lock(r1, 0x5, &(0x7f00000005c0)={0x2, 0x0, 0x7fffffff, 0x8, r6})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)=ANY=[@ANYRES16, @ANYRES16=r5, @ANYBLOB="fda65f0500000000140012800c0001006d616376746170000400028008000500", @ANYRESDEC, @ANYBLOB='\b\x00\n\x00'], 0x44}, 0x1, 0x0, 0x0, 0x400c30d}, 0x0)
r8 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r8, 0x108000)
ioctl$USBDEVFS_SUBMITURB(r8, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0x80, &(0x7f0000000240)={0x3, 0x0, 0xfffa, 0x4360}, 0x8, 0x6, 0x81, 0x0, 0x1, 0x101, 0x0})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r9}, 0x38)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r10, 0x0, 0x2}, 0x18)
r11 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r11, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc)
bind$inet6(r11, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r11, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r11, 0x1)

458.139621ms ago: executing program 3 (id=7268):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x7fff}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000200), &(0x7f0000000240)=r1}, 0x20)
r3 = socket(0x10, 0x80003, 0x0)
write(r3, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
close_range(r3, 0xffffffffffffffff, 0x1000000000000000)

457.881361ms ago: executing program 1 (id=7269):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@delneigh={0x1c, 0x1d, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x0, 0x96, 0x4}}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) (fail_nth: 3)

457.427851ms ago: executing program 3 (id=7270):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000540)=ANY=[@ANYRES64=r0, @ANYRES64=r3], 0x15)
r4 = dup(r3)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={<r6=>0xffffffffffffffff}, 0x111, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10}, r6, 0x7}}, 0xffffff82)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f0000000700)=[{0x0, 0x0, [0x8, 0x8, 0x8, 0x1a7, 0x80, 0xea5d, 0x8, 0x3, 0xfffffffc, 0xc4, 0x1, 0x8, 0x7f, 0x0, 0x1, 0x3]}, {0x0, 0x0, [0x4432, 0xe, 0xffffffff, 0x3, 0xe8, 0x4, 0xb, 0x5, 0x6, 0x5, 0x17, 0x4, 0xfffffff9, 0x2, 0x4, 0xd492]}, {0x2d, 0x0, [0xcf, 0x5, 0x800, 0x7, 0x9, 0x5, 0x2, 0xf5c, 0x8, 0x7, 0xf, 0x0, 0x0, 0x9, 0x5, 0x7c55]}, {0x2, 0x0, [0x1, 0x2, 0x3ff, 0x81ff, 0x1, 0x2, 0xffffffff, 0x1, 0x0, 0x5395659e, 0x7fff, 0x2, 0x1, 0x8, 0x7e, 0x7]}, {0x6, 0x0, [0x31a, 0x0, 0x8, 0x2, 0xf, 0x10000, 0x0, 0x200, 0x7, 0xfffffffa, 0x3ff, 0xd, 0x6, 0xae, 0x8, 0xb]}, {0x10, 0x0, [0x2, 0x400, 0xffffffff, 0x1, 0x3ff, 0xc51, 0x33, 0x0, 0x1, 0x9, 0x8000, 0xb, 0x9, 0x6, 0xe]}], r6, 0x1, 0x1, 0x1b0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=<r7=>0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
write$binfmt_elf64(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000008c0)=ANY=[@ANYRESOCT=r7, @ANYRESHEX=r1, @ANYRESHEX=r1, @ANYRESHEX=r4])
r8 = open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x102)
write$hidraw(r8, &(0x7f00000006c0)="3a0469860468", 0x6)
write$bt_hci(r8, 0x0, 0x20000)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='mm_compaction_kcompactd_sleep\x00', r9}, 0x18)
r10 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r10, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', r10})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r11 = socket$kcm(0x10, 0x2, 0x0)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r13 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000200), 0x290042, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)={0x1b, 0x0, 0x0, 0x903c, 0x0, 0x1, 0x6, '\x00', 0x0, r13, 0x1, 0x1, 0x3}, 0x50)
r14 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r14}, 0x10)
sendmsg$kcm(r11, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a001000000002800000128c", 0x2e}], 0x1}, 0x4000880)
r15 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000b00)='kmem_cache_free\x00', r15, 0x0, 0x1034}, 0x18)

408.797142ms ago: executing program 1 (id=7271):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
msgget(0x2, 0x4)

408.386152ms ago: executing program 1 (id=7272):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}, 0x1, 0xfffc}, 0x4000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x3580, &(0x7f0000000240)={&(0x7f0000003080)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)

398.506842ms ago: executing program 3 (id=7273):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="0200000004000000070000000200"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
mlock2(&(0x7f0000008000/0x2000)=nil, 0x2000, 0x0)

395.874962ms ago: executing program 2 (id=7274):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") (async, rerun: 64)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001380)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x9, [@enum64={0x5, 0x0, 0x0, 0x13, 0x0, 0x4}]}, {0x0, [0x61, 0x61, 0x91efcb65a76fd2eb, 0x0, 0x61, 0x61, 0x2f]}}, 0x0, 0x2d, 0x0, 0x1, 0xfe6e}, 0x28) (rerun: 64)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc)

350.624253ms ago: executing program 1 (id=7275):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r0, &(0x7f0000000780)=[{0x0}, {&(0x7f0000000640)="40e69ae6c932ce169dc2a96ff3400e", 0xf}], 0x2) (fail_nth: 4)

350.213543ms ago: executing program 5 (id=7276):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7fff}, 0x18)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r2, 0x4b47, &(0x7f0000000580)={0x8, 0x8, 0xde0})

345.716103ms ago: executing program 3 (id=7277):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00')
writev(r2, &(0x7f0000000240)=[{&(0x7f00000004c0)}, {&(0x7f0000000080)='=', 0x1}], 0x2)

332.079033ms ago: executing program 0 (id=7278):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000010000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00')
writev(r2, &(0x7f0000000240)=[{&(0x7f00000004c0)='\n', 0x1}, {&(0x7f0000000080)='=', 0x1}], 0x2)

265.833285ms ago: executing program 1 (id=7279):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="68000000030701040000000000000000070000070900010073727a31000000000900010073797a31000000000c000240ffffffffffffffff240007800800024000000003080002407fffffff080001400000000508000140000000010c000340ffffffffffffff7f"], 0x68}, 0x1, 0x0, 0x0, 0x4040805}, 0x40045)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) (fail_nth: 4)

265.456345ms ago: executing program 5 (id=7280):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x6}}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x3c}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000003c0)='mm_page_alloc\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r3, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba00000000f73809630400"})
r4 = syz_open_pts(r3, 0x900)
r5 = dup3(r4, r3, 0x80000)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x2, 0x3, 0xa9, 0xfffffff9, 0x1b, "e66f1c2fb1fe7bec5e3c1e88502acd53612978"})
read(r5, &(0x7f00000000c0)=""/226, 0xe2)
r6 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x9, 0x7, 0x0, 0x0, 0x0, 0x40008, 0x590, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x4c58, 0x4, 0x0, 0x0, 0x8, 0x4ac, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x13, r6, 0x0)

265.084765ms ago: executing program 0 (id=7281):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0)

51.575649ms ago: executing program 0 (id=7282):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
msgget(0x2, 0x4)

51.135669ms ago: executing program 3 (id=7283):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, &(0x7f0000000240))
getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000280)=0x1c)

672.08µs ago: executing program 1 (id=7284):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0500000004000000080000000c"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bridge0\x00'})
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000300)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, <r4=>0x0}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x18, 0x4, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa1b96aadc3618c72}, 0x94)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r3, 0xc400941d, &(0x7f0000000600)={r4, 0xbd63, 0x5})
r5 = syz_clone3(&(0x7f0000000540)={0x2000, &(0x7f0000000080), &(0x7f0000000200)=<r6=>0x0, &(0x7f0000000300), {}, &(0x7f00000003c0), 0x0, &(0x7f0000000400)=""/188, &(0x7f0000000500)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x9}, 0x58)
fcntl$lock(r1, 0x5, &(0x7f00000005c0)={0x2, 0x0, 0x7fffffff, 0x8, r6})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)=ANY=[@ANYRES16, @ANYRES16=r5, @ANYBLOB="fda65f0500000000140012800c0001006d616376746170000400028008000500", @ANYRESDEC, @ANYBLOB='\b\x00\n\x00'], 0x44}, 0x1, 0x0, 0x0, 0x400c30d}, 0x0)
r8 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r8, 0x108000)
ioctl$USBDEVFS_SUBMITURB(r8, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0x80, &(0x7f0000000240)={0x3, 0x0, 0xfffa, 0x4360}, 0x8, 0x6, 0x81, 0x0, 0x1, 0x101, 0x0})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r9}, 0x38)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r10, 0x0, 0x2}, 0x18)
r11 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r11, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc)
bind$inet6(r11, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r11, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r11, 0x1)

303.89µs ago: executing program 0 (id=7285):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x16, 0x0, 0x4, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x5}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}]}, 0x6c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)

0s ago: executing program 3 (id=7286):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="68000000030701040000000000000000070000070900010073727a31000000000900010073797a31000000000c000240ffffffffffffffff240007800800024000000003080002407fffffff080001400000000508000140000000010c000340ffffffffffffff7f"], 0x68}, 0x1, 0x0, 0x0, 0x4040805}, 0x40045)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x9f, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0)

kernel console output (not intermixed with test programs):

7]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  378.680116][T20657]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  378.680152][T20657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.680200][T20657] RIP: 0033:0x7febfd2ceec9
[  378.680221][T20657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  378.680241][T20657] RSP: 002b:00007febfbd2f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  378.680260][T20657] RAX: ffffffffffffffda RBX: 00007febfd525fa0 RCX: 00007febfd2ceec9
[  378.680272][T20657] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000008
[  378.680286][T20657] RBP: 00007febfbd2f090 R08: 0000000000000000 R09: 0000000000000000
[  378.680302][T20657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  378.680382][T20657] R13: 00007febfd526038 R14: 00007febfd525fa0 R15: 00007ffe83886da8
[  378.680407][T20657]  </TASK>
[  378.909993][T20657] bridge1: entered promiscuous mode
[  378.924023][T20576] team0: Port device team_slave_0 added
[  378.944400][T20665] loop2: detected capacity change from 0 to 512
[  378.951432][T20665] EXT4-fs: inline encryption not supported
[  378.957981][T20576] team0: Port device team_slave_1 added
[  378.967262][T20665] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  378.986548][T20576] batman_adv: batadv0: Adding interface: batadv_slave_0
[  378.993725][T20576] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  379.019898][T20576] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  379.032294][T20665] EXT4-fs (loop2): invalid journal inode
[  379.038493][T20665] EXT4-fs (loop2): can't get journal size
[  379.045571][T20665] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a042c118, mo2=0102]
[  379.054342][T20665] System zones: 1-12, 13-13
[  379.060490][T20665] EXT4-fs (loop2): 1 truncate cleaned up
[  379.066900][T20576] batman_adv: batadv0: Adding interface: batadv_slave_1
[  379.074030][T20576] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  379.076721][T20665] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  379.100025][T20576] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  379.145939][T20576] hsr_slave_0: entered promiscuous mode
[  379.153102][T20576] hsr_slave_1: entered promiscuous mode
[  379.254506][T20238] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  379.283470][T20676] loop2: detected capacity change from 0 to 164
[  379.300549][T20676] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  379.333435][T20681] __nla_validate_parse: 5 callbacks suppressed
[  379.333454][T20681] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6336'.
[  379.373352][T20684] binfmt_misc: register: failed to install interpreter file ./file0
[  379.392800][T20684] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6338'.
[  379.401910][T20684] netlink: 196 bytes leftover after parsing attributes in process `syz.2.6338'.
[  379.411576][T20684] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6338'.
[  379.425037][T20684] netlink: 196 bytes leftover after parsing attributes in process `syz.2.6338'.
[  379.511898][T20696] netlink: 'syz.2.6344': attribute type 10 has an invalid length.
[  379.521425][T20696] team0: Device hsr_slave_0 failed to register rx_handler
[  379.529547][T20701] FAULT_INJECTION: forcing a failure.
[  379.529547][T20701] name failslab, interval 1, probability 0, space 0, times 0
[  379.542470][T20701] CPU: 0 UID: 0 PID: 20701 Comm: syz.3.6346 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  379.542581][T20701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  379.542594][T20701] Call Trace:
[  379.542600][T20701]  <TASK>
[  379.542609][T20701]  __dump_stack+0x1d/0x30
[  379.542635][T20701]  dump_stack_lvl+0xe8/0x140
[  379.542659][T20701]  dump_stack+0x15/0x1b
[  379.542723][T20701]  should_fail_ex+0x265/0x280
[  379.542748][T20701]  should_failslab+0x8c/0xb0
[  379.542819][T20701]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  379.542849][T20701]  ? shmem_alloc_inode+0x34/0x50
[  379.542913][T20701]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  379.542935][T20701]  shmem_alloc_inode+0x34/0x50
[  379.542957][T20701]  alloc_inode+0x3d/0x170
[  379.542980][T20701]  new_inode+0x1d/0xe0
[  379.543035][T20701]  shmem_get_inode+0x244/0x750
[  379.543096][T20701]  __shmem_file_setup+0x113/0x210
[  379.543230][T20701]  shmem_file_setup+0x3b/0x50
[  379.543265][T20701]  __se_sys_memfd_create+0x2c3/0x590
[  379.543344][T20701]  __x64_sys_memfd_create+0x31/0x40
[  379.543366][T20701]  x64_sys_call+0x2abe/0x2ff0
[  379.543388][T20701]  do_syscall_64+0xd2/0x200
[  379.543418][T20701]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  379.543504][T20701]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  379.543590][T20701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.543612][T20701] RIP: 0033:0x7f3b02f3eec9
[  379.543628][T20701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  379.543646][T20701] RSP: 002b:00007f3b0199ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  379.543666][T20701] RAX: ffffffffffffffda RBX: 00000000000005b2 RCX: 00007f3b02f3eec9
[  379.543805][T20701] RDX: 00007f3b0199eef0 RSI: 0000000000000000 RDI: 00007f3b02fc2960
[  379.543818][T20701] RBP: 0000200000001280 R08: 00007f3b0199ebb7 R09: 00007f3b0199ee40
[  379.543831][T20701] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  379.543844][T20701] R13: 00007f3b0199eef0 R14: 00007f3b0199eeb0 R15: 00002000000004c0
[  379.543864][T20701]  </TASK>
[  379.773350][T20576] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  379.798148][T20706] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6349'.
[  379.798519][T20576] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  379.819096][T20576] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  379.835383][T20576] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  379.899896][T20721] netlink: 'syz.2.6354': attribute type 10 has an invalid length.
[  379.911146][T20576] 8021q: adding VLAN 0 to HW filter on device bond0
[  379.922219][T20721] team0: Device hsr_slave_0 failed to register rx_handler
[  379.947168][T20728] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6356'.
[  379.952637][T20576] 8021q: adding VLAN 0 to HW filter on device team0
[  379.968805][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.976076][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  380.003353][T20576] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  380.013994][T20576] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  380.028905][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  380.036228][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  380.040787][T20730] vhci_hcd: invalid port number 96
[  380.048786][T20730] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  380.059164][T20732] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6358'.
[  380.093058][   T29] kauditd_printk_skb: 735 callbacks suppressed
[  380.093074][   T29] audit: type=1400 audit(1156.426:51219): avc:  denied  { sqpoll } for  pid=20735 comm="syz.2.6359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  380.138301][   T29] audit: type=1400 audit(1156.478:51220): avc:  denied  { connect } for  pid=20735 comm="syz.2.6359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  380.168485][T20576] 8021q: adding VLAN 0 to HW filter on device batadv0
[  380.180000][T20736] sch_tbf: peakrate 3221225471 is lower than or equals to rate 3221225473 !
[  380.183725][   T29] audit: type=1400 audit(1156.478:51221): avc:  denied  { setopt } for  pid=20735 comm="syz.2.6359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  380.208217][   T29] audit: type=1400 audit(1156.478:51222): avc:  denied  { ioctl } for  pid=20735 comm="syz.2.6359" path="socket:[70337]" dev="sockfs" ino=70337 ioctlcmd=0x8953 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  380.269345][   T29] audit: type=1326 audit(1156.604:51223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20751 comm="syz.2.6364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  380.292653][   T29] audit: type=1326 audit(1156.604:51224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20751 comm="syz.2.6364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  380.315913][T20755] netlink: 176 bytes leftover after parsing attributes in process `syz.2.6365'.
[  380.325661][   T29] audit: type=1326 audit(1156.604:51225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20751 comm="syz.2.6364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  380.349743][   T29] audit: type=1326 audit(1156.604:51226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20751 comm="syz.2.6364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  380.373139][   T29] audit: type=1326 audit(1156.604:51227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20751 comm="syz.2.6364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  380.396355][   T29] audit: type=1326 audit(1156.604:51228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20751 comm="syz.2.6364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=260 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  380.400606][T20758] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6366'.
[  380.558672][T20576] veth0_vlan: entered promiscuous mode
[  380.597103][T20576] veth1_vlan: entered promiscuous mode
[  380.655095][T20576] veth0_macvtap: entered promiscuous mode
[  380.670686][T20767] hub 9-0:1.0: USB hub found
[  380.675420][T20767] hub 9-0:1.0: 8 ports detected
[  380.688484][T20576] veth1_macvtap: entered promiscuous mode
[  380.721376][T20780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  380.730561][T20780] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  380.733168][T20576] batman_adv: batadv0: Interface activated: batadv_slave_0
[  380.750072][T20576] batman_adv: batadv0: Interface activated: batadv_slave_1
[  380.761801][T19808] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  380.771106][T19808] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  380.782120][T19808] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  380.847050][T20785] dummy0: entered promiscuous mode
[  380.860424][T20785] macsec1: entered promiscuous mode
[  380.866012][T20785] macsec1: entered allmulticast mode
[  380.873140][T20785] dummy0: entered allmulticast mode
[  380.886064][T20785] dummy0: left allmulticast mode
[  380.917117][T20785] dummy0: left promiscuous mode
[  380.928692][T19808] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  381.662040][T20825] usb usb8: usbfs: process 20825 (syz.2.6385) did not claim interface 0 before use
[  382.077134][T20834] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  382.097872][T20834] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  383.171951][T20899] FAULT_INJECTION: forcing a failure.
[  383.171951][T20899] name failslab, interval 1, probability 0, space 0, times 0
[  383.184818][T20899] CPU: 1 UID: 0 PID: 20899 Comm: syz.5.6421 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  383.184881][T20899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  383.184894][T20899] Call Trace:
[  383.184900][T20899]  <TASK>
[  383.184908][T20899]  __dump_stack+0x1d/0x30
[  383.184999][T20899]  dump_stack_lvl+0xe8/0x140
[  383.185024][T20899]  dump_stack+0x15/0x1b
[  383.185043][T20899]  should_fail_ex+0x265/0x280
[  383.185142][T20899]  should_failslab+0x8c/0xb0
[  383.185172][T20899]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  383.185262][T20899]  ? __d_alloc+0x3d/0x340
[  383.185297][T20899]  __d_alloc+0x3d/0x340
[  383.185333][T20899]  ? mpol_shared_policy_init+0xbd/0x4c0
[  383.185389][T20899]  d_alloc_pseudo+0x1e/0x80
[  383.185426][T20899]  alloc_file_pseudo+0x71/0x160
[  383.185483][T20899]  __shmem_file_setup+0x1de/0x210
[  383.185527][T20899]  shmem_file_setup+0x3b/0x50
[  383.185612][T20899]  __se_sys_memfd_create+0x2c3/0x590
[  383.185705][T20899]  __x64_sys_memfd_create+0x31/0x40
[  383.185733][T20899]  x64_sys_call+0x2abe/0x2ff0
[  383.185756][T20899]  do_syscall_64+0xd2/0x200
[  383.185858][T20899]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  383.185883][T20899]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  383.185911][T20899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  383.185938][T20899] RIP: 0033:0x7f7e475deec9
[  383.185957][T20899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  383.186024][T20899] RSP: 002b:00007f7e4603ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  383.186044][T20899] RAX: ffffffffffffffda RBX: 0000000000000473 RCX: 00007f7e475deec9
[  383.186057][T20899] RDX: 00007f7e4603eef0 RSI: 0000000000000000 RDI: 00007f7e47662960
[  383.186069][T20899] RBP: 0000200000000bc0 R08: 00007f7e4603ebb7 R09: 00007f7e4603ee40
[  383.186081][T20899] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000001c0
[  383.186093][T20899] R13: 00007f7e4603eef0 R14: 00007f7e4603eeb0 R15: 0000200000000680
[  383.186159][T20899]  </TASK>
[  383.537870][T20909] dummy0: entered promiscuous mode
[  383.543197][T20909] macsec1: entered promiscuous mode
[  383.564944][T20909] macsec1: entered allmulticast mode
[  383.565413][T20911] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  383.576670][T20909] dummy0: entered allmulticast mode
[  383.595962][T20909] dummy0: left allmulticast mode
[  383.601186][T20909] dummy0: left promiscuous mode
[  383.747637][T20928] binfmt_misc: register: failed to install interpreter file ./file0
[  384.409544][T20942] FAULT_INJECTION: forcing a failure.
[  384.409544][T20942] name failslab, interval 1, probability 0, space 0, times 0
[  384.422359][T20942] CPU: 1 UID: 0 PID: 20942 Comm: syz.5.6437 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  384.422387][T20942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  384.422400][T20942] Call Trace:
[  384.422407][T20942]  <TASK>
[  384.422415][T20942]  __dump_stack+0x1d/0x30
[  384.422441][T20942]  dump_stack_lvl+0xe8/0x140
[  384.422471][T20942]  dump_stack+0x15/0x1b
[  384.422493][T20942]  should_fail_ex+0x265/0x280
[  384.422545][T20942]  should_failslab+0x8c/0xb0
[  384.422574][T20942]  kmem_cache_alloc_node_noprof+0x57/0x320
[  384.422655][T20942]  ? __alloc_skb+0x101/0x320
[  384.422716][T20942]  ? tcp_chrono_stop+0x19d/0x210
[  384.422747][T20942]  __alloc_skb+0x101/0x320
[  384.422771][T20942]  tcp_stream_alloc_skb+0x2d/0x1d0
[  384.422888][T20942]  tcp_connect+0xce9/0x2290
[  384.422925][T20942]  ? tcp_fastopen_defer_connect+0x69/0x1e0
[  384.422968][T20942]  tcp_v6_connect+0xb61/0xc30
[  384.422997][T20942]  ? refill_obj_stock+0x254/0x2e0
[  384.423061][T20942]  __inet_stream_connect+0x169/0x7e0
[  384.423117][T20942]  ? tcp_sendmsg_fastopen+0x172/0x520
[  384.423199][T20942]  ? should_failslab+0x8c/0xb0
[  384.423231][T20942]  ? __kmalloc_cache_noprof+0x189/0x320
[  384.423271][T20942]  tcp_sendmsg_fastopen+0x43a/0x520
[  384.423356][T20942]  tcp_sendmsg_locked+0x26e1/0x2c00
[  384.423395][T20942]  ? mntput_no_expire+0x6f/0x460
[  384.423502][T20942]  ? __rcu_read_unlock+0x4f/0x70
[  384.423577][T20942]  ? avc_has_perm_noaudit+0x1b1/0x200
[  384.423607][T20942]  ? avc_has_perm+0xf7/0x180
[  384.423643][T20942]  ? _raw_spin_unlock_bh+0x36/0x40
[  384.423666][T20942]  ? __pfx_tcp_sendmsg+0x10/0x10
[  384.423780][T20942]  tcp_sendmsg+0x2f/0x50
[  384.423814][T20942]  inet6_sendmsg+0x76/0xd0
[  384.423850][T20942]  __sock_sendmsg+0x8b/0x180
[  384.423977][T20942]  __sys_sendto+0x268/0x330
[  384.424009][T20942]  __x64_sys_sendto+0x76/0x90
[  384.424031][T20942]  x64_sys_call+0x2d05/0x2ff0
[  384.424053][T20942]  do_syscall_64+0xd2/0x200
[  384.424161][T20942]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  384.424186][T20942]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  384.424272][T20942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  384.424297][T20942] RIP: 0033:0x7f7e475deec9
[  384.424391][T20942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  384.424411][T20942] RSP: 002b:00007f7e4603f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  384.424432][T20942] RAX: ffffffffffffffda RBX: 00007f7e47835fa0 RCX: 00007f7e475deec9
[  384.424446][T20942] RDX: 0000000000000091 RSI: 0000000000000000 RDI: 0000000000000006
[  384.424459][T20942] RBP: 00007f7e4603f090 R08: 0000200000b63fe4 R09: 000000000000001c
[  384.424480][T20942] R10: 0000000022004001 R11: 0000000000000246 R12: 0000000000000001
[  384.424493][T20942] R13: 00007f7e47836038 R14: 00007f7e47835fa0 R15: 00007fff41201118
[  384.424562][T20942]  </TASK>
[  384.815667][T20950] dummy0: entered promiscuous mode
[  384.842490][T20950] macsec1: entered promiscuous mode
[  384.857771][T20950] macsec1: entered allmulticast mode
[  384.870247][T20950] dummy0: entered allmulticast mode
[  384.914539][T20950] dummy0: left allmulticast mode
[  384.929339][T20950] dummy0: left promiscuous mode
[  385.407175][   T29] kauditd_printk_skb: 443 callbacks suppressed
[  385.407245][   T29] audit: type=1326 audit(1162.002:51672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20960 comm="syz.1.6444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  385.492687][   T29] audit: type=1326 audit(1162.033:51673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20960 comm="syz.1.6444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  385.515976][   T29] audit: type=1326 audit(1162.033:51674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20960 comm="syz.1.6444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  385.608303][T20965] binfmt_misc: register: failed to install interpreter file ./file0
[  385.659068][T20965] __nla_validate_parse: 6 callbacks suppressed
[  385.659087][T20965] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6446'.
[  385.674497][T20965] netlink: 196 bytes leftover after parsing attributes in process `syz.1.6446'.
[  385.703505][T20965] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6446'.
[  385.810413][   T29] audit: type=1326 audit(1162.348:51675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20969 comm="syz.0.6448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febfd2ceec9 code=0x7ffc0000
[  385.834006][   T29] audit: type=1326 audit(1162.348:51676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20969 comm="syz.0.6448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febfd2ceec9 code=0x7ffc0000
[  385.850412][T20965] netlink: 196 bytes leftover after parsing attributes in process `syz.1.6446'.
[  385.857069][   T29] audit: type=1326 audit(1162.348:51677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20969 comm="syz.0.6448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7febfd2ceec9 code=0x7ffc0000
[  385.889325][   T29] audit: type=1326 audit(1162.348:51678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20969 comm="syz.0.6448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febfd2ceec9 code=0x7ffc0000
[  385.912566][   T29] audit: type=1326 audit(1162.348:51679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20969 comm="syz.0.6448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febfd2ceec9 code=0x7ffc0000
[  385.935878][   T29] audit: type=1326 audit(1162.348:51680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20969 comm="syz.0.6448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=260 compat=0 ip=0x7febfd2ceec9 code=0x7ffc0000
[  385.959064][   T29] audit: type=1326 audit(1162.348:51681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20969 comm="syz.0.6448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febfd2ceec9 code=0x7ffc0000
[  386.148935][T20985] vhci_hcd: invalid port number 96
[  386.154107][T20985] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  386.264035][T20996] FAULT_INJECTION: forcing a failure.
[  386.264035][T20996] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.277513][T20996] CPU: 1 UID: 0 PID: 20996 Comm: syz.1.6458 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  386.277574][T20996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  386.277591][T20996] Call Trace:
[  386.277600][T20996]  <TASK>
[  386.277608][T20996]  __dump_stack+0x1d/0x30
[  386.277630][T20996]  dump_stack_lvl+0xe8/0x140
[  386.277649][T20996]  dump_stack+0x15/0x1b
[  386.277690][T20996]  should_fail_ex+0x265/0x280
[  386.277718][T20996]  should_fail+0xb/0x20
[  386.277744][T20996]  should_fail_usercopy+0x1a/0x20
[  386.277776][T20996]  strncpy_from_user+0x25/0x230
[  386.277827][T20996]  ? kmem_cache_alloc_noprof+0x186/0x310
[  386.277904][T20996]  ? getname_flags+0x80/0x3b0
[  386.277941][T20996]  getname_flags+0xae/0x3b0
[  386.277973][T20996]  do_sys_openat2+0x60/0x110
[  386.278031][T20996]  __x64_sys_creat+0x65/0x90
[  386.278054][T20996]  x64_sys_call+0x2d94/0x2ff0
[  386.278081][T20996]  do_syscall_64+0xd2/0x200
[  386.278190][T20996]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  386.278215][T20996]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  386.278354][T20996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.278439][T20996] RIP: 0033:0x7fd53e03eec9
[  386.278454][T20996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.278556][T20996] RSP: 002b:00007fd53caa7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  386.278581][T20996] RAX: ffffffffffffffda RBX: 00007fd53e295fa0 RCX: 00007fd53e03eec9
[  386.278628][T20996] RDX: 0000000000000000 RSI: 0000000000000036 RDI: 00002000000003c0
[  386.278649][T20996] RBP: 00007fd53caa7090 R08: 0000000000000000 R09: 0000000000000000
[  386.278665][T20996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.278681][T20996] R13: 00007fd53e296038 R14: 00007fd53e295fa0 R15: 00007ffde8c2bcc8
[  386.278705][T20996]  </TASK>
[  386.563939][T21000] binfmt_misc: register: failed to install interpreter file ./file0
[  386.581215][T21000] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6461'.
[  386.590291][T21000] netlink: 196 bytes leftover after parsing attributes in process `syz.5.6461'.
[  386.600411][T21000] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6461'.
[  386.610010][T21000] netlink: 196 bytes leftover after parsing attributes in process `syz.5.6461'.
[  386.764010][T21015] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6467'.
[  386.799542][T21026] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6472'.
[  386.874171][T21034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  386.883253][T21034] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  387.142589][T21048] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  387.153946][T21048] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  387.231101][T21049] usb usb8: usbfs: process 21049 (syz.5.6476) did not claim interface 0 before use
[  387.658241][T21053] bridge_slave_0: left allmulticast mode
[  387.664095][T21053] bridge_slave_0: left promiscuous mode
[  387.669796][T21053] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.694708][T21053] bridge_slave_1: left allmulticast mode
[  387.700508][T21053] bridge_slave_1: left promiscuous mode
[  387.706352][T21053] bridge0: port 2(bridge_slave_1) entered disabled state
[  387.781877][T21053] bond0: (slave bond_slave_0): Releasing backup interface
[  387.791709][T21053] bond0: (slave bond_slave_1): Releasing backup interface
[  387.805900][T21053] team0: Port device team_slave_0 removed
[  387.834491][T21059] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  387.853523][T21059] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  387.871147][T21053] team0: Port device team_slave_1 removed
[  387.883345][T21053] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  387.890934][T21053] batman_adv: batadv0: Removing interface: batadv_slave_0
[  387.909230][T21053] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  387.916741][T21053] batman_adv: batadv0: Removing interface: batadv_slave_1
[  388.279553][T21089] loop2: detected capacity change from 0 to 128
[  388.292906][T21089] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002]
[  388.301166][T21089] System zones: 1-3, 19-19, 35-36
[  388.306882][T21089] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  388.333756][T20238] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  388.484806][T21101] vhci_hcd: invalid port number 96
[  388.490004][T21101] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  388.783265][T21112] usb usb8: usbfs: process 21112 (syz.3.6499) did not claim interface 0 before use
[  389.016282][T21116] binfmt_misc: register: failed to install interpreter file ./file0
[  389.108268][T21122] netlink: 'syz.5.6505': attribute type 10 has an invalid length.
[  389.117172][T21122] team0: Device hsr_slave_0 failed to register rx_handler
[  389.269879][T21133] netlink: 'syz.5.6510': attribute type 10 has an invalid length.
[  389.302146][T21133] team0: Device hsr_slave_0 failed to register rx_handler
[  389.733524][T21162] netlink: 'syz.3.6521': attribute type 10 has an invalid length.
[  389.756446][T21162] team0: Device hsr_slave_0 failed to register rx_handler
[  390.001994][T21179] dummy0: entered promiscuous mode
[  390.007357][T21179] macsec1: entered promiscuous mode
[  390.012767][T21179] macsec1: entered allmulticast mode
[  390.018136][T21179] dummy0: entered allmulticast mode
[  390.025456][T21179] dummy0: left allmulticast mode
[  390.034074][T21179] dummy0: left promiscuous mode
[  390.179348][T21189] netlink: 'syz.3.6533': attribute type 10 has an invalid length.
[  390.187737][T21189] team0: Device hsr_slave_0 failed to register rx_handler
[  390.242531][T21197] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  390.263795][T21197] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  390.273749][T21201] netlink: 'syz.5.6538': attribute type 21 has an invalid length.
[  390.287151][   T29] kauditd_printk_skb: 819 callbacks suppressed
[  390.287171][   T29] audit: type=1400 audit(1167.100:52501): avc:  denied  { write } for  pid=21198 comm="syz.3.6539" name="nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  390.316409][   T29] audit: type=1400 audit(1167.100:52502): avc:  denied  { open } for  pid=21198 comm="syz.3.6539" path="/dev/nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  390.340358][   T29] audit: type=1326 audit(1167.131:52503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21202 comm="syz.1.6540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  390.350932][T21205] dummy0: entered promiscuous mode
[  390.364146][   T29] audit: type=1326 audit(1167.131:52504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21202 comm="syz.1.6540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  390.371507][T21205] macsec1: entered promiscuous mode
[  390.392347][   T29] audit: type=1326 audit(1167.131:52505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21202 comm="syz.1.6540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  390.392396][   T29] audit: type=1326 audit(1167.131:52506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21202 comm="syz.1.6540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  390.400127][T21205] macsec1: entered allmulticast mode
[  390.420693][   T29] audit: type=1326 audit(1167.131:52507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21202 comm="syz.1.6540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  390.420731][   T29] audit: type=1326 audit(1167.131:52508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21202 comm="syz.1.6540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  390.450233][T21205] dummy0: entered allmulticast mode
[  390.472584][   T29] audit: type=1326 audit(1167.131:52509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21202 comm="syz.1.6540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  390.524313][   T29] audit: type=1326 audit(1167.131:52510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21202 comm="syz.1.6540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  390.549930][T21205] dummy0: left allmulticast mode
[  390.555411][T21205] dummy0: left promiscuous mode
[  390.613112][T21207] netlink: 'syz.3.6542': attribute type 1 has an invalid length.
[  390.636363][T21207] 8021q: adding VLAN 0 to HW filter on device bond1
[  390.648967][T21207] __nla_validate_parse: 9 callbacks suppressed
[  390.648985][T21207] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6542'.
[  390.673293][T21207] bond1 (unregistering): Released all slaves
[  390.762929][T21217] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6545'.
[  390.774818][   T23] IPVS: starting estimator thread 0...
[  390.839165][T21229] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6548'.
[  390.881143][T21224] IPVS: using max 2256 ests per chain, 112800 per kthread
[  391.007258][T21246] dummy0: entered promiscuous mode
[  391.012820][T21246] macsec1: entered promiscuous mode
[  391.018225][T21246] macsec1: entered allmulticast mode
[  391.025174][T21246] dummy0: entered allmulticast mode
[  391.032017][T21246] dummy0: left allmulticast mode
[  391.037124][T21246] dummy0: left promiscuous mode
[  391.113412][T21248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  391.122189][T21248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  391.140980][T21250] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  391.149895][T21250] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  391.577096][T21254] FAULT_INJECTION: forcing a failure.
[  391.577096][T21254] name failslab, interval 1, probability 0, space 0, times 0
[  391.589931][T21254] CPU: 1 UID: 0 PID: 21254 Comm: syz.0.6557 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  391.590020][T21254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  391.590036][T21254] Call Trace:
[  391.590098][T21254]  <TASK>
[  391.590108][T21254]  __dump_stack+0x1d/0x30
[  391.590130][T21254]  dump_stack_lvl+0xe8/0x140
[  391.590149][T21254]  dump_stack+0x15/0x1b
[  391.590165][T21254]  should_fail_ex+0x265/0x280
[  391.590198][T21254]  should_failslab+0x8c/0xb0
[  391.590230][T21254]  __kmalloc_noprof+0xa5/0x3e0
[  391.590264][T21254]  ? security_prepare_creds+0x52/0x120
[  391.590292][T21254]  security_prepare_creds+0x52/0x120
[  391.590364][T21254]  prepare_creds+0x34a/0x4c0
[  391.590385][T21254]  selinux_lsm_setattr+0x1a4/0x660
[  391.590408][T21254]  selinux_setprocattr+0x4f/0x70
[  391.590463][T21254]  security_setprocattr+0x1a4/0x1d0
[  391.590558][T21254]  proc_pid_attr_write+0x1eb/0x220
[  391.590582][T21254]  ? __pfx_proc_pid_attr_write+0x10/0x10
[  391.590716][T21254]  vfs_write+0x269/0x960
[  391.590735][T21254]  ? __rcu_read_unlock+0x4f/0x70
[  391.590755][T21254]  ? __fget_files+0x184/0x1c0
[  391.590785][T21254]  ksys_write+0xda/0x1a0
[  391.590806][T21254]  __x64_sys_write+0x40/0x50
[  391.590834][T21254]  x64_sys_call+0x27fe/0x2ff0
[  391.590852][T21254]  do_syscall_64+0xd2/0x200
[  391.590920][T21254]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  391.590957][T21254]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.590998][T21254] RIP: 0033:0x7febfd2ceec9
[  391.591011][T21254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  391.591027][T21254] RSP: 002b:00007febfbd2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  391.591061][T21254] RAX: ffffffffffffffda RBX: 00007febfd525fa0 RCX: 00007febfd2ceec9
[  391.591072][T21254] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  391.591083][T21254] RBP: 00007febfbd2f090 R08: 0000000000000000 R09: 0000000000000000
[  391.591094][T21254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  391.591104][T21254] R13: 00007febfd526038 R14: 00007febfd525fa0 R15: 00007ffe83886da8
[  391.591122][T21254]  </TASK>
[  391.833709][T21257] FAULT_INJECTION: forcing a failure.
[  391.833709][T21257] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  391.846911][T21257] CPU: 0 UID: 0 PID: 21257 Comm: syz.3.6560 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  391.846945][T21257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  391.846958][T21257] Call Trace:
[  391.846965][T21257]  <TASK>
[  391.846973][T21257]  __dump_stack+0x1d/0x30
[  391.846994][T21257]  dump_stack_lvl+0xe8/0x140
[  391.847062][T21257]  dump_stack+0x15/0x1b
[  391.847093][T21257]  should_fail_ex+0x265/0x280
[  391.847122][T21257]  should_fail+0xb/0x20
[  391.847149][T21257]  should_fail_usercopy+0x1a/0x20
[  391.847221][T21257]  _copy_from_user+0x1c/0xb0
[  391.847260][T21257]  ___sys_sendmsg+0xc1/0x1d0
[  391.847344][T21257]  __x64_sys_sendmsg+0xd4/0x160
[  391.847378][T21257]  x64_sys_call+0x191e/0x2ff0
[  391.847475][T21257]  do_syscall_64+0xd2/0x200
[  391.847513][T21257]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  391.847628][T21257]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  391.847660][T21257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.847747][T21257] RIP: 0033:0x7f3b02f3eec9
[  391.847766][T21257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  391.847789][T21257] RSP: 002b:00007f3b0199f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  391.847813][T21257] RAX: ffffffffffffffda RBX: 00007f3b03195fa0 RCX: 00007f3b02f3eec9
[  391.847828][T21257] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004
[  391.847846][T21257] RBP: 00007f3b0199f090 R08: 0000000000000000 R09: 0000000000000000
[  391.847888][T21257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  391.847904][T21257] R13: 00007f3b03196038 R14: 00007f3b03195fa0 R15: 00007fffc3e9da38
[  391.847928][T21257]  </TASK>
[  392.079905][T21270] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6564'.
[  392.150746][T21279] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6562'.
[  393.084477][T21312] FAULT_INJECTION: forcing a failure.
[  393.084477][T21312] name failslab, interval 1, probability 0, space 0, times 0
[  393.097275][T21312] CPU: 0 UID: 0 PID: 21312 Comm: syz.2.6573 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  393.097324][T21312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  393.097341][T21312] Call Trace:
[  393.097349][T21312]  <TASK>
[  393.097359][T21312]  __dump_stack+0x1d/0x30
[  393.097386][T21312]  dump_stack_lvl+0xe8/0x140
[  393.097406][T21312]  dump_stack+0x15/0x1b
[  393.097490][T21312]  should_fail_ex+0x265/0x280
[  393.097514][T21312]  ? io_uring_alloc_task_context+0x4c/0x2d0
[  393.097552][T21312]  should_failslab+0x8c/0xb0
[  393.097584][T21312]  __kmalloc_cache_noprof+0x4c/0x320
[  393.097626][T21312]  io_uring_alloc_task_context+0x4c/0x2d0
[  393.097691][T21312]  __io_uring_add_tctx_node+0x1f3/0x2d0
[  393.097717][T21312]  __io_uring_add_tctx_node_from_submit+0x69/0xc0
[  393.097743][T21312]  __se_sys_io_uring_enter+0x195b/0x1b70
[  393.097840][T21312]  ? 0xffffffff81000000
[  393.097855][T21312]  ? __rcu_read_unlock+0x4f/0x70
[  393.097879][T21312]  ? get_pid_task+0x96/0xd0
[  393.097976][T21312]  ? proc_fail_nth_write+0x13b/0x160
[  393.098012][T21312]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  393.098039][T21312]  ? vfs_write+0x7e8/0x960
[  393.098093][T21312]  ? __rcu_read_unlock+0x4f/0x70
[  393.098120][T21312]  ? __fget_files+0x184/0x1c0
[  393.098150][T21312]  ? fput+0x8f/0xc0
[  393.098182][T21312]  __x64_sys_io_uring_enter+0x78/0x90
[  393.098207][T21312]  x64_sys_call+0x2de1/0x2ff0
[  393.098237][T21312]  do_syscall_64+0xd2/0x200
[  393.098275][T21312]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  393.098306][T21312]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  393.098342][T21312]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.098525][T21312] RIP: 0033:0x7fe51437eec9
[  393.098549][T21312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  393.098568][T21312] RSP: 002b:00007fe512d40038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  393.098687][T21312] RAX: ffffffffffffffda RBX: 00007fe5145d6180 RCX: 00007fe51437eec9
[  393.098706][T21312] RDX: 0000000000000000 RSI: 00000000000032d7 RDI: 0000000000000005
[  393.098720][T21312] RBP: 00007fe512d40090 R08: 0000000000000000 R09: 0000000000000000
[  393.098740][T21312] R10: 0000000000000046 R11: 0000000000000246 R12: 0000000000000001
[  393.098757][T21312] R13: 00007fe5145d6218 R14: 00007fe5145d6180 R15: 00007fffe88dbb58
[  393.098783][T21312]  </TASK>
[  393.381181][T21311] dummy0: entered promiscuous mode
[  393.388223][T21311] macsec1: entered promiscuous mode
[  393.393935][T21311] macsec1: entered allmulticast mode
[  393.399594][T21311] dummy0: entered allmulticast mode
[  393.408956][T21311] dummy0: left allmulticast mode
[  393.414413][T21311] dummy0: left promiscuous mode
[  393.917406][T21327] FAULT_INJECTION: forcing a failure.
[  393.917406][T21327] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  393.931160][T21327] CPU: 1 UID: 0 PID: 21327 Comm: syz.2.6583 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  393.931192][T21327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  393.931205][T21327] Call Trace:
[  393.931213][T21327]  <TASK>
[  393.931220][T21327]  __dump_stack+0x1d/0x30
[  393.931307][T21327]  dump_stack_lvl+0xe8/0x140
[  393.931330][T21327]  dump_stack+0x15/0x1b
[  393.931351][T21327]  should_fail_ex+0x265/0x280
[  393.931382][T21327]  should_fail+0xb/0x20
[  393.931409][T21327]  should_fail_usercopy+0x1a/0x20
[  393.931514][T21327]  _copy_from_user+0x1c/0xb0
[  393.931614][T21327]  __sys_bpf+0x178/0x7b0
[  393.931718][T21327]  __x64_sys_bpf+0x41/0x50
[  393.931747][T21327]  x64_sys_call+0x2aea/0x2ff0
[  393.931793][T21327]  do_syscall_64+0xd2/0x200
[  393.931822][T21327]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  393.931930][T21327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.931951][T21327] RIP: 0033:0x7fe51437eec9
[  393.931970][T21327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  393.931992][T21327] RSP: 002b:00007fe512de7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  393.932065][T21327] RAX: ffffffffffffffda RBX: 00007fe5145d5fa0 RCX: 00007fe51437eec9
[  393.932080][T21327] RDX: 0000000000000094 RSI: 00002000000001c0 RDI: 0000000000000005
[  393.932096][T21327] RBP: 00007fe512de7090 R08: 0000000000000000 R09: 0000000000000000
[  393.932113][T21327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  393.932129][T21327] R13: 00007fe5145d6038 R14: 00007fe5145d5fa0 R15: 00007fffe88dbb58
[  393.932153][T21327]  </TASK>
[  394.126521][T21332] netlink: 'syz.2.6585': attribute type 10 has an invalid length.
[  394.134747][T21332] team0: Device hsr_slave_0 failed to register rx_handler
[  394.200602][T21335] loop2: detected capacity change from 0 to 512
[  394.207560][T21335] EXT4-fs: Ignoring removed mblk_io_submit option
[  394.215376][T21335] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  394.226542][T21335] EXT4-fs (loop2): 1 truncate cleaned up
[  394.232801][T21335] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  394.267683][T20238] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  394.332577][T21351] netlink: 'syz.1.6592': attribute type 10 has an invalid length.
[  394.352397][T21351] team0: Device hsr_slave_0 failed to register rx_handler
[  394.368493][T21356] FAULT_INJECTION: forcing a failure.
[  394.368493][T21356] name failslab, interval 1, probability 0, space 0, times 0
[  394.381298][T21356] CPU: 0 UID: 0 PID: 21356 Comm: syz.2.6594 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  394.381329][T21356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  394.381347][T21356] Call Trace:
[  394.381355][T21356]  <TASK>
[  394.381388][T21356]  __dump_stack+0x1d/0x30
[  394.381414][T21356]  dump_stack_lvl+0xe8/0x140
[  394.381437][T21356]  dump_stack+0x15/0x1b
[  394.381454][T21356]  should_fail_ex+0x265/0x280
[  394.381559][T21356]  should_failslab+0x8c/0xb0
[  394.381593][T21356]  kmem_cache_alloc_noprof+0x50/0x310
[  394.381697][T21356]  ? getname_flags+0x80/0x3b0
[  394.381734][T21356]  getname_flags+0x80/0x3b0
[  394.381769][T21356]  __se_sys_newstat+0x4b/0x280
[  394.381808][T21356]  ? fput+0x8f/0xc0
[  394.381868][T21356]  ? ksys_write+0x192/0x1a0
[  394.381908][T21356]  __x64_sys_newstat+0x31/0x40
[  394.382012][T21356]  x64_sys_call+0x73e/0x2ff0
[  394.382038][T21356]  do_syscall_64+0xd2/0x200
[  394.382068][T21356]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  394.382092][T21356]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  394.382168][T21356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.382194][T21356] RIP: 0033:0x7fe51437eec9
[  394.382209][T21356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  394.382227][T21356] RSP: 002b:00007fe512de7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  394.382245][T21356] RAX: ffffffffffffffda RBX: 00007fe5145d5fa0 RCX: 00007fe51437eec9
[  394.382327][T21356] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 00002000000004c0
[  394.382342][T21356] RBP: 00007fe512de7090 R08: 0000000000000000 R09: 0000000000000000
[  394.382353][T21356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  394.382365][T21356] R13: 00007fe5145d6038 R14: 00007fe5145d5fa0 R15: 00007fffe88dbb58
[  394.382384][T21356]  </TASK>
[  394.646260][T21369] dummy0: entered promiscuous mode
[  394.651664][T21369] macsec1: entered promiscuous mode
[  394.658695][T21369] macsec1: entered allmulticast mode
[  394.665731][T21369] dummy0: entered allmulticast mode
[  394.672863][T21369] dummy0: left allmulticast mode
[  394.678118][T21371] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6600'.
[  394.678138][T21369] dummy0: left promiscuous mode
[  394.780833][T21377] netlink: 'wޣ�': attribute type 21 has an invalid length.
[  394.781481][T21379] loop2: detected capacity change from 0 to 164
[  394.788843][T21377] netlink: 132 bytes leftover after parsing attributes in process `wޣ�'.
[  394.804035][T21379] ISOFS: unable to read i-node block
[  394.809398][T21379] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  394.826297][T21379] netlink: 'wޣ�': attribute type 21 has an invalid length.
[  394.835515][T21379] netlink: 132 bytes leftover after parsing attributes in process `wޣ�'.
[  394.836496][T21383] netlink: 'syz.1.6606': attribute type 10 has an invalid length.
[  394.853748][T21383] team0: Device hsr_slave_0 failed to register rx_handler
[  394.915694][T21392] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6611'.
[  394.925586][T21393] 
: renamed from bond0 (while UP)
[  394.967297][T21399] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6613'.
[  394.968383][T21400] dummy0: entered promiscuous mode
[  394.981842][T21400] macsec1: entered promiscuous mode
[  394.987694][T21400] macsec1: entered allmulticast mode
[  394.993305][T21400] dummy0: entered allmulticast mode
[  395.000188][T21400] dummy0: left allmulticast mode
[  395.005682][T21400] dummy0: left promiscuous mode
[  395.051332][   T29] kauditd_printk_skb: 645 callbacks suppressed
[  395.051351][   T29] audit: type=1326 audit(1172.129:53156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21380 comm="syz.3.6605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3b02f35d67 code=0x7ffc0000
[  395.080900][   T29] audit: type=1326 audit(1172.129:53157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21380 comm="syz.3.6605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3b02edaf79 code=0x7ffc0000
[  395.104162][   T29] audit: type=1326 audit(1172.129:53158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21380 comm="syz.3.6605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=304 compat=0 ip=0x7f3b02f3eec9 code=0x7ffc0000
[  395.127430][   T29] audit: type=1326 audit(1172.171:53159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21380 comm="syz.3.6605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3b02f35d67 code=0x7ffc0000
[  395.150602][   T29] audit: type=1326 audit(1172.171:53160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21380 comm="syz.3.6605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3b02edaf79 code=0x7ffc0000
[  395.173862][   T29] audit: type=1326 audit(1172.171:53161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21380 comm="syz.3.6605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=304 compat=0 ip=0x7f3b02f3eec9 code=0x7ffc0000
[  395.197715][   T29] audit: type=1326 audit(1172.171:53162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21380 comm="syz.3.6605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3b02f35d67 code=0x7ffc0000
[  395.221006][   T29] audit: type=1326 audit(1172.171:53163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21380 comm="syz.3.6605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3b02edaf79 code=0x7ffc0000
[  395.244219][   T29] audit: type=1326 audit(1172.171:53164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21380 comm="syz.3.6605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=304 compat=0 ip=0x7f3b02f3eec9 code=0x7ffc0000
[  395.267480][   T29] audit: type=1326 audit(1172.171:53165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21380 comm="syz.3.6605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3b02f35d67 code=0x7ffc0000
[  395.335922][T21411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  395.349779][T21411] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  395.364777][T21413] netlink: 'syz.0.6619': attribute type 10 has an invalid length.
[  395.380958][T21415] SELinux:  Context system_u:object_r:tty_device_t:s0 is not valid (left unmapped).
[  395.391976][T21413] team0: Device hsr_slave_0 failed to register rx_handler
[  395.515608][T21424] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6624'.
[  395.634777][T21431] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6626'.
[  395.712758][T21434] $H�: renamed from bond0 (while UP)
[  395.732027][T21434] $H�: entered promiscuous mode
[  395.737173][T21434] bond_slave_0: entered promiscuous mode
[  395.743057][T21434] bond_slave_1: entered promiscuous mode
[  395.800149][T21445] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6632'.
[  395.969870][T21462] binfmt_misc: register: failed to install interpreter file ./file0
[  395.982827][T21462] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6640'.
[  395.992254][T21462] netlink: 196 bytes leftover after parsing attributes in process `syz.1.6640'.
[  396.001833][T21462] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6640'.
[  396.011082][T21462] netlink: 196 bytes leftover after parsing attributes in process `syz.1.6640'.
[  396.151882][T21469] sch_tbf: burst 19869 is lower than device lo mtu (65550) !
[  396.818929][T21494] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6653'.
[  397.395823][T21534] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6669'.
[  397.464772][T21546] FAULT_INJECTION: forcing a failure.
[  397.464772][T21546] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  397.478250][T21546] CPU: 1 UID: 0 PID: 21546 Comm: syz.3.6674 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  397.478285][T21546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  397.478303][T21546] Call Trace:
[  397.478350][T21546]  <TASK>
[  397.478360][T21546]  __dump_stack+0x1d/0x30
[  397.478386][T21546]  dump_stack_lvl+0xe8/0x140
[  397.478465][T21546]  dump_stack+0x15/0x1b
[  397.478487][T21546]  should_fail_ex+0x265/0x280
[  397.478520][T21546]  should_fail+0xb/0x20
[  397.478542][T21546]  should_fail_usercopy+0x1a/0x20
[  397.478571][T21546]  _copy_from_iter+0x254/0xe80
[  397.478699][T21546]  tun_get_user+0x14d/0x26e0
[  397.478726][T21546]  ? __rcu_read_unlock+0x4f/0x70
[  397.478763][T21546]  ? ref_tracker_alloc+0x1f2/0x2f0
[  397.478843][T21546]  tun_chr_write_iter+0x15e/0x210
[  397.478863][T21546]  do_iter_readv_writev+0x49c/0x540
[  397.478913][T21546]  vfs_writev+0x2df/0x8b0
[  397.478960][T21546]  do_writev+0xe7/0x210
[  397.479007][T21546]  __x64_sys_writev+0x45/0x50
[  397.479037][T21546]  x64_sys_call+0x1e9a/0x2ff0
[  397.479064][T21546]  do_syscall_64+0xd2/0x200
[  397.479108][T21546]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  397.479139][T21546]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  397.479174][T21546]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.479200][T21546] RIP: 0033:0x7f3b02f3eec9
[  397.479272][T21546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.479290][T21546] RSP: 002b:00007f3b0199f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  397.479319][T21546] RAX: ffffffffffffffda RBX: 00007f3b03195fa0 RCX: 00007f3b02f3eec9
[  397.479334][T21546] RDX: 0000000000000004 RSI: 0000200000000500 RDI: 0000000000000003
[  397.479349][T21546] RBP: 00007f3b0199f090 R08: 0000000000000000 R09: 0000000000000000
[  397.479364][T21546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  397.479376][T21546] R13: 00007f3b03196038 R14: 00007f3b03195fa0 R15: 00007fffc3e9da38
[  397.479401][T21546]  </TASK>
[  397.746582][T21554] loop2: detected capacity change from 0 to 128
[  397.769499][T21554] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002]
[  397.782660][T21554] System zones: 1-3, 19-19, 35-36
[  397.790944][T21554] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  397.953851][T20238] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  398.113941][T21581] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6682'.
[  398.140057][T21582] tipc: Started in network mode
[  398.145091][T21582] tipc: Node identity 3634fbae0d7a, cluster identity 4711
[  398.152565][T21582] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  398.197378][T21577] vhci_hcd: invalid port number 96
[  398.202702][T21577] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  398.238978][T21582] syzkaller0: entered promiscuous mode
[  398.244657][T21582] syzkaller0: entered allmulticast mode
[  398.258394][T21582] tipc: Resetting bearer <eth:syzkaller0>
[  398.274488][T21580] tipc: Resetting bearer <eth:syzkaller0>
[  398.299807][T21580] tipc: Disabling bearer <eth:syzkaller0>
[  398.325370][T21588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  398.334261][T21588] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  398.594259][T21600] vhci_hcd: invalid port number 96
[  398.599565][T21600] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  398.740329][T21615] usb usb8: usbfs: process 21615 (syz.0.6698) did not claim interface 0 before use
[  399.340342][T21646] netlink: 'wޣ�': attribute type 21 has an invalid length.
[  399.399755][T21648] dummy0: entered promiscuous mode
[  399.413129][T21648] macsec1: entered promiscuous mode
[  399.418718][T21648] macsec1: entered allmulticast mode
[  399.426081][T21648] dummy0: entered allmulticast mode
[  399.435033][T21648] dummy0: left allmulticast mode
[  399.444864][T21648] dummy0: left promiscuous mode
[  399.673560][T21675] vhci_hcd: invalid port number 96
[  399.678839][T21675] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  399.686724][T21673] vhci_hcd: invalid port number 96
[  399.692018][T21673] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  399.701399][T21681] dummy0: entered promiscuous mode
[  399.706697][T21681] macsec1: entered promiscuous mode
[  399.716709][T21681] macsec1: entered allmulticast mode
[  399.727406][T21681] dummy0: entered allmulticast mode
[  399.754505][T21681] dummy0: left allmulticast mode
[  399.760102][T21681] dummy0: left promiscuous mode
[  399.879718][   T29] kauditd_printk_skb: 562 callbacks suppressed
[  399.879734][   T29] audit: type=1400 audit(1177.209:53728): avc:  denied  { mounton } for  pid=21702 comm="syz.2.6739" path="/110/bus" dev="tmpfs" ino=598 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  399.927237][T21703] FAULT_INJECTION: forcing a failure.
[  399.927237][T21703] name failslab, interval 1, probability 0, space 0, times 0
[  399.939976][T21703] CPU: 1 UID: 0 PID: 21703 Comm: +}[@ Not tainted syzkaller #0 PREEMPT(voluntary) 
[  399.940010][T21703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  399.940075][T21703] Call Trace:
[  399.940084][T21703]  <TASK>
[  399.940094][T21703]  __dump_stack+0x1d/0x30
[  399.940126][T21703]  dump_stack_lvl+0xe8/0x140
[  399.940172][T21703]  dump_stack+0x15/0x1b
[  399.940190][T21703]  should_fail_ex+0x265/0x280
[  399.940215][T21703]  ? audit_log_d_path+0x8d/0x150
[  399.940327][T21703]  should_failslab+0x8c/0xb0
[  399.940359][T21703]  __kmalloc_cache_noprof+0x4c/0x320
[  399.940465][T21703]  audit_log_d_path+0x8d/0x150
[  399.940529][T21703]  audit_log_d_path_exe+0x42/0x70
[  399.940569][T21703]  audit_log_task+0x1e9/0x250
[  399.940616][T21703]  audit_seccomp+0x61/0x100
[  399.940640][T21703]  ? __seccomp_filter+0x68c/0x10d0
[  399.940666][T21703]  __seccomp_filter+0x69d/0x10d0
[  399.940696][T21703]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  399.940731][T21703]  ? vfs_write+0x7e8/0x960
[  399.940791][T21703]  ? __rcu_read_unlock+0x4f/0x70
[  399.940814][T21703]  ? __fget_files+0x184/0x1c0
[  399.940849][T21703]  __secure_computing+0x82/0x150
[  399.940876][T21703]  syscall_trace_enter+0xcf/0x1e0
[  399.940980][T21703]  do_syscall_64+0xac/0x200
[  399.941098][T21703]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  399.941135][T21703]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  399.941239][T21703]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.941306][T21703] RIP: 0033:0x7fe51437eec9
[  399.941326][T21703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.941349][T21703] RSP: 002b:00007fe512de7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  399.941421][T21703] RAX: ffffffffffffffda RBX: 00007fe5145d5fa0 RCX: 00007fe51437eec9
[  399.941434][T21703] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000008
[  399.941447][T21703] RBP: 00007fe512de7090 R08: 0000000000000000 R09: 0000000000000000
[  399.941459][T21703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  399.941471][T21703] R13: 00007fe5145d6038 R14: 00007fe5145d5fa0 R15: 00007fffe88dbb58
[  399.941494][T21703]  </TASK>
[  400.021327][   T29] audit: type=1326 audit(1177.230:53729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21702 comm="syz.2.6739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  400.184566][   T29] audit: type=1326 audit(1177.230:53730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21702 comm="syz.2.6739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  400.207947][   T29] audit: type=1400 audit(1177.230:53731): avc:  denied  { create } for  pid=21702 comm="syz.2.6739" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  400.228339][   T29] audit: type=1326 audit(1177.230:53732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21702 comm="syz.2.6739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  400.251568][   T29] audit: type=1326 audit(1177.230:53733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21702 comm="syz.2.6739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  400.274790][   T29] audit: type=1400 audit(1177.230:53734): avc:  denied  { write } for  pid=21702 comm="syz.2.6739" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  400.295028][   T29] audit: type=1326 audit(1177.230:53735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21702 comm="syz.2.6739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  400.318910][   T29] audit: type=1326 audit(1177.230:53736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21702 comm="syz.2.6739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  400.342293][   T29] audit: type=1326 audit(1177.230:53737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21702 comm="syz.2.6739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  400.368899][T21703] loop2: detected capacity change from 0 to 256
[  400.376047][T21703] vfat: Unknown parameter '����'
[  400.500165][T21723] vhci_hcd: invalid port number 96
[  400.505345][T21723] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  400.517845][T21726] __nla_validate_parse: 10 callbacks suppressed
[  400.517864][T21726] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6747'.
[  400.644351][T21748] FAULT_INJECTION: forcing a failure.
[  400.644351][T21748] name failslab, interval 1, probability 0, space 0, times 0
[  400.657290][T21748] CPU: 0 UID: 0 PID: 21748 Comm: syz.3.6756 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  400.657325][T21748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  400.657379][T21748] Call Trace:
[  400.657388][T21748]  <TASK>
[  400.657397][T21748]  __dump_stack+0x1d/0x30
[  400.657422][T21748]  dump_stack_lvl+0xe8/0x140
[  400.657445][T21748]  dump_stack+0x15/0x1b
[  400.657541][T21748]  should_fail_ex+0x265/0x280
[  400.657569][T21748]  should_failslab+0x8c/0xb0
[  400.657600][T21748]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  400.657666][T21748]  ? __d_alloc+0x3d/0x340
[  400.657698][T21748]  __d_alloc+0x3d/0x340
[  400.657726][T21748]  ? mpol_shared_policy_init+0xbd/0x4c0
[  400.657803][T21748]  d_alloc_pseudo+0x1e/0x80
[  400.657894][T21748]  alloc_file_pseudo+0x71/0x160
[  400.658021][T21748]  ? __se_sys_memfd_create+0x1cc/0x590
[  400.658061][T21748]  __shmem_file_setup+0x1de/0x210
[  400.658194][T21748]  shmem_file_setup+0x3b/0x50
[  400.658229][T21748]  __se_sys_memfd_create+0x2c3/0x590
[  400.658262][T21748]  __x64_sys_memfd_create+0x31/0x40
[  400.658289][T21748]  x64_sys_call+0x2abe/0x2ff0
[  400.658345][T21748]  do_syscall_64+0xd2/0x200
[  400.658376][T21748]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  400.658473][T21748]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  400.658547][T21748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.658570][T21748] RIP: 0033:0x7f3b02f3eec9
[  400.658586][T21748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.658604][T21748] RSP: 002b:00007f3b0199ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  400.658624][T21748] RAX: ffffffffffffffda RBX: 0000000000000557 RCX: 00007f3b02f3eec9
[  400.658638][T21748] RDX: 00007f3b0199eef0 RSI: 0000000000000000 RDI: 00007f3b02fc2960
[  400.658670][T21748] RBP: 00002000000005c0 R08: 00007f3b0199ebb7 R09: 00007f3b0199ee40
[  400.658683][T21748] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000000c0
[  400.658769][T21748] R13: 00007f3b0199eef0 R14: 00007f3b0199eeb0 R15: 0000200000000580
[  400.658789][T21748]  </TASK>
[  400.881607][T21753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  400.897814][T21753] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  400.931860][T21760] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6761'.
[  400.940999][T21760] netlink: 196 bytes leftover after parsing attributes in process `syz.5.6761'.
[  400.948039][T21757] vhci_hcd: invalid port number 96
[  400.955619][T21757] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  400.960947][T21760] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6761'.
[  400.972735][T21760] netlink: 196 bytes leftover after parsing attributes in process `syz.5.6761'.
[  400.989869][T21750] pim6reg1: entered promiscuous mode
[  400.995267][T21750] pim6reg1: entered allmulticast mode
[  401.234033][T21839] vhci_hcd: invalid port number 96
[  401.239262][T21839] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  401.331346][T21843] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6774'.
[  401.579567][T21862] vhci_hcd: invalid port number 96
[  401.584870][T21862] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  401.616955][T21864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  401.626335][T21864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  401.684457][T21869] FAULT_INJECTION: forcing a failure.
[  401.684457][T21869] name failslab, interval 1, probability 0, space 0, times 0
[  401.697470][T21869] CPU: 0 UID: 0 PID: 21869 Comm: syz.5.6786 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  401.697499][T21869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  401.697526][T21869] Call Trace:
[  401.697533][T21869]  <TASK>
[  401.697542][T21869]  __dump_stack+0x1d/0x30
[  401.697642][T21869]  dump_stack_lvl+0xe8/0x140
[  401.697664][T21869]  dump_stack+0x15/0x1b
[  401.697682][T21869]  should_fail_ex+0x265/0x280
[  401.697709][T21869]  should_failslab+0x8c/0xb0
[  401.697794][T21869]  kmem_cache_alloc_noprof+0x50/0x310
[  401.697832][T21869]  ? copy_sighand+0x52/0x1b0
[  401.697865][T21869]  copy_sighand+0x52/0x1b0
[  401.697899][T21869]  copy_process+0xcaf/0x2000
[  401.697992][T21869]  kernel_clone+0x16c/0x5c0
[  401.698113][T21869]  ? vfs_write+0x7e8/0x960
[  401.698142][T21869]  __x64_sys_clone+0xe6/0x120
[  401.698242][T21869]  x64_sys_call+0x119c/0x2ff0
[  401.698267][T21869]  do_syscall_64+0xd2/0x200
[  401.698362][T21869]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  401.698391][T21869]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  401.698462][T21869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.698487][T21869] RIP: 0033:0x7f7e475deec9
[  401.698503][T21869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  401.698523][T21869] RSP: 002b:00007f7e4603efe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  401.698549][T21869] RAX: ffffffffffffffda RBX: 00007f7e47835fa0 RCX: 00007f7e475deec9
[  401.698562][T21869] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000400
[  401.698574][T21869] RBP: 00007f7e4603f090 R08: 0000000000000000 R09: 0000000000000000
[  401.698607][T21869] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  401.698624][T21869] R13: 00007f7e47836038 R14: 00007f7e47835fa0 R15: 00007fff41201118
[  401.698647][T21869]  </TASK>
[  402.124824][T21883] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21883 comm=syz.3.6789
[  402.161659][T21888] netlink: 'wޣ�': attribute type 21 has an invalid length.
[  402.173610][T21888] netlink: 132 bytes leftover after parsing attributes in process `wޣ�'.
[  402.243134][T21894] vhci_hcd: invalid port number 96
[  402.248315][T21894] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  402.310973][T21899] dummy0: entered promiscuous mode
[  402.344054][T21904] FAULT_INJECTION: forcing a failure.
[  402.344054][T21904] name failslab, interval 1, probability 0, space 0, times 0
[  402.357139][T21904] CPU: 0 UID: 0 PID: 21904 Comm: syz.2.6801 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  402.357215][T21904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  402.357232][T21904] Call Trace:
[  402.357241][T21904]  <TASK>
[  402.357251][T21904]  __dump_stack+0x1d/0x30
[  402.357277][T21904]  dump_stack_lvl+0xe8/0x140
[  402.357302][T21904]  dump_stack+0x15/0x1b
[  402.357323][T21904]  should_fail_ex+0x265/0x280
[  402.357370][T21904]  should_failslab+0x8c/0xb0
[  402.357403][T21904]  kmem_cache_alloc_noprof+0x50/0x310
[  402.357447][T21904]  ? getname_flags+0x80/0x3b0
[  402.357486][T21904]  getname_flags+0x80/0x3b0
[  402.357518][T21904]  __se_sys_move_mount+0x168/0x490
[  402.357589][T21904]  ? fput+0x8f/0xc0
[  402.357620][T21904]  __x64_sys_move_mount+0x67/0x80
[  402.357644][T21904]  x64_sys_call+0xcfe/0x2ff0
[  402.357669][T21904]  do_syscall_64+0xd2/0x200
[  402.357779][T21904]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  402.357804][T21904]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  402.357837][T21904]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.357865][T21904] RIP: 0033:0x7fe51437eec9
[  402.357955][T21904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  402.357972][T21904] RSP: 002b:00007fe512de7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ad
[  402.357991][T21904] RAX: ffffffffffffffda RBX: 00007fe5145d5fa0 RCX: 00007fe51437eec9
[  402.358045][T21904] RDX: ffffffffffffff9c RSI: 0000200000000140 RDI: 0000000000000005
[  402.358062][T21904] RBP: 00007fe512de7090 R08: 0000000000000000 R09: 0000000000000000
[  402.358079][T21904] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001
[  402.358095][T21904] R13: 00007fe5145d6038 R14: 00007fe5145d5fa0 R15: 00007fffe88dbb58
[  402.358117][T21904]  </TASK>
[  402.436526][T21899] macsec1: entered promiscuous mode
[  402.550892][T21899] macsec1: entered allmulticast mode
[  402.556335][T21899] dummy0: entered allmulticast mode
[  402.563052][T21899] dummy0: left allmulticast mode
[  402.586419][T21909] netlink: 'syz.2.6803': attribute type 10 has an invalid length.
[  402.596298][T21899] dummy0: left promiscuous mode
[  402.624100][T21909] team0: Device hsr_slave_0 failed to register rx_handler
[  402.720346][T21916] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6805'.
[  402.729540][T21916] netlink: 196 bytes leftover after parsing attributes in process `syz.1.6805'.
[  402.774349][T21916] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6805'.
[  402.828896][T21919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  402.839050][T21919] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  403.043613][T21930] netlink: 'syz.2.6812': attribute type 10 has an invalid length.
[  403.053382][T21930] team0: Device hsr_slave_0 failed to register rx_handler
[  403.257739][T21945] wg2: entered promiscuous mode
[  403.262722][T21945] wg2: entered allmulticast mode
[  403.541157][T21949] tipc: Started in network mode
[  403.546145][T21949] tipc: Node identity ac14140f, cluster identity 4711
[  403.553222][T21949] tipc: New replicast peer: 255.255.255.255
[  403.559472][T21949] tipc: Enabled bearer <udp:�>, priority 10
[  403.656072][T21963] netlink: 'syz.2.6825': attribute type 10 has an invalid length.
[  403.664638][T21963] team0: Device hsr_slave_0 failed to register rx_handler
[  403.693893][T21970] FAULT_INJECTION: forcing a failure.
[  403.693893][T21970] name failslab, interval 1, probability 0, space 0, times 0
[  403.706843][T21970] CPU: 1 UID: 0 PID: 21970 Comm: syz.2.6828 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  403.706874][T21970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  403.706890][T21970] Call Trace:
[  403.706969][T21970]  <TASK>
[  403.706978][T21970]  __dump_stack+0x1d/0x30
[  403.707016][T21970]  dump_stack_lvl+0xe8/0x140
[  403.707069][T21970]  dump_stack+0x15/0x1b
[  403.707090][T21970]  should_fail_ex+0x265/0x280
[  403.707120][T21970]  ? sctp_auth_asoc_copy_shkeys+0xfa/0x330
[  403.707156][T21970]  should_failslab+0x8c/0xb0
[  403.707186][T21970]  __kmalloc_cache_noprof+0x4c/0x320
[  403.707249][T21970]  sctp_auth_asoc_copy_shkeys+0xfa/0x330
[  403.707289][T21970]  sctp_association_new+0xde5/0x1200
[  403.707334][T21970]  sctp_connect_new_asoc+0x1a8/0x3a0
[  403.707357][T21970]  sctp_sendmsg+0xf10/0x18d0
[  403.707451][T21970]  ? selinux_socket_sendmsg+0x171/0x1b0
[  403.707493][T21970]  ? __pfx_sctp_sendmsg+0x10/0x10
[  403.707528][T21970]  inet_sendmsg+0xc2/0xd0
[  403.707579][T21970]  __sock_sendmsg+0x102/0x180
[  403.707682][T21970]  __sys_sendto+0x268/0x330
[  403.707720][T21970]  __x64_sys_sendto+0x76/0x90
[  403.707749][T21970]  x64_sys_call+0x2d05/0x2ff0
[  403.707777][T21970]  do_syscall_64+0xd2/0x200
[  403.707892][T21970]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  403.707917][T21970]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  403.708014][T21970]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.708065][T21970] RIP: 0033:0x7fe51437eec9
[  403.708144][T21970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  403.708162][T21970] RSP: 002b:00007fe512de7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  403.708181][T21970] RAX: ffffffffffffffda RBX: 00007fe5145d5fa0 RCX: 00007fe51437eec9
[  403.708197][T21970] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000003
[  403.708209][T21970] RBP: 00007fe512de7090 R08: 0000200000000040 R09: 000000000000001c
[  403.708221][T21970] R10: 0000000004000040 R11: 0000000000000246 R12: 0000000000000001
[  403.708233][T21970] R13: 00007fe5145d6038 R14: 00007fe5145d5fa0 R15: 00007fffe88dbb58
[  403.708251][T21970]  </TASK>
[  403.978384][T21977] FAULT_INJECTION: forcing a failure.
[  403.978384][T21977] name failslab, interval 1, probability 0, space 0, times 0
[  403.991145][T21977] CPU: 0 UID: 0 PID: 21977 Comm: +}[@ Not tainted syzkaller #0 PREEMPT(voluntary) 
[  403.991183][T21977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  403.991199][T21977] Call Trace:
[  403.991208][T21977]  <TASK>
[  403.991218][T21977]  __dump_stack+0x1d/0x30
[  403.991294][T21977]  dump_stack_lvl+0xe8/0x140
[  403.991387][T21977]  dump_stack+0x15/0x1b
[  403.991403][T21977]  should_fail_ex+0x265/0x280
[  403.991441][T21977]  ? audit_log_d_path+0x8d/0x150
[  403.991485][T21977]  should_failslab+0x8c/0xb0
[  403.991516][T21977]  __kmalloc_cache_noprof+0x4c/0x320
[  403.991718][T21977]  audit_log_d_path+0x8d/0x150
[  403.991754][T21977]  audit_log_d_path_exe+0x42/0x70
[  403.991795][T21977]  audit_log_task+0x1e9/0x250
[  403.991905][T21977]  audit_seccomp+0x61/0x100
[  403.991947][T21977]  ? __seccomp_filter+0x68c/0x10d0
[  403.991973][T21977]  __seccomp_filter+0x69d/0x10d0
[  403.992003][T21977]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  403.992055][T21977]  ? vfs_write+0x7e8/0x960
[  403.992082][T21977]  ? __rcu_read_unlock+0x4f/0x70
[  403.992112][T21977]  ? __fget_files+0x184/0x1c0
[  403.992146][T21977]  __secure_computing+0x82/0x150
[  403.992167][T21977]  syscall_trace_enter+0xcf/0x1e0
[  403.992245][T21977]  do_syscall_64+0xac/0x200
[  403.992283][T21977]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  403.992333][T21977]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  403.992368][T21977]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.992389][T21977] RIP: 0033:0x7fe51437eec9
[  403.992429][T21977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  403.992498][T21977] RSP: 002b:00007fe512de7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  403.992521][T21977] RAX: ffffffffffffffda RBX: 00007fe5145d5fa0 RCX: 00007fe51437eec9
[  403.992534][T21977] RDX: 0000000000001001 RSI: 00002000000019c0 RDI: 0000000000000009
[  403.992546][T21977] RBP: 00007fe512de7090 R08: 0000000000000000 R09: 0000000000000000
[  403.992558][T21977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  403.992570][T21977] R13: 00007fe5145d6038 R14: 00007fe5145d5fa0 R15: 00007fffe88dbb58
[  403.992591][T21977]  </TASK>
[  403.993601][T21979] FAULT_INJECTION: forcing a failure.
[  403.993601][T21979] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  404.013292][T21977] loop2: detected capacity change from 0 to 256
[  404.015890][T21979] CPU: 1 UID: 0 PID: 21979 Comm: syz.0.6832 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  404.015946][T21979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  404.015973][T21979] Call Trace:
[  404.015984][T21979]  <TASK>
[  404.015995][T21979]  __dump_stack+0x1d/0x30
[  404.016026][T21979]  dump_stack_lvl+0xe8/0x140
[  404.016113][T21979]  dump_stack+0x15/0x1b
[  404.016137][T21979]  should_fail_ex+0x265/0x280
[  404.016172][T21979]  should_fail+0xb/0x20
[  404.016203][T21979]  should_fail_usercopy+0x1a/0x20
[  404.016292][T21979]  copy_folio_from_iter_atomic+0x278/0x11b0
[  404.016346][T21979]  ? shmem_write_begin+0xa8/0x190
[  404.016373][T21979]  ? shmem_write_begin+0xe1/0x190
[  404.016479][T21979]  generic_perform_write+0x2c2/0x490
[  404.016519][T21979]  shmem_file_write_iter+0xc5/0xf0
[  404.016553][T21979]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  404.016621][T21979]  vfs_write+0x52a/0x960
[  404.016661][T21979]  ksys_write+0xda/0x1a0
[  404.016693][T21979]  __x64_sys_write+0x40/0x50
[  404.016735][T21979]  x64_sys_call+0x27fe/0x2ff0
[  404.016763][T21979]  do_syscall_64+0xd2/0x200
[  404.016820][T21979]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  404.016855][T21979]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  404.016912][T21979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.017003][T21979] RIP: 0033:0x7febfd2ceec9
[  404.017024][T21979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  404.017049][T21979] RSP: 002b:00007febfbd2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  404.017075][T21979] RAX: ffffffffffffffda RBX: 00007febfd525fa0 RCX: 00007febfd2ceec9
[  404.017092][T21979] RDX: 000000000208e24b RSI: 0000200000000040 RDI: 0000000000000003
[  404.017126][T21979] RBP: 00007febfbd2f090 R08: 0000000000000000 R09: 0000000000000000
[  404.017143][T21979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  404.017160][T21979] R13: 00007febfd526038 R14: 00007febfd525fa0 R15: 00007ffe83886da8
[  404.017187][T21979]  </TASK>
[  404.437106][T21977] vfat: Unknown parameter '����'
[  404.518144][T21993] netlink: 'syz.2.6839': attribute type 10 has an invalid length.
[  404.526968][T21993] team0: Device hsr_slave_0 failed to register rx_handler
[  404.579449][T22001] loop2: detected capacity change from 0 to 512
[  404.590282][T22001] EXT4-fs error (device loop2): ext4_xattr_inode_iget:442: comm syz.2.6842: error while reading EA inode 32 err=-116
[  404.621128][T22001] EXT4-fs (loop2): Remounting filesystem read-only
[  404.622665][ T3595] tipc: Node number set to 2886997007
[  404.627812][T22001] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  404.669096][T22001] EXT4-fs (loop2): 1 orphan inode deleted
[  404.685328][T22001] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  404.725424][T22001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  404.896441][   T29] kauditd_printk_skb: 618 callbacks suppressed
[  404.896460][   T29] audit: type=1326 audit(1182.469:54356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22016 comm="syz.1.6848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  404.925952][   T29] audit: type=1326 audit(1182.469:54357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22016 comm="syz.1.6848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  404.949185][   T29] audit: type=1326 audit(1182.469:54358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22016 comm="syz.1.6848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  404.972472][   T29] audit: type=1326 audit(1182.469:54359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22016 comm="syz.1.6848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  404.995931][   T29] audit: type=1326 audit(1182.469:54360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22016 comm="syz.1.6848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  405.019207][   T29] audit: type=1326 audit(1182.469:54361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22016 comm="syz.1.6848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  405.042529][   T29] audit: type=1326 audit(1182.469:54362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22016 comm="syz.1.6848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  405.065999][   T29] audit: type=1326 audit(1182.469:54363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22016 comm="syz.1.6848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  405.089258][   T29] audit: type=1326 audit(1182.469:54364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22016 comm="syz.1.6848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  405.112824][   T29] audit: type=1326 audit(1182.469:54365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22016 comm="syz.1.6848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd53e03eec9 code=0x7ffc0000
[  405.363793][T22031] netlink: 'syz.0.6853': attribute type 10 has an invalid length.
[  405.372746][T22031] team0: Device hsr_slave_0 failed to register rx_handler
[  405.402677][T22033] __nla_validate_parse: 15 callbacks suppressed
[  405.402692][T22033] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6854'.
[  405.428035][T22035] netlink: 'wޣ�': attribute type 21 has an invalid length.
[  405.436797][T22035] netlink: 132 bytes leftover after parsing attributes in process `wޣ�'.
[  405.655464][T22047] usb usb8: usbfs: process 22047 (syz.0.6856) did not claim interface 0 before use
[  405.799787][T22050] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6861'.
[  405.957705][T22056] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6864'.
[  406.026835][T22058] netlink: 'syz.1.6865': attribute type 10 has an invalid length.
[  406.043509][T22058] team0: Device hsr_slave_0 failed to register rx_handler
[  406.055663][T22060] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6866'.
[  406.123914][T22066] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6869'.
[  406.133115][T22066] netlink: 196 bytes leftover after parsing attributes in process `syz.3.6869'.
[  406.139194][T22064] vhci_hcd: invalid port number 96
[  406.142616][T22066] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6869'.
[  406.147691][T22064] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  406.157455][T22066] netlink: 196 bytes leftover after parsing attributes in process `syz.3.6869'.
[  406.222612][T22074] dummy0: entered promiscuous mode
[  406.228109][T22074] macsec1: entered promiscuous mode
[  406.245964][T22074] macsec1: entered allmulticast mode
[  406.300461][T22074] dummy0: entered allmulticast mode
[  406.339524][T22074] dummy0: left allmulticast mode
[  406.344569][T22074] dummy0: left promiscuous mode
[  406.360584][T22085] netlink: 'syz.1.6877': attribute type 10 has an invalid length.
[  406.374118][T22085] team0: Device hsr_slave_0 failed to register rx_handler
[  406.523876][T22093] loop2: detected capacity change from 0 to 128
[  406.536894][T22092] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6880'.
[  406.553684][T22088] vhci_hcd: invalid port number 96
[  406.558973][T22088] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  406.939027][T21824] kworker/u8:55: attempt to access beyond end of device
[  406.939027][T21824] loop2: rw=1, sector=145, nr_sectors = 16 limit=128
[  407.030143][T21824] kworker/u8:55: attempt to access beyond end of device
[  407.030143][T21824] loop2: rw=1, sector=169, nr_sectors = 8 limit=128
[  407.068171][T21824] kworker/u8:55: attempt to access beyond end of device
[  407.068171][T21824] loop2: rw=1, sector=185, nr_sectors = 8 limit=128
[  407.103318][T21824] kworker/u8:55: attempt to access beyond end of device
[  407.103318][T21824] loop2: rw=1, sector=201, nr_sectors = 8 limit=128
[  407.145477][T21824] kworker/u8:55: attempt to access beyond end of device
[  407.145477][T21824] loop2: rw=1, sector=217, nr_sectors = 8 limit=128
[  407.183749][T21824] kworker/u8:55: attempt to access beyond end of device
[  407.183749][T21824] loop2: rw=1, sector=233, nr_sectors = 8 limit=128
[  407.221389][T21824] kworker/u8:55: attempt to access beyond end of device
[  407.221389][T21824] loop2: rw=1, sector=249, nr_sectors = 8 limit=128
[  407.264021][T21824] kworker/u8:55: attempt to access beyond end of device
[  407.264021][T21824] loop2: rw=1, sector=265, nr_sectors = 8 limit=128
[  407.297946][T21824] kworker/u8:55: attempt to access beyond end of device
[  407.297946][T21824] loop2: rw=1, sector=281, nr_sectors = 8 limit=128
[  407.339004][T21824] kworker/u8:55: attempt to access beyond end of device
[  407.339004][T21824] loop2: rw=1, sector=297, nr_sectors = 8 limit=128
[  407.894442][T22144] FAULT_INJECTION: forcing a failure.
[  407.894442][T22144] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  407.908070][T22144] CPU: 0 UID: 0 PID: 22144 Comm: syz.2.6898 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  407.908105][T22144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  407.908121][T22144] Call Trace:
[  407.908130][T22144]  <TASK>
[  407.908139][T22144]  __dump_stack+0x1d/0x30
[  407.908200][T22144]  dump_stack_lvl+0xe8/0x140
[  407.908220][T22144]  dump_stack+0x15/0x1b
[  407.908265][T22144]  should_fail_ex+0x265/0x280
[  407.908291][T22144]  should_fail_alloc_page+0xf2/0x100
[  407.908367][T22144]  alloc_pages_bulk_noprof+0xef/0x540
[  407.908413][T22144]  copy_splice_read+0xf3/0x660
[  407.908442][T22144]  ? __pfx_copy_splice_read+0x10/0x10
[  407.908525][T22144]  splice_direct_to_actor+0x26f/0x680
[  407.908552][T22144]  ? __pfx_direct_splice_actor+0x10/0x10
[  407.908629][T22144]  do_splice_direct+0xda/0x150
[  407.908654][T22144]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  407.908682][T22144]  do_sendfile+0x380/0x650
[  407.908729][T22144]  __x64_sys_sendfile64+0x105/0x150
[  407.908765][T22144]  x64_sys_call+0x2bb0/0x2ff0
[  407.908788][T22144]  do_syscall_64+0xd2/0x200
[  407.908899][T22144]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  407.908930][T22144]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  407.908960][T22144]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.908982][T22144] RIP: 0033:0x7fe51437eec9
[  407.908998][T22144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  407.909074][T22144] RSP: 002b:00007fe512de7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  407.909093][T22144] RAX: ffffffffffffffda RBX: 00007fe5145d5fa0 RCX: 00007fe51437eec9
[  407.909106][T22144] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  407.909118][T22144] RBP: 00007fe512de7090 R08: 0000000000000000 R09: 0000000000000000
[  407.909193][T22144] R10: 0000020000023892 R11: 0000000000000246 R12: 0000000000000001
[  407.909209][T22144] R13: 00007fe5145d6038 R14: 00007fe5145d5fa0 R15: 00007fffe88dbb58
[  407.909233][T22144]  </TASK>
[  408.195090][T22154] loop2: detected capacity change from 0 to 256
[  408.202745][T22154] vfat: Unknown parameter '���'
[  408.331384][T22178] netlink: 'wޣ�': attribute type 21 has an invalid length.
[  408.393480][T22184] FAULT_INJECTION: forcing a failure.
[  408.393480][T22184] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  408.407235][T22184] CPU: 1 UID: 0 PID: 22184 Comm: syz.5.6916 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  408.407263][T22184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  408.407414][T22184] Call Trace:
[  408.407421][T22184]  <TASK>
[  408.407430][T22184]  __dump_stack+0x1d/0x30
[  408.407455][T22184]  dump_stack_lvl+0xe8/0x140
[  408.407480][T22184]  dump_stack+0x15/0x1b
[  408.407501][T22184]  should_fail_ex+0x265/0x280
[  408.407528][T22184]  should_fail+0xb/0x20
[  408.407617][T22184]  should_fail_usercopy+0x1a/0x20
[  408.407668][T22184]  _copy_to_user+0x20/0xa0
[  408.407707][T22184]  bpf_test_finish+0x1a7/0x500
[  408.407736][T22184]  bpf_prog_test_run_xdp+0x578/0x910
[  408.407765][T22184]  ? __rcu_read_unlock+0x4f/0x70
[  408.407822][T22184]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  408.407877][T22184]  bpf_prog_test_run+0x227/0x390
[  408.407909][T22184]  __sys_bpf+0x4b9/0x7b0
[  408.407945][T22184]  __x64_sys_bpf+0x41/0x50
[  408.407979][T22184]  x64_sys_call+0x2aea/0x2ff0
[  408.408002][T22184]  do_syscall_64+0xd2/0x200
[  408.408094][T22184]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  408.408171][T22184]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  408.408212][T22184]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.408239][T22184] RIP: 0033:0x7f7e475deec9
[  408.408258][T22184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.408280][T22184] RSP: 002b:00007f7e4603f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  408.408306][T22184] RAX: ffffffffffffffda RBX: 00007f7e47835fa0 RCX: 00007f7e475deec9
[  408.408400][T22184] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  408.408417][T22184] RBP: 00007f7e4603f090 R08: 0000000000000000 R09: 0000000000000000
[  408.408432][T22184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  408.408446][T22184] R13: 00007f7e47836038 R14: 00007f7e47835fa0 R15: 00007fff41201118
[  408.408504][T22184]  </TASK>
[  408.409531][T22180] vhci_hcd: invalid port number 96
[  408.612653][T22180] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  408.816382][T22213] vhci_hcd: invalid port number 96
[  408.821664][T22213] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  408.873903][T22219] FAULT_INJECTION: forcing a failure.
[  408.873903][T22219] name failslab, interval 1, probability 0, space 0, times 0
[  408.886866][T22219] CPU: 0 UID: 0 PID: 22219 Comm: syz.5.6932 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  408.886894][T22219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  408.886906][T22219] Call Trace:
[  408.886912][T22219]  <TASK>
[  408.886921][T22219]  __dump_stack+0x1d/0x30
[  408.886946][T22219]  dump_stack_lvl+0xe8/0x140
[  408.887038][T22219]  dump_stack+0x15/0x1b
[  408.887054][T22219]  should_fail_ex+0x265/0x280
[  408.887080][T22219]  should_failslab+0x8c/0xb0
[  408.887105][T22219]  kmem_cache_alloc_noprof+0x50/0x310
[  408.887133][T22219]  ? getname_flags+0x80/0x3b0
[  408.887238][T22219]  getname_flags+0x80/0x3b0
[  408.887301][T22219]  __x64_sys_mknod+0x40/0x60
[  408.887321][T22219]  x64_sys_call+0x2d47/0x2ff0
[  408.887343][T22219]  do_syscall_64+0xd2/0x200
[  408.887390][T22219]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  408.887474][T22219]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  408.887606][T22219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.887626][T22219] RIP: 0033:0x7f7e475deec9
[  408.887647][T22219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.887671][T22219] RSP: 002b:00007f7e4603f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  408.887695][T22219] RAX: ffffffffffffffda RBX: 00007f7e47835fa0 RCX: 00007f7e475deec9
[  408.887707][T22219] RDX: 000000000000070b RSI: 100000000000600d RDI: 0000200000000080
[  408.887722][T22219] RBP: 00007f7e4603f090 R08: 0000000000000000 R09: 0000000000000000
[  408.887736][T22219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  408.887824][T22219] R13: 00007f7e47836038 R14: 00007f7e47835fa0 R15: 00007fff41201118
[  408.887848][T22219]  </TASK>
[  409.142258][T22222] usb usb8: usbfs: process 22222 (syz.0.6925) did not claim interface 0 before use
[  409.650460][T22240] IPv6: sit1: Disabled Multicast RS
[  409.656460][T22240] sit1: entered allmulticast mode
[  409.687698][T22246] unsupported nla_type 65024
[  409.692429][   T29] kauditd_printk_skb: 455 callbacks suppressed
[  409.692550][   T29] audit: type=1400 audit(1187.499:54821): avc:  denied  { write } for  pid=22244 comm="syz.5.6939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  409.718527][   T29] audit: type=1400 audit(1187.499:54822): avc:  denied  { nlmsg_write } for  pid=22244 comm="syz.5.6939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  409.740376][   T29] audit: type=1326 audit(1187.510:54823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22239 comm="syz.3.6940" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3b02f3eec9 code=0x0
[  409.799152][   T29] audit: type=1326 audit(1187.615:54824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22257 comm="syz.0.6946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febfd2ceec9 code=0x7ffc0000
[  409.822833][   T29] audit: type=1326 audit(1187.615:54825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22257 comm="syz.0.6946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7febfd2ceec9 code=0x7ffc0000
[  409.846231][   T29] audit: type=1326 audit(1187.615:54826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22257 comm="syz.0.6946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febfd2ceec9 code=0x7ffc0000
[  409.872475][   T29] audit: type=1326 audit(1187.699:54827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22257 comm="syz.0.6946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7febfd2ceec9 code=0x7ffc0000
[  409.895787][   T29] audit: type=1326 audit(1187.699:54828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22257 comm="syz.0.6946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febfd2ceec9 code=0x7ffc0000
[  409.919472][   T29] audit: type=1326 audit(1187.699:54829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22257 comm="syz.0.6946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7febfd2ceec9 code=0x7ffc0000
[  409.942687][   T29] audit: type=1326 audit(1187.699:54830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22257 comm="syz.0.6946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febfd2ceec9 code=0x7ffc0000
[  410.172804][T22278] usb usb8: usbfs: process 22278 (syz.2.6948) did not claim interface 0 before use
[  410.372293][T22284] __nla_validate_parse: 28 callbacks suppressed
[  410.372315][T22284] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6957'.
[  410.457806][T22284] FAULT_INJECTION: forcing a failure.
[  410.457806][T22284] name failslab, interval 1, probability 0, space 0, times 0
[  410.470727][T22284] CPU: 1 UID: 0 PID: 22284 Comm: syz.5.6957 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  410.470759][T22284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  410.470790][T22284] Call Trace:
[  410.470795][T22284]  <TASK>
[  410.470822][T22284]  __dump_stack+0x1d/0x30
[  410.470848][T22284]  dump_stack_lvl+0xe8/0x140
[  410.470872][T22284]  dump_stack+0x15/0x1b
[  410.470892][T22284]  should_fail_ex+0x265/0x280
[  410.470918][T22284]  ? nsim_fib_event_nb+0x1a0/0xcb0
[  410.470964][T22284]  should_failslab+0x8c/0xb0
[  410.470988][T22284]  __kmalloc_cache_noprof+0x4c/0x320
[  410.471035][T22284]  nsim_fib_event_nb+0x1a0/0xcb0
[  410.471060][T22284]  ? fib_nh_match+0x7d1/0xa20
[  410.471083][T22284]  ? __pfx_nsim_fib_event_nb+0x10/0x10
[  410.471108][T22284]  atomic_notifier_call_chain+0x73/0x1c0
[  410.471210][T22284]  call_fib_notifiers+0x65/0xa0
[  410.471247][T22284]  call_fib4_notifiers+0x93/0xe0
[  410.471303][T22284]  fib_table_delete+0x745/0x830
[  410.471340][T22284]  fib_magic+0x1ba/0x1f0
[  410.471364][T22284]  fib_del_ifaddr+0x1cf/0xa90
[  410.471388][T22284]  ? finish_task_switch+0xad/0x2b0
[  410.471453][T22284]  ? __schedule+0x6b9/0xb30
[  410.471482][T22284]  fib_inetaddr_event+0x79/0x1f0
[  410.471509][T22284]  ? inetaddr_event+0x71/0xa0
[  410.471592][T22284]  ? __pfx_fib_inetaddr_event+0x10/0x10
[  410.471618][T22284]  blocking_notifier_call_chain+0x9b/0x1f0
[  410.471640][T22284]  __inet_del_ifa+0x4e5/0x7f0
[  410.471661][T22284]  devinet_ioctl+0x7bd/0xe40
[  410.471730][T22284]  inet_ioctl+0x2f8/0x3a0
[  410.471762][T22284]  sock_do_ioctl+0x70/0x220
[  410.471861][T22284]  sock_ioctl+0x41b/0x610
[  410.471898][T22284]  ? __cond_resched+0x4e/0x90
[  410.471980][T22284]  ? __pfx_sock_ioctl+0x10/0x10
[  410.472044][T22284]  __se_sys_ioctl+0xcb/0x140
[  410.472071][T22284]  __x64_sys_ioctl+0x43/0x50
[  410.472094][T22284]  x64_sys_call+0x1816/0x2ff0
[  410.472121][T22284]  do_syscall_64+0xd2/0x200
[  410.472153][T22284]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  410.472177][T22284]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  410.472273][T22284]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.472294][T22284] RIP: 0033:0x7f7e475deec9
[  410.472309][T22284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  410.472327][T22284] RSP: 002b:00007f7e4603f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  410.472395][T22284] RAX: ffffffffffffffda RBX: 00007f7e47835fa0 RCX: 00007f7e475deec9
[  410.472412][T22284] RDX: 0000200000000180 RSI: 0000000000008916 RDI: 0000000000000003
[  410.472426][T22284] RBP: 00007f7e4603f090 R08: 0000000000000000 R09: 0000000000000000
[  410.472437][T22284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  410.472449][T22284] R13: 00007f7e47836038 R14: 00007f7e47835fa0 R15: 00007fff41201118
[  410.472481][T22284]  </TASK>
[  410.876546][T22302] netlink: 'syz.3.6965': attribute type 10 has an invalid length.
[  410.885003][T22302] team0: Device hsr_slave_0 failed to register rx_handler
[  411.644790][T22315] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6969'.
[  411.690960][T22317] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.745630][T22317] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.821563][T22325] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  411.844408][T22317] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.932228][T22317] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.991777][T22334] usb usb8: usbfs: process 22334 (syz.0.6972) did not claim interface 0 before use
[  412.190400][T21791] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  412.222082][T21791] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  412.258838][T21791] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  412.294885][T21791] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  412.449624][T22344] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6980'.
[  412.547283][T22354] loop2: detected capacity change from 0 to 1024
[  412.555439][T22354] EXT4-fs: Ignoring removed bh option
[  412.572944][T22354] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  412.606159][T22354] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  412.774908][T22373] dummy0: entered promiscuous mode
[  412.780427][T22373] macsec1: entered promiscuous mode
[  412.787580][T22373] macsec1: entered allmulticast mode
[  412.793094][T22373] dummy0: entered allmulticast mode
[  412.808411][T22373] dummy0: left allmulticast mode
[  412.821033][T22373] dummy0: left promiscuous mode
[  413.577368][T22419] usb usb8: usbfs: process 22419 (syz.1.7007) did not claim interface 0 before use
[  413.879451][T22423] usb usb8: usbfs: process 22423 (syz.3.7009) did not claim interface 0 before use
[  414.296939][T20238] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  414.419227][T22447] netlink: 'syz.0.7020': attribute type 10 has an invalid length.
[  414.429192][T22447] team0: Device hsr_slave_0 failed to register rx_handler
[  414.527535][T22455] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7023'.
[  414.577514][T22459] netlink: 'syz.3.7024': attribute type 10 has an invalid length.
[  414.586890][T22459] team0: Device hsr_slave_0 failed to register rx_handler
[  414.602045][T22461] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7025'.
[  414.660234][T22464] usb usb8: usbfs: process 22464 (syz.1.7022) did not claim interface 0 before use
[  414.677336][T22463] vhci_hcd: invalid port number 96
[  414.682672][T22463] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  415.053778][T22475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  415.080060][T22475] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  415.113740][T22485] netlink: 'syz.5.7036': attribute type 10 has an invalid length.
[  415.122076][T22485] team0: Device hsr_slave_0 failed to register rx_handler
[  415.156135][T22488] netlink: 'syz.5.7037': attribute type 21 has an invalid length.
[  415.164828][T22488] netlink: 132 bytes leftover after parsing attributes in process `syz.5.7037'.
[  415.280297][T22492] netlink: 24 bytes leftover after parsing attributes in process `syz.5.7039'.
[  415.383081][   T29] kauditd_printk_skb: 423 callbacks suppressed
[  415.383100][   T29] audit: type=1326 audit(1193.477:55254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22495 comm="syz.5.7041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e475deec9 code=0x7ffc0000
[  415.413843][   T29] audit: type=1326 audit(1193.477:55255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22495 comm="syz.5.7041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e475deec9 code=0x7ffc0000
[  415.437472][   T29] audit: type=1326 audit(1193.477:55256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22495 comm="syz.5.7041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7f7e475deec9 code=0x7ffc0000
[  415.460802][   T29] audit: type=1326 audit(1193.477:55257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22495 comm="syz.5.7041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e475deec9 code=0x7ffc0000
[  415.484146][   T29] audit: type=1326 audit(1193.477:55258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22495 comm="syz.5.7041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e475deec9 code=0x7ffc0000
[  415.507368][   T29] audit: type=1326 audit(1193.477:55259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22495 comm="syz.5.7041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=260 compat=0 ip=0x7f7e475deec9 code=0x7ffc0000
[  415.530480][   T29] audit: type=1326 audit(1193.477:55260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22495 comm="syz.5.7041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e475deec9 code=0x7ffc0000
[  415.553698][   T29] audit: type=1326 audit(1193.477:55261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22495 comm="syz.5.7041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e475deec9 code=0x7ffc0000
[  415.590901][T22496] netlink: 'syz.1.7040': attribute type 10 has an invalid length.
[  415.628194][T22496] team0: Device hsr_slave_0 failed to register rx_handler
[  415.882452][T22519] netlink: 'syz.5.7049': attribute type 21 has an invalid length.
[  415.912712][T22519] netlink: 132 bytes leftover after parsing attributes in process `syz.5.7049'.
[  416.000372][T22529] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7055'.
[  416.088002][   T29] audit: type=1326 audit(427.226:55262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22530 comm="syz.2.7057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  416.111220][   T29] audit: type=1326 audit(427.226:55263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22530 comm="syz.2.7057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  416.661210][T22554] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7067'.
[  416.763913][T22557] FAULT_INJECTION: forcing a failure.
[  416.763913][T22557] name failslab, interval 1, probability 0, space 0, times 0
[  416.776652][T22557] CPU: 1 UID: 0 PID: 22557 Comm: syz.0.7068 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  416.776687][T22557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  416.776727][T22557] Call Trace:
[  416.776735][T22557]  <TASK>
[  416.776743][T22557]  __dump_stack+0x1d/0x30
[  416.776764][T22557]  dump_stack_lvl+0xe8/0x140
[  416.776875][T22557]  dump_stack+0x15/0x1b
[  416.776897][T22557]  should_fail_ex+0x265/0x280
[  416.776965][T22557]  should_failslab+0x8c/0xb0
[  416.777055][T22557]  kmem_cache_alloc_node_noprof+0x57/0x320
[  416.777093][T22557]  ? __alloc_skb+0x101/0x320
[  416.777120][T22557]  __alloc_skb+0x101/0x320
[  416.777145][T22557]  inet_ifmcaddr_notify+0x64/0x120
[  416.777228][T22557]  __ip_mc_dec_group+0x1ac/0x3d0
[  416.777263][T22557]  ip_mc_down+0x13d/0x1c0
[  416.777305][T22557]  ip_mc_destroy_dev+0x58/0x2d0
[  416.777421][T22557]  inetdev_event+0x631/0xc10
[  416.777442][T22557]  ? __pfx_ib_netdevice_event+0x10/0x10
[  416.777468][T22557]  ? ib_netdevice_event+0x186/0x5f0
[  416.777500][T22557]  ? __pfx_inetdev_event+0x10/0x10
[  416.777525][T22557]  raw_notifier_call_chain+0x6f/0x1b0
[  416.777570][T22557]  ? call_netdevice_notifiers_info+0x9c/0x100
[  416.777606][T22557]  call_netdevice_notifiers_info+0xae/0x100
[  416.777646][T22557]  netif_set_mtu_ext+0x356/0x470
[  416.777729][T22557]  netif_set_mtu+0x4a/0xf0
[  416.777758][T22557]  dev_set_mtu+0xc1/0x170
[  416.777814][T22557]  dev_ifsioc+0x474/0xaa0
[  416.777843][T22557]  ? __rcu_read_unlock+0x4f/0x70
[  416.777879][T22557]  dev_ioctl+0x70a/0x960
[  416.777903][T22557]  sock_do_ioctl+0x197/0x220
[  416.777935][T22557]  sock_ioctl+0x41b/0x610
[  416.777973][T22557]  ? __pfx_sock_ioctl+0x10/0x10
[  416.778003][T22557]  __se_sys_ioctl+0xcb/0x140
[  416.778058][T22557]  __x64_sys_ioctl+0x43/0x50
[  416.778076][T22557]  x64_sys_call+0x1816/0x2ff0
[  416.778097][T22557]  do_syscall_64+0xd2/0x200
[  416.778127][T22557]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  416.778198][T22557]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  416.778228][T22557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.778256][T22557] RIP: 0033:0x7febfd2ceec9
[  416.778303][T22557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  416.778321][T22557] RSP: 002b:00007febfbd2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  416.778341][T22557] RAX: ffffffffffffffda RBX: 00007febfd525fa0 RCX: 00007febfd2ceec9
[  416.778378][T22557] RDX: 0000200000000080 RSI: 0000000000008922 RDI: 0000000000000007
[  416.778392][T22557] RBP: 00007febfbd2f090 R08: 0000000000000000 R09: 0000000000000000
[  416.778405][T22557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  416.778421][T22557] R13: 00007febfd526038 R14: 00007febfd525fa0 R15: 00007ffe83886da8
[  416.778444][T22557]  </TASK>
[  417.147430][T22570] loop2: detected capacity change from 0 to 164
[  417.177349][T22570] ISOFS: unable to read i-node block
[  417.182817][T22570] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  417.222835][T22570] netlink: 'syz.2.7074': attribute type 21 has an invalid length.
[  417.232402][T22570] netlink: 132 bytes leftover after parsing attributes in process `syz.2.7074'.
[  417.437073][T22600] netlink: 'syz.3.7083': attribute type 10 has an invalid length.
[  417.446284][T22600] team0: Device hsr_slave_0 failed to register rx_handler
[  417.662099][T22615] netlink: 'syz.3.7090': attribute type 21 has an invalid length.
[  417.670424][T22615] netlink: 132 bytes leftover after parsing attributes in process `syz.3.7090'.
[  417.907609][T22625] netlink: 'syz.3.7094': attribute type 10 has an invalid length.
[  417.915871][T22625] team0: Device hsr_slave_0 failed to register rx_handler
[  417.982634][T22632] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7097'.
[  418.043676][T22636] ip6tnl1: entered allmulticast mode
[  418.107426][T22644] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7105'.
[  418.185584][T22660] wg1: entered promiscuous mode
[  418.203104][T22660] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.259163][T22660] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.391715][T22681] netlink: 'syz.0.7119': attribute type 21 has an invalid length.
[  418.405974][T22660] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.418398][T22681] netlink: 132 bytes leftover after parsing attributes in process `syz.0.7119'.
[  418.596856][T22660] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.683017][T22692] usb usb8: usbfs: process 22692 (syz.0.7123) did not claim interface 0 before use
[  418.747313][T21791] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  418.814031][T21791] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  418.860216][T21791] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  418.903847][T21791] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  419.203173][T22701] FAULT_INJECTION: forcing a failure.
[  419.203173][T22701] name failslab, interval 1, probability 0, space 0, times 0
[  419.216100][T22701] CPU: 0 UID: 0 PID: 22701 Comm: syz.2.7127 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  419.216159][T22701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  419.216176][T22701] Call Trace:
[  419.216202][T22701]  <TASK>
[  419.216213][T22701]  __dump_stack+0x1d/0x30
[  419.216320][T22701]  dump_stack_lvl+0xe8/0x140
[  419.216346][T22701]  dump_stack+0x15/0x1b
[  419.216367][T22701]  should_fail_ex+0x265/0x280
[  419.216460][T22701]  should_failslab+0x8c/0xb0
[  419.216489][T22701]  kmem_cache_alloc_noprof+0x50/0x310
[  419.216516][T22701]  ? security_inode_alloc+0x37/0x100
[  419.216584][T22701]  security_inode_alloc+0x37/0x100
[  419.216678][T22701]  inode_init_always_gfp+0x4b7/0x500
[  419.216711][T22701]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  419.216733][T22701]  alloc_inode+0x58/0x170
[  419.216786][T22701]  new_inode+0x1d/0xe0
[  419.216809][T22701]  shmem_get_inode+0x244/0x750
[  419.216832][T22701]  __shmem_file_setup+0x113/0x210
[  419.216895][T22701]  shmem_file_setup+0x3b/0x50
[  419.216930][T22701]  __se_sys_memfd_create+0x2c3/0x590
[  419.216959][T22701]  __x64_sys_memfd_create+0x31/0x40
[  419.216985][T22701]  x64_sys_call+0x2abe/0x2ff0
[  419.217006][T22701]  do_syscall_64+0xd2/0x200
[  419.217065][T22701]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  419.217162][T22701]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  419.217199][T22701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.217264][T22701] RIP: 0033:0x7fe51437eec9
[  419.217280][T22701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.217297][T22701] RSP: 002b:00007fe512de6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  419.217321][T22701] RAX: ffffffffffffffda RBX: 0000000000000507 RCX: 00007fe51437eec9
[  419.217400][T22701] RDX: 00007fe512de6ef0 RSI: 0000000000000000 RDI: 00007fe514402960
[  419.217416][T22701] RBP: 0000200000001540 R08: 00007fe512de6bb7 R09: 00007fe512de6e40
[  419.217432][T22701] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000001c0
[  419.217449][T22701] R13: 00007fe512de6ef0 R14: 00007fe512de6eb0 R15: 0000200000000700
[  419.217474][T22701]  </TASK>
[  419.928713][T22739] usb usb8: usbfs: process 22739 (syz.2.7140) did not claim interface 0 before use
[  420.158493][   T29] kauditd_printk_skb: 305 callbacks suppressed
[  420.158511][   T29] audit: type=1326 audit(431.498:55569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22723 comm="syz.3.7136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3b02f35d67 code=0x7ffc0000
[  420.218735][   T29] audit: type=1326 audit(431.530:55570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22723 comm="syz.3.7136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3b02edaf79 code=0x7ffc0000
[  420.241830][   T29] audit: type=1326 audit(431.530:55571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22723 comm="syz.3.7136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3b02f35d67 code=0x7ffc0000
[  420.264795][   T29] audit: type=1326 audit(431.530:55572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22723 comm="syz.3.7136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3b02edaf79 code=0x7ffc0000
[  420.287763][   T29] audit: type=1326 audit(431.530:55573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22723 comm="syz.3.7136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=304 compat=0 ip=0x7f3b02f3eec9 code=0x7ffc0000
[  420.310894][   T29] audit: type=1326 audit(431.530:55574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22723 comm="syz.3.7136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3b02f35d67 code=0x7ffc0000
[  420.334314][   T29] audit: type=1326 audit(431.530:55575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22723 comm="syz.3.7136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3b02edaf79 code=0x7ffc0000
[  420.357724][   T29] audit: type=1326 audit(431.530:55576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22723 comm="syz.3.7136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=304 compat=0 ip=0x7f3b02f3eec9 code=0x7ffc0000
[  420.380904][   T29] audit: type=1326 audit(431.540:55577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22723 comm="syz.3.7136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3b02f35d67 code=0x7ffc0000
[  420.404306][   T29] audit: type=1326 audit(431.540:55578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22723 comm="syz.3.7136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3b02edaf79 code=0x7ffc0000
[  420.437322][T22741] netlink: 'syz.5.7141': attribute type 10 has an invalid length.
[  420.460086][T22741] team0: Device hsr_slave_0 failed to register rx_handler
[  420.475969][T22743] netlink: 'syz.3.7142': attribute type 10 has an invalid length.
[  420.539014][T22743] team0: Device hsr_slave_0 failed to register rx_handler
[  420.578029][T22757] __nla_validate_parse: 6 callbacks suppressed
[  420.578047][T22757] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7148'.
[  420.654042][T22769] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  420.663274][T22769] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  420.838924][T22777] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7156'.
[  420.913050][T22786] netlink: 'syz.2.7159': attribute type 1 has an invalid length.
[  420.937371][T22792] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7162'.
[  421.018081][T22801] netlink: 'syz.1.7165': attribute type 21 has an invalid length.
[  421.030721][T22801] netlink: 132 bytes leftover after parsing attributes in process `syz.1.7165'.
[  421.063104][T22803] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.071745][T22803] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  421.367383][T22831] netlink: 24 bytes leftover after parsing attributes in process `syz.5.7177'.
[  421.415322][T22829] vhci_hcd: invalid port number 96
[  421.420527][T22829] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  421.586526][T22840] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7181'.
[  421.678034][T22842] vhci_hcd: invalid port number 96
[  421.683389][T22842] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  421.890450][T22854] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7188'.
[  422.365384][T22875] usb usb8: usbfs: process 22875 (syz.2.7193) did not claim interface 0 before use
[  423.016130][T22898] netlink: 'syz.0.7203': attribute type 10 has an invalid length.
[  423.024818][T22898] team0: Device hsr_slave_0 failed to register rx_handler
[  423.133858][T22902] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7205'.
[  423.142987][T22902] netlink: 196 bytes leftover after parsing attributes in process `syz.0.7205'.
[  423.152494][T22902] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7205'.
[  423.257582][T22910] usb usb8: usbfs: process 22910 (syz.2.7204) did not claim interface 0 before use
[  423.626069][T22917] dummy0: entered promiscuous mode
[  423.631812][T22917] macsec1: entered promiscuous mode
[  423.637200][T22917] macsec1: entered allmulticast mode
[  423.644914][T22917] dummy0: entered allmulticast mode
[  424.420862][T22955] loop2: detected capacity change from 0 to 512
[  424.518905][T22955] EXT4-fs: Ignoring removed mblk_io_submit option
[  424.568615][T22955] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  424.650141][T22955] EXT4-fs (loop2): 1 truncate cleaned up
[  424.660736][T22968] netlink: 'syz.3.7226': attribute type 10 has an invalid length.
[  424.670318][T22955] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  424.683952][T22972] SELinux:  Context @���2��©o�@ is not valid (left unmapped).
[  424.692357][T22968] team0: Device hsr_slave_0 failed to register rx_handler
[  424.838042][T20238] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  424.993171][   T29] kauditd_printk_skb: 519 callbacks suppressed
[  424.993185][   T29] audit: type=1326 audit(436.567:56098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22998 comm="syz.5.7235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e475deec9 code=0x7ffc0000
[  425.091423][T23018] netlink: 'syz.2.7239': attribute type 10 has an invalid length.
[  425.102890][T23018] team0: Device hsr_slave_0 failed to register rx_handler
[  425.218215][   T29] audit: type=1326 audit(436.808:56099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23038 comm="syz.2.7250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  425.241440][   T29] audit: type=1326 audit(436.808:56100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23038 comm="syz.2.7250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  425.265378][   T29] audit: type=1326 audit(436.808:56101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23038 comm="syz.2.7250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  425.288676][   T29] audit: type=1326 audit(436.808:56102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23038 comm="syz.2.7250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  425.312013][   T29] audit: type=1326 audit(436.808:56103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23038 comm="syz.2.7250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  425.349494][T23049] loop2: detected capacity change from 0 to 512
[  425.360763][T23049] EXT4-fs: Ignoring removed mblk_io_submit option
[  425.367670][   T29] audit: type=1326 audit(436.808:56104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23038 comm="syz.2.7250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  425.390897][   T29] audit: type=1326 audit(436.955:56105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23038 comm="syz.2.7250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  425.414250][   T29] audit: type=1326 audit(436.955:56106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23038 comm="syz.2.7250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  425.437404][T23049] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  425.453938][T23049] EXT4-fs (loop2): 1 truncate cleaned up
[  425.460340][T23049] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  425.479115][   T29] audit: type=1326 audit(437.071:56107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23038 comm="syz.2.7250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe51437eec9 code=0x7ffc0000
[  425.524150][T20238] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  425.548338][T23053] vhci_hcd: invalid port number 96
[  425.553566][T23053] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  425.591324][T23061] netlink: 'syz.3.7256': attribute type 10 has an invalid length.
[  425.599645][T23061] team0: Device hsr_slave_0 failed to register rx_handler
[  425.630781][T23067] __nla_validate_parse: 11 callbacks suppressed
[  425.630803][T23067] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7260'.
[  425.658853][T23065] loop2: detected capacity change from 0 to 512
[  425.665766][T23067] syzkaller0: entered promiscuous mode
[  425.666374][T23065] EXT4-fs: Ignoring removed nobh option
[  425.671352][T23067] syzkaller0: entered allmulticast mode
[  425.676960][T23065] EXT4-fs: test_dummy_encryption option not supported
[  425.693032][T23067] netlink: 'syz.3.7260': attribute type 13 has an invalid length.
[  425.783314][T23075] sg_write: data in/out 987/8 bytes for SCSI command 0xfd-- guessing data in;
[  425.783314][T23075]    program syz.3.7264 not setting count and/or reply_len properly
[  425.859220][T23088] netlink: 'syz.3.7270': attribute type 10 has an invalid length.
[  425.868677][T23088] team0: Device hsr_slave_0 failed to register rx_handler
[  425.872861][T23082] vhci_hcd: invalid port number 96
[  425.881183][T23082] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  425.922245][T23092] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7272'.
[  425.949578][T23096] loop2: detected capacity change from 0 to 512
[  425.984311][T23096] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  426.014737][T23096] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  426.017566][T23108] FAULT_INJECTION: forcing a failure.
[  426.017566][T23108] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  426.036898][T23108] CPU: 1 UID: 0 PID: 23108 Comm: syz.1.7279 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  426.036991][T23108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  426.037008][T23108] Call Trace:
[  426.037015][T23108]  <TASK>
[  426.037104][T23108]  __dump_stack+0x1d/0x30
[  426.037132][T23108]  dump_stack_lvl+0xe8/0x140
[  426.037157][T23108]  dump_stack+0x15/0x1b
[  426.037178][T23108]  should_fail_ex+0x265/0x280
[  426.037210][T23108]  should_fail+0xb/0x20
[  426.037259][T23108]  should_fail_usercopy+0x1a/0x20
[  426.037305][T23108]  _copy_from_iter+0xd2/0xe80
[  426.037343][T23108]  ? __build_skb_around+0x1a0/0x200
[  426.037387][T23108]  ? __alloc_skb+0x223/0x320
[  426.037422][T23108]  netlink_sendmsg+0x471/0x6b0
[  426.037456][T23108]  ? __pfx_netlink_sendmsg+0x10/0x10
[  426.037565][T23108]  __sock_sendmsg+0x145/0x180
[  426.037604][T23108]  ____sys_sendmsg+0x31e/0x4e0
[  426.037639][T23108]  ___sys_sendmsg+0x17b/0x1d0
[  426.037684][T23108]  __x64_sys_sendmsg+0xd4/0x160
[  426.037722][T23108]  x64_sys_call+0x191e/0x2ff0
[  426.037758][T23108]  do_syscall_64+0xd2/0x200
[  426.037796][T23108]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  426.037838][T23108]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  426.037904][T23108]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.037933][T23108] RIP: 0033:0x7fd53e03eec9
[  426.037952][T23108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  426.037975][T23108] RSP: 002b:00007fd53caa7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  426.037999][T23108] RAX: ffffffffffffffda RBX: 00007fd53e295fa0 RCX: 00007fd53e03eec9
[  426.038015][T23108] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  426.038030][T23108] RBP: 00007fd53caa7090 R08: 0000000000000000 R09: 0000000000000000
[  426.038051][T23108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  426.038068][T23108] R13: 00007fd53e296038 R14: 00007fd53e295fa0 R15: 00007ffde8c2bcc8
[  426.038092][T23108]  </TASK>
[  426.294205][T23096] loop2: detected capacity change from 0 to 512
[  426.310934][T23096] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  426.324065][T23118] vhci_hcd: invalid port number 96
[  426.324940][T23096] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  426.329366][T23118] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  426.348182][T21834] ==================================================================
[  426.356330][T21834] BUG: KCSAN: data-race in n_tty_receive_char_flow_ctrl / tty_set_termios
[  426.364883][T21834] 
[  426.367236][T21834] write to 0xffff88813daeed08 of 44 bytes by task 23113 on cpu 1:
[  426.375166][T21834]  tty_set_termios+0xc0/0x8c0
[  426.379874][T21834]  set_termios+0x496/0x4e0
[  426.384307][T21834]  tty_mode_ioctl+0x379/0x5c0
[  426.389091][T21834]  n_tty_ioctl_helper+0x91/0x210
[  426.394344][T21834]  n_tty_ioctl+0x101/0x200
[  426.398866][T21834]  tty_ioctl+0x845/0xb80
[  426.403146][T21834]  __se_sys_ioctl+0xcb/0x140
[  426.407753][T21834]  __x64_sys_ioctl+0x43/0x50
[  426.412374][T21834]  x64_sys_call+0x1816/0x2ff0
[  426.417095][T21834]  do_syscall_64+0xd2/0x200
[  426.421660][T21834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.427610][T21834] 
[  426.429941][T21834] read to 0xffff88813daeed21 of 1 bytes by task 21834 on cpu 0:
[  426.437735][T21834]  n_tty_receive_char_flow_ctrl+0x23/0x1a0
[  426.443677][T21834]  n_tty_lookahead_flow_ctrl+0xed/0x130
[  426.449268][T21834]  tty_port_default_lookahead_buf+0x91/0xc0
[  426.455195][T21834]  flush_to_ldisc+0x285/0x340
[  426.459888][T21834]  process_scheduled_works+0x4cb/0x9d0
[  426.465373][T21834]  worker_thread+0x582/0x770
[  426.469987][T21834]  kthread+0x489/0x510
[  426.474096][T21834]  ret_from_fork+0x11f/0x1b0
[  426.478803][T21834]  ret_from_fork_asm+0x1a/0x30
[  426.483683][T21834] 
[  426.486145][T21834] value changed: 0x11 -> 0x5e
[  426.490856][T21834] 
[  426.493182][T21834] Reported by Kernel Concurrency Sanitizer on:
[  426.499366][T21834] CPU: 0 UID: 0 PID: 21834 Comm: kworker/u8:65 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  426.509540][T21834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  426.519657][T21834] Workqueue: events_unbound flush_to_ldisc
[  426.525535][T21834] ==================================================================
[  426.548407][T23096] loop2: detected capacity change from 0 to 512
[  426.567123][T23096] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  426.581025][T23096] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  426.596739][T23096] loop2: detected capacity change from 0 to 512
[  426.614244][T23096] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  426.627704][T23096] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  426.644246][T23096] loop2: detected capacity change from 0 to 512
[  426.661886][T23096] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  426.675657][T23096] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  426.689994][T23096] loop2: detected capacity change from 0 to 512
[  426.700940][T23096] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  426.714208][T23096] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.