last executing test programs:

8m43.917154826s ago: executing program 3 (id=189):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xa, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xb0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0x2c, &(0x7f0000000040)=0x80000004, 0x4)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x33, &(0x7f0000000640)={0x0, 0x0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
fadvise64(r4, 0x7f, 0x0, 0x4)

8m43.847573272s ago: executing program 3 (id=190):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, &(0x7f0000000100), &(0x7f0000004040)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', r2, 0x0, 0x8000000000000}, 0x18)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}, 0x0, 0x0, 0xff}, 0x20)

8m43.74993643s ago: executing program 3 (id=191):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000800018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
syz_read_part_table(0x60d, &(0x7f0000002200)="$eJzs3D9olHcYB/DvJbmcUTAdnFxqHDoJRXE0Q5XkqlgIp1IIDvYfIs0UIXDSw5Q4tBkUM0jHLlK4DhonYwYnRaFzEQeLkMGlYBepHXLl7l6SOyjF0oRS/HyGe353PDzf94F3/V34XxtIuTi1Kp3y/qd/298a3TzP50xzYvJ4q9VqnU5KOZtyxsq7l5MMpX9q9icZ7plz8/udq9/+9mG5+fTUq/fOPVgc2JhZyTtJdvU2Z+SvHqXyzzZlO9wafzi6cGW2erX9pdpYW/84uf1yorZycnFp+UT52Oft3y8nj4r+7osxkoup51K+zCdDbxz19eax1Jc/386vj194Um2sfdd8fnB9b3Xw7vkjr/etXrt/KJlrR0yl87JvGv6Xi/fkL/Tkz41dn15qHD1wZ8+Nw/V7j2svBn9vdRWR5a3JBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABge9xqf1yZrV6tj194Um2sffPzTx/dfjlRWzm5uLR8YvjYs6LvUVGHinox9VxKOclMZvJFZt88crrUmz/+cHRhI/+Pncnzg+t7q82754+8nly9dv9Qp6uUqXYZ2IqN+/XnN9bmxq5PLzWOHriz58bh+r3HtReD3b6ZSj7rrJuksvWPAQAAAAAAAAAAAAAAAAAAwFtuYvL4vqkPaqeTUs7uSPLrV51b9q3KyI/p3Lzv2l/UZ5Vkd5KbO7r/BdB8eurV8LkHi78Ul+LnU8l8kl0/rJxJ3t3IudwfW96czH/pzwAAAP//gTiR5w==")
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r2, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0x1b, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r3, 0x0, 0xc8, &(0x7f0000000180), 0x4)
setsockopt$MRT_ADD_VIF(r3, 0x0, 0xd0, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000900)=ANY=[@ANYRES32=0x0, @ANYBLOB="adffa888000000001c00128009000100626f6e64000000000c000280050001000600000008000a0079"], 0x44}}, 0x0)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r7}, 0x10)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x10100, 0x0)
ioctl$KDFONTOP_SET(r8, 0x4b72, &(0x7f0000000180)={0x0, 0x0, 0x1d, 0x11, 0x8b, &(0x7f0000000780)="82b98cb0433b3afda14ac4fba2b36a170395ee94019a434e20de48afb8eea2992a550eb3a81a6154516e344a4d8cbecd13a62b913f50154c3affe7944e4574882b8579e69631120e8802f94db1431f5b30e61a5cada8bf45c6fa38e876e87196204cab663d2b412dbaca0c446fd66586522286a62247720bfb146cc7d6a7f3aec6d501d585578e61fdfa27b5b4e0abdedd558550a5842517bda6a508a9b0e998591087b483b8865b2ea73896b2302d1dbbab61334041017766a7eec8022e2d20af4b4884ed468f5db0e0b3d49b9f5892b6b2b7b6c89af61d6af9037f0fc622f85fb7b9bf28e7e890d2c169f6db416cc64c61fc9121f55be55af60e6f76a3540498d32936e4d6003731715b367840375a1ac9bcfba9346b15b7e20ec4e8cab6574778864a2157ea628efb47274dbf94c68d2c2b625532b55bebdae627391b573e3d14fd0d595e3daeab3292506d8c0d5383eaf34c20a5f841c9934248b4a15b428691cd890e621c1425776766d56b6b67b5f56801fb4416e9be315df53a447cefc7a3582937ce2e7353b50997a6bd2ab03ae4fcb44f2f725f4628c37f4efcbebfde5e51d00390b49c11f35ec8d932c263fb0db19e44b17a3b8fc547554460176356cb9201760566287b0998b269064295c5fd0e28ae9def4a6ed2b6246ac36951d4a5c0fb38b7a8143655bc20211c825e77aaa38208b8d87875bf685f1b522b1599a57362534c5cc8d320fd7e340b4fbd6e3801003afc5e20785978494d93d1ec65965cff3a3a4ff70fc751d9e6174adc5fef331628c525e1cbd6a3edecbb091c0ab59835a36acf72b6281205a78522676fc3e360071e74f28c428b6a14b0428f0c109b37885ba39a8b8d8fe4fc1fb85fd87426ce2452b03cf26d262055770495bcc3a9101b5d996758f27bab82f9129095f33498794d1b69733a4957dd1a455636b3cb93e5623dfa62407675c36d58efa6f9baff78c3d57a964adcd4b04ac9e3afa674efc985df34059b09b72ba9e76985dd71b549e911613de8d06f5a5cb4086bc6d293803cffed4496876a0515a246a65af565805dce66bbdbcc65d00ab4dc6eff5f263b8e14071fad551b8f4970e6c0fbd8b4a354c4c370c2e800ac612cfe08b6bcee46c95a0f012b2d14e8a525879e1d4c25993158baf1124760a00810a99418ae5bfd1156f8a234cd7f2f5982557d0746ba2afe502968c497890ace58713a99f9c8360756a663e87803aa4c0a5c59c90b446cf4705a7c9a5277afb27600d75fbe48250fb53e37399474dfe93e92c2e725fe43d1b985423e1ab4c6da3750a593018df6b7fbc79b058bb6e4ea6dc9402affeb38dea307a7a4882b161fb0de817383c96194d7faf1fdb0b13f1cb27ed918a77033e06f9d66629144fba898ae0dde06a983775c64174780772c840deeed677b22c3f29c46160816d567c4d581"})
pread64(0xffffffffffffffff, &(0x7f0000001440)=""/126, 0xb, 0x35)
kexec_load(0xff0f, 0x1, &(0x7f0000000480)=[{0x0, 0x0, 0x7ffe0000, 0x3e0000}], 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f00000014c0)=""/4096, 0x1000}], 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'lo\x00'})

8m42.188913186s ago: executing program 3 (id=200):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x87}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x17, 0x5, 0x8, 0x6, 0x2c281, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x1}, 0x50)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r3=>0xffffffffffffffff}, './file0/../file0\x00'})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000940)={0xffffffffffffffff, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000680)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f00000006c0)=[0x0, 0x0, 0x0], &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0, 0x0], <r4=>0x0, 0x19, &(0x7f0000000740)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000780), &(0x7f00000007c0), 0x8, 0x20, 0x8, 0x8, &(0x7f0000000800)}}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000f00)='cpuacct.stat\x00', 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000f40)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x1f, 0x16, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, [@map_fd={0x18, 0x7, 0x1, 0x0, r0}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @alu={0x7, 0x0, 0xa, 0x0, 0x7, 0xc, 0x10}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @map_val={0x18, 0x3, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x2ba8}, @exit, @exit, @call={0x85, 0x0, 0x0, 0x4d}, @jmp={0x5, 0x1, 0x1, 0x6, 0x2, 0x18, 0x8}, @tail_call={{0x18, 0x2, 0x1, 0x0, r3}}]}, &(0x7f0000000280)='GPL\x00', 0xbe, 0x9a, &(0x7f0000000500)=""/154, 0x41100, 0x20, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000640)={0x1, 0x1, 0x8, 0x4}, 0x10, r4, 0xffffffffffffffff, 0x7, &(0x7f0000000f80)=[r5, r6], &(0x7f0000000fc0)=[{0x0, 0x3, 0x2, 0x2}, {0x3, 0x2, 0xc, 0x1}, {0x1, 0x4, 0xa, 0x6}, {0x1, 0x1, 0xc, 0x6}, {0x3, 0x3, 0xf, 0x7}, {0x4, 0x2, 0x6, 0x7}, {0x2, 0x5, 0x8, 0x8}], 0x10, 0x8}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10)
r9 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x8b6}, &(0x7f0000000000)=<r10=>0x0, &(0x7f0000000300)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r9, 0x0, &(0x7f0000000040)='./file0\x00', 0x64, 0x183000, 0x23456})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
io_uring_enter(r9, 0x47f6, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0)
syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x3000010, &(0x7f0000000100)={[{@resuid}, {@nobh}]}, 0x1, 0x519, &(0x7f00000009c0)="$eJzs3cFvI1cZAPBvJvE2u5tiFxAqlSgVLcpWsHbS0DZCCMoFTpWA5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgfEGVWqBBfEAQECIdjCAQnoII/HJevYSaBJnI1/P+mt35sZz/e9ifw8M56dCWBiPRURL0XEVEQ8GxHlYnpalDjole5yb99/daVbksiyO39JIimm9dfVbU9HxM3ibTMR8ZUvRnw9ORq3vbe/udxo1HeKdq3T3K619/ZvbzSX1+vr9a3FxYUXll5cen5pPiu8p35W+pUffeGzr3/yG7+9+6db3+ym9ZkPRSkG+nGWel0v5duir7uNds4j2BhMFf0pjTsRAABOpbuP//6I+Fi+/1+OqXxvbsDUODIDAAAAzkr2udn4VxKRAQAAAFdWGhGzkaTV4lqA2UjTa8W5gQ/GjbTRanc+sdba3VrtzouoRCld22jU54trhStRSrrtheIa2377uYH2YkQ8FhHfLV/P29WVVmN1zOc+AAAAYFLcHDj+/3s5zesnG/L/BAAAAIDLqzKyAQAAAFwVDvkBAADg6hs8/n99THkAAAAA5+JLL7/cLVn/+derr+ztbrZeub1ab29Wm7sr1ZXWznZ1vdVaz+/Z1zxpfY1Wa/tTsbV7r9aptzu19t7+3WZrd6tzd+OBR2ADAAAAF+ixj77xqyQiDj59PS9R3AcQ4AG/H3cCwFmaGncCwNi4izdMrlK/cm28eQDjk5ww38U7AADw8Jv78NHf//unAkpjzQw4b671AYDJ4/d/mFwlVwDCREsj4n296iOjlhn5+/8vThslyyLeLB+e4vwiAABcrNm8JGm1OA6YjTStViMejUgrUUrWNhr1+eL44Jfl0iPd9kL+zuTEa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAArrSI9I9Jfjf/iLnyM7OD5weuJf8oxx+Kxg/ufO/ecqezs9Cd/tf8WV7XIqLz/TulfPpzIx8fBgAAAJy15GDkrN5xevG6cKFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB3r7/6kq/XGTcP38+IirD4k/HTP46E6WIuPG3JKYPvS+JiKkziH/wWkQ8Pix+Eu9kWVYpshgW//o5x6/km2Z4/DQibp5BfJhkb3THn5eGff7SeCp/Hf75my7KezV6/EuLyI/n49yw8efRI2trDo3xxFs/qY2M/1rEE9PDx5/++JuMiP/0kbX9M8uyozG+9tX9/VHxsx9GzA39/kkeiFXrNLdr7b392xvN5fX6en1rcXHhhaUXl55fmq+tbTTqxb9DY3znIz9957j+3xgS/ze/7o2/x/X/mVErHfDvt+7d/0CvWhoW/9bTQ79/Z2JE/LT47vt4Ue/On+vXD3r1w5788ZtPHtf/1RHb/6S//61T9v/ZL3/7d6dcFAC4AO29/c3lRqO+c0xl5hTLPIyVn81cijT+x0r2rd5f7rLk8/9Wunur/53S79UlSOxQJbuwWFNxSbr8bmWswxIAAHAOfv7uTv+4MwEAAAAAAAAAAAAAAAAAAIDJdRG3ExuMeTCergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOs/AQAA//9GB9/T")

8m41.070273875s ago: executing program 3 (id=211):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, &(0x7f0000000100), &(0x7f0000004040)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', r2, 0x0, 0x8000000000000}, 0x18)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}, 0x0, 0x0, 0xff}, 0x20)

8m40.864180412s ago: executing program 3 (id=218):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, '\x00', 0x2d}}}, 0x0, 0x0, 0x38, 0x0, "0f424a2bc651a9f11381328af8daf6f4bd2827984afeb6b627cea1ba22d1af57aa193c5024c9e8b22a8796a538ed893952a1aa555418ba1b4d0bc0712c028ec32a9bc2fb29b52d39e8626bc90abcc02a"}, 0xd8)

8m40.841631884s ago: executing program 32 (id=218):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, '\x00', 0x2d}}}, 0x0, 0x0, 0x38, 0x0, "0f424a2bc651a9f11381328af8daf6f4bd2827984afeb6b627cea1ba22d1af57aa193c5024c9e8b22a8796a538ed893952a1aa555418ba1b4d0bc0712c028ec32a9bc2fb29b52d39e8626bc90abcc02a"}, 0xd8)

26.210729982s ago: executing program 2 (id=7022):
openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r1)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r3=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}, {0x0, 0xe0}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r3}}], 0x20, 0x2400e044}, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000240)={0x4, 0x10200, 0x10, 0x0, r3}, 0x10)
openat$binfmt(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x18)
quotactl$Q_QUOTAON(0xffffffff80000202, 0x0, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r6, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r7, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

25.368245979s ago: executing program 2 (id=7038):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b70400000000000085"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f})
r2 = syz_io_uring_setup(0x17dc, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0xffc, 0x5cc}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000780)=[{&(0x7f0000001a40)=""/4090, 0xa74}], 0x1)
sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(r2, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

25.273215647s ago: executing program 2 (id=7039):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
socket$kcm(0x2, 0x1000000000000002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$sock_buf(r1, 0x1, 0x1f, &(0x7f0000000240)=""/227, &(0x7f0000000180)=0xe3)

25.195587153s ago: executing program 2 (id=7040):
syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="646f74732c747a3d5554432c646f74732c646f74732c6e6f646f74732c666c7573682c646f74732c6e6f646f74732c71756965742c00b3d27234e95eb4b44190021bbbe89ab824d38c571641668d362b4dff6e47bdf1638c7462a3bd66a53b404ae08c32af6843a2469c7210381b9d48047c77540b6447a8e50c44cb44f91e4264a37e0209c3a234f4803ba56b7a24536ee396f4838f4143b92ad909efb23eb22dce6477c2bb5b8f793b9e07c2120d566cf1f6ba51e4d01e8ef223a2ba72cfb3127844c045765149fb1219f433feb977426596e07082254e9930296256df143ff96377d8c28c533724fbd9fdad260e7d875d0f17374141abc60c8e3c07e4a7bc381791172c217f00964aaf6e213a252b9689ae38342862d27437921e13229d407e1a6037e3f16a2cdab8f9c76a66a72ccc67015c9435e200f9fbb9d78ce426b37310b9f127e7b1207c74eff7b853de7043a001de85931463c7fc7c78be9eb9b5f88c0067aabb3a5d1f94bcc90537c1c1ce509450160c", @ANYRES64], 0x1, 0x162, &(0x7f0000000200)="$eJzs20GrElEUB/DjPHu+avPW0WKgTSupVi2LeEE0UBQualXwaqMh5GZq5UfpCwbhyt2NHNMSRYLmjTi/38aDf5Rz0ZnDHbjvbn8aXo4nH8cvZ3HW6UT3UeQxjziPLE6iMg0A4JjMU4ofqbeY8te/RUqp6Y4AgLpV8z+l1DP/AaAt9s7/hw01BgDUxv4fANrn9Zu3zx8XxcWrPD+L+D4tB+Wgeq3yp8+Ki3v5wvn6U7OyHJys8vtVnv+dX4sby/zB1vw07t6p8l/ZkxfFRn4zLutfPgAAALRCP1/Zur/v93flVfXH84GN/Xs3bnWvbBkAwD+YfPk6fD8affisOPYi2/dz95b/ieZbXRfZYbTRwqLhGxNQu/VF33QnAAAAAAAAAAAAAADALv/nzNDp8tt+v9OJyJwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HD9DAAA///le0TQ")
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00'})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001e80)=@bridge_delneigh={0x3c, 0x1c, 0xc07, 0x2001, 0x0, {0x2, 0x0, 0x0, r3, 0x8, 0xa0, 0x3}, [@NDA_DST_IPV6={0x14, 0x1, @empty}, @NDA_LLADDR={0xa, 0x2, @random="07ae00"}]}, 0x3c}}, 0x440c0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={<r4=>r1, 0x7, 0x104, 0xfffffffe})
r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r6 = msgget$private(0x0, 0xfffffffffffffffd)
msgrcv(r6, 0x0, 0x0, 0x1, 0x3000)
msgrcv(r6, 0x0, 0x0, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0)
syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x3000010, &(0x7f0000000100), 0x1, 0x51d, &(0x7f0000000f00)="$eJzs3cFvG1kZAPBvJnGbtgF7AaFlJZYVuyhdQeNkw+5GCMFygdNKQLmXkDhRFDuOYmdpohWbiv8AIYHEiRMXJP4ApKoHxBlVqgQXxAEBAiFo4YAEdJDtcUkdO8m2SZzGv5/06vdmJvN9b1I/z4wnMwGMrJci4q2IGIuIVyOimE9P8xK7ndJa7sH9dxdbJYksu/63JJJ8WnddrfZ4RFzJf2wiIr7+lYhvJfvjNrZ31haq1cpm3i43axvlxvbOtdXawkplpbI+Nzf7xvyb86/Pz2S5p+pnqVv5yZe/cPsz3/79jb9c/U4rrc9/NArR04/j1Ol6ob0tulrbaPMkgg3BWN6fwrATAQDgSFr7+B+KiE+29/+LMdbem+sxNozMAAAAgOOSfXEy/pNEZAAAAMC5lUbEZCTpdH4twGSk6YX83MBH4nJarTean16ub60vteZFlKKQLq9WKzP5tcKlKCSt9mx+jW23/VpPey4inouI7xcvtdvTi/Xq0pDPfQAAAMCouNJz/P/PYtquH67P3wkAAAAAZ1dpYAMAAAA4LxzyAwAAwPnXe/x/e0h5AAAAACfiq2+/3SpZ9/nXS+9sb63V37m2VGmsTde2FqcX65sb0yv1+kr7nn21w9ZXrdc3PhvrWzfLzUqjWW5s79yo1bfWmzdWH3sENgAAAHCKnvvEnd8kEbH7uUvtEvl9AAEe88dhJwAcp7FhJwAMjbt4w+gqdCsXhpsHMDzJIfNdvAMAAM++qY/t//6/eyqgMNTMgJPmWh8AGD2+/4fRVXAFIIy0NCI+2KleHLTMwO//f3XUKFkWcbe4d4rziwAAcLom2yVJp/PjgMlIs/c6s9JSFJLl1WplJj8++HWxcLHVnm3PTg69ZhgAAAAAAAAAAAAAAAAAAAAAAAAA6MiyJDIAAADgXItI/5y07+YfMVV8ZbL3/MCF5F/F+FPe+NH1H9xcaDY3Z1vT/17Mss6jApo/vF5oT39t4OPDAAAAgOOW7A6c1TlOz19nTzUrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEbAg/vvLnbLacb965ciotQv/nhMtF8nohARl/+RxPien0siYuwY4u/eiojn+8VP4mGWZaU8i37xL51w/FJ70/SPn0bElWOID6PsTmv8eavf+y+Nl9qv/d9/43l5WoPHvzSP/Hx7nOs3/nxg39pqfWO8cO9n5YHxb0W8MN5//OmOv8mA+C/vW9u/syzbH+Ob39jZGRQ/+3HEVN/Pn+SxWOVmbaPc2N65tlpbWKmsVNbn5mbfmH9z/vX5mfLyarWS/9s3xvc+/vOHB/X/cp/4v/ttZ/w9qP+vDFppj//eu3n/w51qoV/8qy/3/fydiAPit/5PfCr/HGjNn+rWdzv1vV786d0XD+r/0oDtf9jv/+oR+//q1777hyMuCgCcgsb2ztpCtVrZPKAycYRlnsXKLybORBrvs5K91/nNnZV8nrTS2lv9/5Rur85AYnsq2anFGosz0uVHlaEOSwAAwAn45aOd/mFnAgAAAAAAAAAAAAAAAAAAAKPryPcDuxhPfDux3pi7w+kqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCB/hcAAP//cfLjiQ==")
msgsnd(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000000000087fd285c63e41580364e19e4423073e6d20800000065dc40917dc07ae5a100c1570700d09e41ca"], 0x8, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}, 0x4000)
getresuid(&(0x7f0000000180)=<r8=>0x0, &(0x7f0000000200), &(0x7f0000000500))
msgctl$IPC_SET(r6, 0x1, &(0x7f0000000680)={{0x3, 0x0, r7, r8, 0x0, 0x80, 0x8}, 0x0, 0x0, 0x0, 0x19, 0x5, 0x2bde, 0xffffffffffffff27, 0xc7, 0x2, 0x9})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x0, r7}}, './file0\x00'})
getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000440)={{{@in=@multicast1, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in=@multicast2}, 0x0, @in=@empty}}, &(0x7f0000000580)=0xe8)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000400), 0x40000, &(0x7f0000000c00)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB=',access=user,noxattr,dfltgid=', @ANYRESHEX=r7, @ANYBLOB=',fsname=/dev/sg#\x00,subj_role=kfree\x00,obj_role=team0\x00,uid>', @ANYRESDEC=r9, @ANYBLOB=',smackfstransmute=kfree\x00,subj_type=,`ont_hash,obj_user=*\',\x00'])
getsockopt$llc_int(r5, 0x10c, 0x6, &(0x7f00000085c0), &(0x7f0000008600)=0x4)
ioctl$SG_IO(r5, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0})

24.288651626s ago: executing program 2 (id=7050):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001812", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

24.225613731s ago: executing program 2 (id=7051):
r0 = socket$inet(0x2, 0x3, 0x8d)
setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x1)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000300)={<r1=>0x0, @local, @local}, &(0x7f0000000140)=0xc)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @local}, 0x12, r1})
r3 = socket(0xa, 0x1, 0x0)
pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0)
ioctl(r2, 0x8916, &(0x7f0000000000))
ioctl(r3, 0x8936, &(0x7f0000000000))
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000002001000001"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1f, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r4, @ANYRES8], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
syz_genetlink_get_family_id$mptcp(&(0x7f0000000240), 0xffffffffffffffff)
madvise(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x19)

24.201659734s ago: executing program 33 (id=7051):
r0 = socket$inet(0x2, 0x3, 0x8d)
setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x1)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000300)={<r1=>0x0, @local, @local}, &(0x7f0000000140)=0xc)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @local}, 0x12, r1})
r3 = socket(0xa, 0x1, 0x0)
pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0)
ioctl(r2, 0x8916, &(0x7f0000000000))
ioctl(r3, 0x8936, &(0x7f0000000000))
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000002001000001"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1f, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r4, @ANYRES8], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
syz_genetlink_get_family_id$mptcp(&(0x7f0000000240), 0xffffffffffffffff)
madvise(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x19)

17.322561777s ago: executing program 6 (id=7154):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xf, 0x4, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x1000}, 0x50)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x200000)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0}, &(0x7f0000000040), &(0x7f0000000140)}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f00000008c0)='syzkaller\x00', 0x9, 0xff8, &(0x7f0000001e00)=""/4088}, 0x94)

17.243993453s ago: executing program 6 (id=7157):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
add_key(&(0x7f00000001c0)='ceph\x00', 0x0, &(0x7f0000000840)="0000000000000000012a0000", 0xc, 0xffffffffffffffff)

17.237976184s ago: executing program 6 (id=7158):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

17.180705778s ago: executing program 6 (id=7159):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
modify_ldt$read(0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x10}}], 0x10}, 0xc0011122)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26f8ffa5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbde8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d944e0b083bbd86b19cb074577a25ff581d92af08a06f857310a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4c2d7acf1dfe79d6771903b76e21190c22d641030e1ddacf006c3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000077339b4200000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e020000007a27310d5d01f8a8a0f5212d7f628f554afea715ccbc66cbb1016490f5d579308cb3188cf2fcaf67e0c16443d526ba4b968f07ae362c2133c168313e84beb871203880dd453c45d0a137d7f5a8b039dbfa62fb2b4214f8e69f967bf1fbd89e77fcca110000000800000000000000f8877994ebdc35f7efd41e3babd9b3782edd6776d5b6cb4ecd72c9de9b5503747d71440378cf2c2c7ea2dc5febb654a867f853713cf4c0bb322fbbe446d18dee4c821275ef18259cafc346c8b3b9fb0f3adcf6ea310a6b9a3f59e29a5909ea047fb61affb4bc8bbea1fb761b8933795b1a91358a7791aa843d07020e8bb6fc18458c49ac6313e7165b7d9f65e94a62b69f1011b94340cdb7303f01e5cdb5682ddf73d65c3de1d88dd7496d6345d5b9de0223988056a53e19a8b96b9640bc6c09d3c2ff894d626b57c776ed53f94d5e22ff148061b37f72bd92924cb1d0a725e19b264346b7cae0251a850de78316503f3c3d395c7e3f04fc8d52583327cd2341ce4b2d092815376299686f41353b2823814563011a2223b9dd00000000000000000000003a131374a3371cb3e2a9bb4d798b91cefa444501f40b7c9589e8c0bb6c82123d2b45ce905d0903b32ecf30e828c71a07a83f3275f3d661d1af0ffbd5d7f0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0xfeffff, 0x680, 0x3f000002, &(0x7f0000000700)="c45c57ce395de5b289f07d637a223920f181c2e57d71483cfb2d075a3ff07258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0xf0, 0xffffff0c}, 0x40)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r5}, 0x10)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000300)=@generic={&(0x7f00000002c0)='./file0\x00', r4}, 0x18)
r6 = syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x808003, &(0x7f0000000000), 0x3, 0x4fc, &(0x7f0000001500)="$eJzs3c9vG1kdAPDvOHFIdlOSBQ7LSuxGiFV3BbWTDbuNOLRFQnCqBJR7CIkTRXHiKHbaJqpQKs4ICSFAcIETFyT+ACTUPwEhVYJ7hRCogrYcOBSMxh63wdhJqtpx6nw+0uu8efPj+32uPPabmXgCOLdmIuJaRIxExPsRMZW157ISB82Srvf40Z3ltCRRr9/4exJJ1tbaV5JNX882G4+Ib34t4jtJ0mw4pLq3v7FULpd2svlibXO7WN3bv7S+ubRWWittzc/PfbRweeHDhdme9fXKV/7y4x/86qtXfveFWw8W//bed9N8J7Nlh/vRS83XJN94LVpGI2KnH8EGYCTrT/4kKyf9zwcAgKOl3/E/ERGfjYgnPxt0NgAAAEA/1K9OxtMkog4AAAAMrVzjHtgkV8juBZiMXK5QaN7D+6m4GuVKtfb51cru1krzXtnpyOdW18ul2exe4enIJ+n8XKP+fP6Dtvn5iHgjIn40NdGYLyxXyiuDPvkBAAAA50Q6zp/MNevp5J9TzfE/AAAAMGSmB50AAAAA0HfG/wAAADD8/n/8P9OcJKOnnwwAAADQa1+/fj0t9dbzr1du7u1uVG5eWilVNwqbu8uF5crOdmGtUllr/Gbf5nH7K1cq21+Mrd3bxVqpWitW9/YXNyu7W7XFxnO9F0snek40AAAA0FNvvHPvT0lEHHxpolFSY9kyY3UYbrkXWz3pVx7A6RsZdALAwLjBF84v73/guIH9+CnlAQAA9M/FTz+7/j8Rh67/X3jg+j8Muxe8/g8MEdf/4fxqu/73ixNt9LTen2SAU2WMDxx3HqDr9f/f9z4XAACgPyYbJckVsjHAZORyhULEhcZjAfLJ6nq5NBsRH4+IP07lP5bOzw06aQAAAAAAAAAAAAAAAAAAAAAAAAB4xdTrSdQBAACAoRaR+2sSEUmMR0x9brL9/MBY8q+pxjQibv38xk9uL9VqO3Np+z+etdd+mrV/MIgzGAAAAEC71ji9NY4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF56/OjOcqscan6333EffjkipjvFH43xxnQ88hHx2pMkRg9tl0TESA/iH9yNiDc7xU/StGI6y6I9fi4iJgYc//UexIfz7F56/LnW6f2Xi5nGtPP7bzQrL+vhTLfjX+7Z8W+ky/HvwjH7Hsumb93/TbFr/LsRb412Pv604o+95PH329/a3++2rP7LiIsdP3+S/4lVrG1uF6t7+5fWN5fWSmulrfn5uY8WLi98uDBbXF0vl7J/O8b44Wd++5+j+v9al/jTWf+T9v4nzZzq9c77fKdt/t/3bz/6ZKcVk4iH38/qHf7/3+wWP3vt380+B9LlF1v1g2b9sLd//Ye3j+r/Spf+jx8RP217r9tO27z/je/9uVnLn3ALAKCfqnv7G0vlcmnnVa+knTkDafSwMnM20hj2SmsUdVbyOSuVwR6XAACA3nv+pX/QmQAAAAAAAAAAAAAAAAAAAMD51fr7/9ZvOffj58QOxxtvVZLk1PsKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCU/wYAAP//VsvQDw==")
r7 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
openat(r6, 0x0, 0x640, 0x2)
r8 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r8, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r8, 0x0)
r9 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r9, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r9, &(0x7f0000001600)={&(0x7f0000000400)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f00000002c0)=[@cswp={0x58, 0x114, 0x7, {{0x6, 0xff}, &(0x7f0000000000)=0x400, 0x0, 0xe, 0xffffffffffffffff, 0x1, 0x3, 0x4, 0xca2a}}], 0x58, 0x40014}, 0x0)
write$binfmt_register(r7, &(0x7f0000000000)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x7, 0x3a, 'M', 0x3a, 'M', 0x3a, './file2', 0x3a, [0x46]}, 0x2a)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000f80)=ANY=[], 0xb, 0x0, &(0x7f0000000000))
r10 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRESHEX=r10], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x24, '\x00', 0x0, @fallback=0x21, r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5be}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r11, 0x0, 0x3}, 0x18)
pivot_root(&(0x7f00000001c0)='./file0\x00', 0x0)
ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f00000004c0)=""/255)

16.952660266s ago: executing program 6 (id=7160):
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000980)='./file0\x00', 0x2010042, &(0x7f0000000040)=ANY=[@ANYBLOB='cruft,map=acorn,showassoc,utf8,check=relaxed,norock,norock,overriderockperm,nocompress,check=strict,uid=', @ANYRESHEX=0x0, @ANYBLOB=',uid=', @ANYRESHEX=0xee01, @ANYBLOB=',unhide,hide,session=0x0000000000000049,overriderockperm,norock,uid=', @ANYRESHEX=0xee00, @ANYBLOB="2c6f626a5f757365723d6769642c6d6561737572652c746f6e745f686173682c736d61636b6673726f6f743d6835737369896e0dc6f356a059e0ddf8bb3aa3c1477b07c746e3d0b318a278e2c9d2514fa91c557a2c6673757569643d62653062363636342d006462322d303838312d663330332d2b326366646234372c0047c3d218d2965d8cfd4068d8cbf435d16f235292032d99c24d354f77753acb2f27dc7867a3af9cf115913bc47c4e9995cf6560b503ae6aae6e959967f6f46dd984a821c65a1306fb79a32f"], 0x1, 0x943, &(0x7f0000001500)="$eJzs3c1vHGcZAPBnNl7iuFWakrRx3ENXTYxMBM7uRkmIcsHxrp0tthfZjtSKi4G4KIqhiIIUKg5BQpyI4IA4wC1HThG99ITyV3Dgkj+AS8TJN1fv7PojzX44luN13d9Pmp2dmWfe55l9Z+eVP3Yn+Crb2NjIpz0u3/7nQRbL4XOz9vTR44dp+v1afCOOxZXs84jhiChFDEXEaERxurbYnO/T0L2IlYh4EpFFxPFozXdlJbI/x+vby08i+0fK29uum6eHDb7WBn3+AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAYZRN18rlShZzjYXbH5S6y28B3mP7ZnvNQnosNPvmjcjSFMPDm7f6Hj29vfmt9PBenG0tnc1vSB7D8elrb5+6cXqosLl/j4IOxCe//fTej9fWVn816EIGZLa+0FhqNuanZuulxlKzdP3q1fKlWzNLpZnGXH3pw6Xl+nxperE+tdxcLE1Mf7tUuX79cqk++WHz9sJsbWquvrny2ner5fLV0vuTP6xPLS41Fy69P7k0fasxN9dYmM1j0uYUcy2diD9oLJeW61PzpdJHd9dWL/crMgVVdhNU7RdULVerlUq1Wrl65fqVa+Xy0Asryl8SL0QM/qRlsPb9Gg57tdEe/wEAAICjK8t/x55+/i/mv4fPYqYxVy8PuiwAAABgH+V/+T+bZsWIONFe6+d/AAAAOEr6f8aub0T2nTjXijh3pzW/04741/E8YmSmMVefnG7O3ajEt7Y+7de5tWL+7wcXY6wVNTbSmo+0o9qfHBxOUZXJG5W4GO+0It6ZOJ9m5yd2RGYR+b8zVFuR7U/elDYji1uvwlabl1MkABx17/UZj3cz/l+M8VbE+FgadmNorMNoXTayAsBhsfUNNq/wyaCPEQB4nlEaAAAAAAAAAAAAAAAAAAAAAAAAAAAA9t9BfP+/J5548lV7MugrEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA11MWcazT+kLE8YgoR8Slg6/q1Xkw6AIGLFuP9bgfJwddBwAAAAAAAAAAAAAAAAAAAAAAAAAAAADAUdP+/v9CtOavtVbFUCFiPCJWIuJHg65xTzre1SBi/aDrOGR2fP9/6vPYyGKo1e2RFadri8351P35vR8KTx89fpim9q4/f5k8qYGU4bluaGfovteb+V4jtdVP7v3641+WajfzIm8uz8zV5mcXv78d+Hb2WUQpWtOmE+16fzf+7790OPLP0pHuLu9Mnrf2Yt6znfZ+2jNvL3fXVqsp03L9g+Xf/OLu/R2bvhljEecnIiaez/SzNHXJNBbFXtmyZ9kfs5Pxt1jJ+z+9GtlGlrrojfz4T3x0d2118qcfr93pUtOpGI2IOxHDu69pNL+edJSfdYViylrOg9LDmT7t9bSjxUqXY3gzzkXEyEsdw7nux5Dr87q3K7rcpaLT8e5L9/S7fTJ2lD3L/pvdiv/EH3bc/6OQ+n88dvPuTDF55I4zpWtkoRWZH3m1Z5td35XsTaHXxj/FT+J7W/1f2HH9b/fVwVyPdmR89e+L7UHozJdGpPbVp1uV7TrPtKK61PlWXIgYGnupK8qFPleUF/cv7uI4+8ieZX/PJuL/8cD9fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMMvizjWaX0hYjwiTkXEG2m5FLGxH/kKI1n87+R+tLQ3DwaX+lDI1mM97scAewAAAAAAAACA/XSz9vTR44dpytLisbiQfR4x3PpL/1BEnMr+WpyuLTbn+zRUjFiJiCd7qCHtF69vLz9JS6N7aAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCPriwAAAP//hO21Ig==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x100, 0x2e0)
getdents64(r0, &(0x7f0000001f00)=""/4096, 0x1000)

16.612514614s ago: executing program 6 (id=7162):
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{}, &(0x7f0000000380), 0x0}, 0x20)
write$P9_RLERRORu(0xffffffffffffffff, 0x0, 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, 0x0)
r0 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x6d33, 0x1000, 0x0, 0x4000000})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
lsetxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000300)={0x0, 0xfb, 0xdf, 0x6, 0x3, "091ec1ca88b3bc0784de9aa54205d1da", "48fe305543f31c8b7bf152630356302bfa267e824d33666c83326860001730fe53a09685c85d3bfeafc153e5e6061810db809310f5ba9bd0c047bed9d2399da030f753ef1606f7d5a6b65dbdae8b1a5c363c72c80d50aac662f044230fa3f024306e9320f39993caa3db76784d6f603b9e19c4be31055a62ae01f0ddf5348e223e755b09b206ad4d0055fd6318f97a716881f2d50c2c1ddc87af3bb1990fbc42406f5657f53b4c7a34de64f557bb72e0269e12a73290df962b8dda9e0d4487d58dbb8f900312b2c4d4cf"}, 0xdf, 0x2)

16.590198545s ago: executing program 34 (id=7162):
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{}, &(0x7f0000000380), 0x0}, 0x20)
write$P9_RLERRORu(0xffffffffffffffff, 0x0, 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, 0x0)
r0 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x6d33, 0x1000, 0x0, 0x4000000})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
lsetxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000300)={0x0, 0xfb, 0xdf, 0x6, 0x3, "091ec1ca88b3bc0784de9aa54205d1da", "48fe305543f31c8b7bf152630356302bfa267e824d33666c83326860001730fe53a09685c85d3bfeafc153e5e6061810db809310f5ba9bd0c047bed9d2399da030f753ef1606f7d5a6b65dbdae8b1a5c363c72c80d50aac662f044230fa3f024306e9320f39993caa3db76784d6f603b9e19c4be31055a62ae01f0ddf5348e223e755b09b206ad4d0055fd6318f97a716881f2d50c2c1ddc87af3bb1990fbc42406f5657f53b4c7a34de64f557bb72e0269e12a73290df962b8dda9e0d4487d58dbb8f900312b2c4d4cf"}, 0xdf, 0x2)

7.752109456s ago: executing program 7 (id=7288):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$sock_buf(r1, 0x1, 0x1f, &(0x7f0000000240)=""/227, &(0x7f0000000180)=0xe3)

7.678931523s ago: executing program 7 (id=7289):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0xd000001, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
close(r3)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000400eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r5, @ANYBLOB], 0x6c}}, 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d)
sendfile(r0, r1, 0x0, 0x8000002b)
setsockopt$inet6_buf(r0, 0x29, 0x2b, 0x0, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x5, &(0x7f0000000000)=0x9, 0x8, 0x0)

7.08594485s ago: executing program 7 (id=7291):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000700)=@newsa={0x180, 0x10, 0x1, 0x0, 0x25dfdbfe, {{@in6=@loopback, @in6=@local, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@multicast1, 0x14, 0x33}, @in=@empty=0x14, {0x0, 0x0, 0x0, 0xfffffff7ffffffff, 0x0, 0x2, 0x1000000000000000}, {0xf, 0x100000004}, {}, 0x0, 0x0, 0x2, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'lzjh\x00'}}}, @algo_auth={0x48, 0x1, {{'hmac(sha1-ce)\x00'}}}]}, 0x180}, 0x1, 0x0, 0x0, 0x4004050}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
io_uring_setup(0x54a0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$vcsa(0x0, 0x9, 0x8000)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x4, 0x252, &(0x7f0000000600)="$eJzs3TFoJFUcBvBvZnfvzN0iURtBUEFENBDOTrA5K+FAjkNEUCGiYqMkQkywS6xsLLRWSSVCEDtjK2mCjSJYRU0RG0GDhcFCi5XdSSSaTZTsZked3w82mUnem/8bZr43STEzARprOsnVJK0kM0k6SYqjDe6uPtMHq2tTW3NJr/f4T8WgXbVeOex3OclqkoeSbJZFXmonyxtP7/6y/eh9by517n1/46mpie7kgb3dncf237v+xsfXHlz+4qsfrhe5mu6f9mv8iiE/axfJredR7F+iaNc9Av6JG6999HU/97cluWeQ/07KVAfvrcULm5088O5Jfd/+8cs7JjlWYPx6vU7/GrjaAxqnTNJNUc4mqZbLcna2+hv+m9al8uWFxVdnXlxYmn+h7pkKGJfq/96Ln1z+S/6/b1X5B/6/usnOEzfWv+0v77fqHg0wSf38zzy7cn/kHxpH/qG55B+aS/6huU7O//Rp3Z6/67wHBpw7139oLvmH5pJ/aC75h+aSf2iuo/kHAJqld/GMNw4Xg4cHAP9hdc8/AAAAAAAAAAAAAAAAAADAcWtTW3OHn0nV/OydZO+RJO1h9VuD9xEnNw2+Xvq56Df7Q1F1G8kzNb/M4MOa776++btxbOWDM/f8/M5x1D9iyHPsLpzSfGU+WX09yZV2+/j5Vxycf2d3y9/8vvPciAVG9PCT9db/bb3e+te2k0/788+VYfNPmdsH34fPP93+8Rux/iu/jrgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJub3AAAA//8jdGiU")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x80)
open_by_handle_at(r4, 0x0, 0x36f0516f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mknod$loop(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x100, 0x0)
fcntl$lock(r3, 0x6, &(0x7f0000002000)={0x1})
fcntl$lock(r3, 0x26, &(0x7f00000031c0)={0x1})
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x80000010)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)

5.986657959s ago: executing program 7 (id=7297):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b700000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
getpeername$inet(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, &(0x7f0000000180))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2}, &(0x7f0000000080), &(0x7f0000000180)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='br_fdb_add\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c000100000000000000000007000000", @ANYRES32=r4, @ANYBLOB="4000aa000a0002"], 0x28}}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)

5.937203832s ago: executing program 7 (id=7298):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
prlimit64(r0, 0xf, 0x0, &(0x7f0000000940))
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
clock_settime(0xf3297bd5f00e796f, &(0x7f00000004c0)={0x0, 0x989680})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x32b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TTL={0x5, 0x3, 0xb}, @IFLA_GENEVE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r6 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000280), 0x100, 0x0)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000040)={[{@noquota}]}, 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107042, 0x64)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file2\x00', 0x187842, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r8, 0xc028660f, &(0x7f0000000240)={0x3920e, r7, 0x3, 0x1, 0x5, 0x53000000})
preadv(r6, &(0x7f0000001bc0)=[{&(0x7f00000003c0)=""/98, 0x62}, {&(0x7f00000004c0)=""/149, 0x95}, {&(0x7f0000000580)=""/142, 0x8e}, {&(0x7f00000006c0)=""/42, 0x2a}, {&(0x7f0000000700)=""/12, 0xc}, {&(0x7f0000000740)=""/249, 0xf9}, {&(0x7f0000000840)=""/254, 0xfe}, {&(0x7f0000000a00)=""/187, 0xbb}, {&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f0000001ac0)=""/219, 0xdb}], 0xa, 0x7ff, 0x7e6)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="60000000020601020000740000000000000000000900020073797a31000000000500010007000000050005000a000000140007800800134000e4000008001240ffffffff11000300686173683a69702c706f727400000000050004"], 0x60}}, 0x0)

3.502519318s ago: executing program 7 (id=7321):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x24008003)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000000200), 0x40001c4, 0x0, 0x0)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000100)='./file0\x00')
fsmount(0xffffffffffffffff, 0x0, 0x8a)

2.771305117s ago: executing program 4 (id=7330):
socket$packet(0x11, 0xa, 0x300)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1}, 0x10)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000001480)={'syzkaller0\x00', 0x7101})
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x3f, 0x2000000000000033, &(0x7f0000000440)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000646c6c2500000000002008207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000a35000008500000006000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x55}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb010789005e107538e486dd6317ce22000000fffe80000000000000101000007f0600080000000000000071273fa7b49301641184a907"], 0xfdef)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)

2.570526103s ago: executing program 4 (id=7335):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
setfsuid(0x0)

2.528954777s ago: executing program 4 (id=7338):
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00'})
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x4}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
recvmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x2, 0x0)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{}, &(0x7f0000000080), &(0x7f0000000180)='%ps    \x00'}, 0x20)
read$eventfd(0xffffffffffffffff, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10)

2.099948461s ago: executing program 0 (id=7342):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0x6, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x2000c16, &(0x7f0000000000)={[{@usrquota}, {@acl}]}, 0xff, 0x257, &(0x7f0000000500)="$eJzs3U9oFFccB/DfzO42TbKUtL0USv9AKaUNhPRW6CW9tBAoIZRSaAsppfSiJEJM8JZ48uJBj6KSk5cg3oweJZfgRRE8Rc0hXgQNHgweVFjZnQTyTxOzmx1xPh+YzEzy5v3eMPN9ExaGDaCweiJiICJKEdEbEZWISDY2+DJbetZ2ZzoXRiJqtd8eJ4122X5m/bjuiJiOiB8iYj5N4lA5YnLur+Wni798c3Ki8vWFuT8723qSa1aWl35dPT904vLg95M3bz8cSmIgqpvOq/WSHX5XTiI+Oohib4mknPcI2IvhY5fu1HP/cUR81ch/JdLILt6p8ffmK/HduVcde/rRrU/bOVag9Wq1Sv0ZOF0DCieNiGokaV9EZNtp2teX/Q9/t9SVHh4bP9r7/9jE6H95z1RAq1Qjln6+2nGle0v+H5Sy/APvqOxDqaXfh2fv1TdWS3kPCGiLz7JV/fnf+8/UtyH/UDjyD8Ul/1Bc8g/FJf9QXPIPxSX/UFzyD8Ul/1Bc+87/mRcHNyigLTbmHwAollrHvt4abv2LyEDb5T3/AAAAAAAAAAAAAAAAAAAA2810LoysL63psbxri+tnI1Z+yppur19qfB9xxPuNn11Pkk09Jnuq8Hp/f9FkB026mPPb1x/cz7f+jc/zrT81GjF9PCL6y+Xt91+ydv/t34e7/L3yb5MF3lCyZf/HP9pbf6vns/nWH1yMuFaff/p3mn/S+KSx3nn+qdavX5P1jzxrsgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADa5mUAAAD//7FLbdg=")
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x45)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0xfdef)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x48241, 0x141)
pwrite64(r3, &(0x7f0000000140)="f6", 0xffffff07, 0x8000c61) (fail_nth: 9)
ioctl$EXT4_IOC_MIGRATE(r0, 0x6609)

1.972713041s ago: executing program 0 (id=7343):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0xd000001, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
close(r3)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000400eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r5, @ANYBLOB="0524060000000001300012800b00010062726964676500"], 0x6c}}, 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d)
sendfile(r0, r1, 0x0, 0x8000002b)
setsockopt$inet6_buf(r0, 0x29, 0x2b, 0x0, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x5, &(0x7f0000000000)=0x9, 0x8, 0x0)

1.707899773s ago: executing program 1 (id=7345):
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0)
io_uring_setup(0x77bb, &(0x7f0000001400)={0x0, 0xab40, 0x2, 0xf7fffffe, 0x209})
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
pwrite64(r2, &(0x7f0000000000)="3703c70f70e244b7878fedf0c0c6c2ff2f524255d61dbfb25921e3d3686454b93e5842722103c5c67b0da4173b9e63544ee1f32fc67080b7b83c0a31253733872b", 0x41, 0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000032500000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000850000000f000000bf91000000000000b7020000002000008500000084000000b70000000000000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r6}, 0x10)
alarm(0xa)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bond\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x48, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bond\x00'}]}]}]}], {0x14, 0x10}}, 0xe8}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r7 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r7, 0x11b, 0x2, &(0x7f00000016c0)=0x1000000, 0x4)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1)

1.669402586s ago: executing program 4 (id=7346):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4004110)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
socket(0x1f, 0x80802, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x700000, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f0000000000)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r3 = fsopen(&(0x7f0000000080)='bpf\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x0)

1.597359351s ago: executing program 4 (id=7347):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000280)='net/rt_acct\x00')
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="2000000011140100000000000000000008004a00d2417b218f749c24c6eacd8bc23ab579c634bb23680fefbb9e737eb763f232db91cda2e91fbb8ed63f0800b33dd5ecffc2758b1ec8f2a772487516b89af9be94a9b16d62cd05c938b21d44365cb408cdab6801e54601004dd8accceba633cc09169a99ae62eee6ff91f430d9dc8ca1e90a8b76fa0a8d177e6ccb2868579797f238ec272b463af1ba46f2e7d9ae17eec8209c9bfa409bff9ce452eda16f525ef27504ff3777f29f755b2c3b8de4f1ccae58c335704e2c"], 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001cc0)=ANY=[], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='fsi_master_acf_poll_response_busy\x00', r2, 0x0, 0xfffffffff7ffffe9}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ppoll(&(0x7f0000000000)=[{r3, 0x2078}], 0x1, 0x0, 0x0, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='oom_adj\x00')
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
lseek(r4, 0x4, 0x1)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, &(0x7f0000000180)={0x1, 0xc5cd, 0x5})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
fallocate(r5, 0x9, 0x1, 0xe0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2000008, &(0x7f00000003c0), 0xfc, 0x53e, &(0x7f0000000940)="$eJzs3UFvI1cdAPD/eO3d7G62SYEDVGoptGi3grWThrYRh1IkBKdKiMJ5CYkTRXHiKHbaTVRB9hMgIQRInODCBYkPgIRW4sKxQqoEZ5CKQIhuQYIDdJDtcRKcceKsnHjX+f2kybz3xjP/9xy/8YznaSaAC+vZiHgtIj5M0/SFiJjKygvZFHudqfW6Dx68vdiakkjTN/6eRJKVdbeVZPPr2WoTEfH1r0Z8Ozkat7Gzu7ZQqxW7+UpzfbPS2Nm9vbq+sFJdqW7Mzc2+PP/K/EvzM0Np542IePXLf/7h937+lVd//bm3/nTnr7e+06rWZLb8cDtOqXjcwk7TS1cmelbYeshgj6JWe0rdzNXB1rl3hvUBAKC/1jH+RyLi0xHxQkzFpeMPZwEAAIDHUPrFyfhPEpHmu9ynHAAAAHiMFNpjYJNCORsLMBmFQrncGcP7sbhWqNUbzc8u17c3ljpjZaejVFherVVnsrHC01FKWvnZdvog/2JPfi4inoyIH0xdbefLi/Xa0qh//AAAAIAL4nrP+f8/pzrn/wAAAMCYmT5+8dR51QMAAAA4Oyec/wMAAABjwPk/AAAAjLWvvf56a0q7z79eenNne63+5u2lamOtvL69WF6sb22WV+r1lfY9+9ZP2l6tXt/8fGxs3600q41mpbGze2e9vr3RvLMaE+fSIAAAAOCIJz95/w9JROx94Wp7ark86koB56K4n0qyeU7v/+MTnfl751Qp4FxcGuA1713JL3ecAI+3Ym9Bn74OjJ/SqCsAjFxywvKewTvX9lPvZPNPDb9OAADAcN38RP71/5OvC+wVzqF6wBnSieHi6vmeTz3rBy6O9vX/QQfyOFiAsVIaaAQgMM5Oef3/wDuDRkjTU1UIAAAYusn2lBTK2c97k1EolMsRN9qPBSgly6u16kxEPBERv58qXWnlZ9trJieeMwAAAAAAAAAAAAAAAAAAAAAAAAAAHWmaRAoAAACMtYjCX5LfdO7lf3Pq+cne3wcuJ/9uPxL4ckS89ZM3fnR3odncmm2Vv79f3vxxVv7iKH7BAAAAAHp1z9Pb83+NujYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjJsPHry92J0GePnVYcX925ciYjovfjEm2vOJKEXEtX8kUTy0XhIRl4YQf+9eRHw8L37SqtZ+yLz4w3gTTogf09m7kBf/+hDiw0V2v7X/eS2v/xXi2fY8v/8VI/4v/7D67/9if/93qU//vzFgjKfe/WWlb/x7EU8V8/c/3fhJn/jPDRj/W9/Y3e23LP1pxM3u9097j3c4wkGq0lzfrDR2dm+vri+sVFeqG3Nzsy/PvzL/0vxMZXm1Vs3+5sb4/tO/+vC49l/L/f5Lstr0b//zOdvL+07677t3H3y0m9k7Gv/Wcznxf/uz7BVH4xeyOJ/J0kn2XrXTe53387BnfvG7Z45r/9JB+0un+f/f6rfRXkc6ytODfnQAgDPQ2NldW6jVqltjm2idpT8C1bjoiW++/wh+2L471A2maZq2+lTOovsRMch2khhySwv59TlI9P2njHrPBAAADNvBQf+oawIAAAAAAAAAAAAAAAAAAAAX13ncZa035sEtkJNh3EIbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAo/hcAAP//A/7SsQ==")

1.376230779s ago: executing program 0 (id=7348):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000002085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
setfsuid(0x0)

1.292763846s ago: executing program 1 (id=7349):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r1 = socket(0x1e, 0x4, 0x0)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x9200000000000000)
ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000000)={0x4, 0xfff7, 0x2, 0x5})
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x700000000000000)

1.210891193s ago: executing program 0 (id=7350):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f})
r2 = syz_io_uring_setup(0x17dc, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0xffc, 0x5cc}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000780)=[{&(0x7f0000001a40)=""/4090, 0xa74}], 0x1)
sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(r2, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

1.065196765s ago: executing program 5 (id=7351):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

1.043398046s ago: executing program 5 (id=7352):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="02000000040000000400000001"], 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x18)
syz_open_dev$tty20(0xc, 0x4, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000003b000100000000000f000000fe5d000000000000000000000000003e00000000000000000000ffffac1414aaffff0000000000100a00000087000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0100000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000fbfffffffffffffffdffffffffffffff00"/112], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, 0x0, 0x6e6bb5, 0x0, 0x1}}, 0xb8}}, 0x0)

999.14533ms ago: executing program 0 (id=7353):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008000)
gettid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="1870995d0000000800000000000000090000000000000000000000f2fc184559cb6ce80949a2bca8a97f392b8c58933de75b664482744789d37ae948ae510d024fd6802b7a3111d07fa3c49158493c2f59c3a62ecb671c7e9fcf934ec2b274240693bcf353f8831983d1d3021b229d75f99b9fa5a9e841ac8746fe4e4f7c557e832ffdb2055f7cbf61ffc7aea6cd68b6070585027782b8035e0838946e831b333f96dc20dd85e99bd017233d825cd0f886fd7c9fc46de0d7a908b858d0cb000103ecfeacb33ad8e8cc64e0bbf9124dda4ab29293bfc7390b951c0c84b78c3809c89ba5c56acf11b9ce7e74ae023d48cf29e3634861b6a86147ce1f3a50ee21756ad63d758d9381be46a341d71ec72ed65b241a9427f9e3292a2effeb6fb2fec19b119170d8a5b89242466cf4d1d4e7a47bace77f066b5d3d38e6b349865f3427c5bd08fa1840659dba3a283158f13441eb78bb1a5303b0d13d0ac19c24113ccf3cce66889bd3e778a00b738e33507f1a4e378e4e73b14baa242523749ef9e7cdcc613a85e6b1ec0e959e386f42e241f1be2f08053751465bf78c94e1bb48cebf3061"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f})
r0 = syz_io_uring_setup(0x17dc, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0xffc, 0x5cc}, &(0x7f0000000300)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x0, &(0x7f0000000200)}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(r0, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

968.748962ms ago: executing program 5 (id=7354):
getpid()
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000700)=@newsa={0x180, 0x10, 0x1, 0x0, 0x25dfdbfe, {{@in6=@loopback, @in6=@local, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@multicast1, 0x14, 0x33}, @in=@empty=0x14, {0x0, 0x0, 0x0, 0xfffffff7ffffffff, 0x0, 0x2, 0x1000000000000000}, {0xf, 0x100000004}, {}, 0x0, 0x0, 0x2, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'lzjh\x00'}}}, @algo_auth={0x48, 0x1, {{'hmac(sha1-ce)\x00'}}}]}, 0x180}, 0x1, 0x0, 0x0, 0x4004050}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
io_uring_setup(0x54a0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$vcsa(0x0, 0x9, 0x8000)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x4, 0x252, &(0x7f0000000600)="$eJzs3TFoJFUcBvBvZnfvzN0iURtBUEFENBDOTrA5K+FAjkNEUCGiYqMkQkywS6xsLLRWSSVCEDtjK2mCjSJYRU0RG0GDhcFCi5XdSSSaTZTsZked3w82mUnem/8bZr43STEzARprOsnVJK0kM0k6SYqjDe6uPtMHq2tTW3NJr/f4T8WgXbVeOex3OclqkoeSbJZFXmonyxtP7/6y/eh9by517n1/46mpie7kgb3dncf237v+xsfXHlz+4qsfrhe5mu6f9mv8iiE/axfJredR7F+iaNc9Av6JG6999HU/97cluWeQ/07KVAfvrcULm5088O5Jfd/+8cs7JjlWYPx6vU7/GrjaAxqnTNJNUc4mqZbLcna2+hv+m9al8uWFxVdnXlxYmn+h7pkKGJfq/96Ln1z+S/6/b1X5B/6/usnOEzfWv+0v77fqHg0wSf38zzy7cn/kHxpH/qG55B+aS/6huU7O//Rp3Z6/67wHBpw7139oLvmH5pJ/aC75h+aSf2iuo/kHAJqld/GMNw4Xg4cHAP9hdc8/AAAAAAAAAAAAAAAAAADAcWtTW3OHn0nV/OydZO+RJO1h9VuD9xEnNw2+Xvq56Df7Q1F1G8kzNb/M4MOa776++btxbOWDM/f8/M5x1D9iyHPsLpzSfGU+WX09yZV2+/j5Vxycf2d3y9/8vvPciAVG9PCT9db/bb3e+te2k0/788+VYfNPmdsH34fPP93+8Rux/iu/jrgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJub3AAAA//8jdGiU")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x80)
open_by_handle_at(r4, 0x0, 0x36f0516f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mknod$loop(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x100, 0x0)
fcntl$lock(r3, 0x6, &(0x7f0000002000)={0x1})
fcntl$lock(r3, 0x26, &(0x7f00000031c0)={0x1})
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x80000010)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)

741.793261ms ago: executing program 4 (id=7355):
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00'})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x4}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000040000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
recvmmsg(r3, &(0x7f0000003d40)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x2, 0x0)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{}, &(0x7f0000000080), &(0x7f0000000180)='%ps    \x00'}, 0x20)
read$eventfd(0xffffffffffffffff, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10)

408.917457ms ago: executing program 0 (id=7356):
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00'})
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x4}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
recvmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x2, 0x0)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{}, &(0x7f0000000080), &(0x7f0000000180)='%ps    \x00'}, 0x20)
read$eventfd(0xffffffffffffffff, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10)

351.752692ms ago: executing program 1 (id=7357):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4004110)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
socket(0x1f, 0x80802, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x700000, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f0000000000)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r3 = fsopen(&(0x7f0000000080)='bpf\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x0)

295.600536ms ago: executing program 1 (id=7358):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1, 0x0, 0x100}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c00000003060101000000007e625f4609ca6fd90500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00'}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="6000000010003b0c000000000200000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800b00010065727370616e0000300002800600030000800000060002"], 0x60}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES16], 0x50)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000080)=0x9)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x9)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000140)=0x7f)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x28c00e, &(0x7f0000000480)={[{@grpjquota}, {@mblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@discard}, {@grpquota}], [{@seclabel}]}, 0x1, 0x446, &(0x7f0000000d40)="$eJzs28tvG8UfAPDv2kn6/P1qqvLoAwgURMQjadJSeuACAokDSEhwKMeQpFWo26AmSLSKICBUjqgSd8QRib+AE1wQcELiCndUqUK5tMDFaOPdxHbttA5ONtSfj7TJzO44M1/vjj07kw2gbw2nP5KIvRHxa0Tsq2ebCwzXf91cXpz6c3lxKola7Y0/kpVyN5YXp/Ki+ev25JmBiNInSRxuU+/8pcvnJqvVmYtZfmzh/Ltj85cuPzN7fvLszNmZCxOnTp04Pv7cyYlnexJnGteNQx/MHTn4yltXX5s6ffXtH79O8vhb4uiR4fUOPl6r9bi6Yv2vIZ0MFNgQulKud9MYXOn/+6IcaydvX7z8caGNAzZVrVar3df58FINuIslUXQLgGLkX/Tp/W++bdHQY1u4/kL9BiiN+2a21Y8MRCkrM9hyf9tLwxFxeumvL9ItNmceAgCgybfp+OfpbPzXtPBTisZ5of9nayiViLgnIvZHxMmIOBAR90aslL0/Ih7osv7WRZJbxz+la13+ya6k47/ns7Wt5vFfPvqLSjni73y4XInB5MxsdeZY9p6MxOCOND++Th3fvfTLZ52ONY7/0i2tPx8LZu24NrCj+TXTkwuT/ybmRtc/ijg00C7+ZHUlIL0sDkbEoQ3WMfvkV0c6Hbt9/M2GGjM9WGeqfRnxRP38L0VL/Llk/fXJsZ1RnTk2ll8Vt/rp5yuvd6q/2/h7LT3/u9te/6vxV5LG9dr57uu48tunHe9pNnr9DyVvNu17f3Jh4eJ4xFDyar3RjfsnWspNrJVP4x852r7/74+1d+JwRKQX8YMR8VBEPJy1/ZGIeDQijq4T/w8vPvZO856ki/g3Vxr/dFfnfy0xFK172ifK577/pqnSSnQRf3r+T6ykRrI9d/L5dyft2tjVDAAAAP89pYjYG0lpdDVdKo2O1v+H/0DsLlXn5heeOjP33oXp+jMClRgs5TNd9fng+nzoeHZbn+cnWvLHs3njz8u7VvKjU3PV6aKDhz63p0P/T/1eLrp1wKbzvBb0L/0f+pf+D/1L/4f+1ab/7yqiHcDWa/f9/2EB7QC2Xkv/t+wHfcT9P/Qv/R/6l/4PfWl+V9z+Ifntmti5PZrRn4koFVd7PkNV+JtwFycK/mACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADokX8CAAD//2Ts5lU=")
lsetxattr$security_selinux(&(0x7f00000001c0)='.\x00', &(0x7f0000000240), &(0x7f0000000280)='system_u:object_r:fsadm_exec_t:s0\x00', 0x1001, 0x0)
memfd_secret(0x80000)

250.71967ms ago: executing program 1 (id=7359):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x32}, 0x9c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000002001000001"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bc00551a000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
getpeername$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='br_fdb_add\x00', r4}, 0x10)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xd, 0x0, &(0x7f0000000040))
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e20, 0xffffffff, @empty, 0xffffffff}}}, 0x90)

171.880187ms ago: executing program 1 (id=7360):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f})
r2 = syz_io_uring_setup(0x17dc, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0xffc, 0x5cc}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000780)=[{&(0x7f0000001a40)=""/4090, 0xa74}], 0x1)
sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(r2, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

109.224331ms ago: executing program 5 (id=7361):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000002085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
setfsuid(0x0)

31.318138ms ago: executing program 5 (id=7362):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$sock_buf(r2, 0x1, 0x1f, &(0x7f0000000240)=""/227, &(0x7f0000000180)=0xe3)

0s ago: executing program 5 (id=7363):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f})
r2 = syz_io_uring_setup(0x17dc, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0xffc, 0x5cc}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000780)=[{&(0x7f0000001a40)=""/4090, 0xa74}], 0x1)
sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(r2, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

kernel console output (not intermixed with test programs):

][T28450]  ? hash_netiface_create+0x21b/0x740
[  541.834179][T28450]  ? __kmalloc_cache_noprof+0x189/0x320
[  541.834216][T28450]  ip_set_alloc+0x1f/0x30
[  541.834251][T28450]  hash_netiface_create+0x282/0x740
[  541.834360][T28450]  ? __pfx_hash_netiface_create+0x10/0x10
[  541.834401][T28450]  ip_set_create+0x3cc/0x960
[  541.834510][T28450]  ? __nla_parse+0x40/0x60
[  541.834548][T28450]  nfnetlink_rcv_msg+0x4c6/0x590
[  541.834602][T28450]  netlink_rcv_skb+0x120/0x220
[  541.834731][T28450]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  541.834773][T28450]  nfnetlink_rcv+0x16b/0x1690
[  541.834937][T28450]  ? nlmon_xmit+0x4f/0x60
[  541.834968][T28450]  ? consume_skb+0x49/0x150
[  541.834998][T28450]  ? nlmon_xmit+0x4f/0x60
[  541.835104][T28450]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  541.835162][T28450]  ? __dev_queue_xmit+0x1200/0x2000
[  541.835207][T28450]  ? __dev_queue_xmit+0x182/0x2000
[  541.835258][T28450]  ? merge_sched_in+0x605/0xa60
[  541.835285][T28450]  ? ref_tracker_free+0x37d/0x3e0
[  541.835336][T28450]  ? __netlink_deliver_tap+0x4dc/0x500
[  541.835403][T28450]  netlink_unicast+0x5c0/0x690
[  541.835435][T28450]  netlink_sendmsg+0x58b/0x6b0
[  541.835499][T28450]  ? __pfx_netlink_sendmsg+0x10/0x10
[  541.835612][T28450]  __sock_sendmsg+0x145/0x180
[  541.835644][T28450]  ____sys_sendmsg+0x31e/0x4e0
[  541.835691][T28450]  ___sys_sendmsg+0x17b/0x1d0
[  541.835815][T28450]  __x64_sys_sendmsg+0xd4/0x160
[  541.835861][T28450]  x64_sys_call+0x191e/0x2ff0
[  541.835891][T28450]  do_syscall_64+0xd2/0x200
[  541.835947][T28450]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  541.835978][T28450]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  541.836006][T28450]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  541.836044][T28450] RIP: 0033:0x7f409bbbeb69
[  541.836140][T28450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  541.836166][T28450] RSP: 002b:00007f409a227038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  541.836191][T28450] RAX: ffffffffffffffda RBX: 00007f409bde5fa0 RCX: 00007f409bbbeb69
[  541.836263][T28450] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004
[  541.836276][T28450] RBP: 00007f409bc41df1 R08: 0000000000000000 R09: 0000000000000000
[  541.836288][T28450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  541.836300][T28450] R13: 0000000000000000 R14: 00007f409bde5fa0 R15: 00007ffc19a40b18
[  541.836322][T28450]  </TASK>
[  541.836330][T28450] memory: usage 307200kB, limit 307200kB, failcnt 3469
[  542.187330][T28450] memory+swap: usage 307404kB, limit 9007199254740988kB, failcnt 0
[  542.195274][T28450] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0
[  542.202585][T28450] Memory cgroup stats for /syz4:
[  542.202834][T28450] cache 0
[  542.210773][T28450] rss 0
[  542.213567][T28450] shmem 0
[  542.216517][T28450] mapped_file 0
[  542.219981][T28450] dirty 0
[  542.222977][T28450] writeback 0
[  542.226280][T28450] workingset_refault_anon 1843
[  542.231066][T28450] workingset_refault_file 4095
[  542.235882][T28450] swap 208896
[  542.239257][T28450] swapcached 4096
[  542.242921][T28450] pgpgin 501072
[  542.246392][T28450] pgpgout 501071
[  542.249946][T28450] pgfault 479721
[  542.253533][T28450] pgmajfault 900
[  542.257093][T28450] inactive_anon 0
[  542.260744][T28450] active_anon 4096
[  542.264582][T28450] inactive_file 0
[  542.268316][T28450] active_file 0
[  542.271801][T28450] unevictable 0
[  542.275367][T28450] hierarchical_memory_limit 314572800
[  542.280754][T28450] hierarchical_memsw_limit 9223372036854771712
[  542.287031][T28450] total_cache 0
[  542.290530][T28450] total_rss 0
[  542.293850][T28450] total_shmem 0
[  542.297323][T28450] total_mapped_file 0
[  542.301324][T28450] total_dirty 0
[  542.304826][T28450] total_writeback 0
[  542.308745][T28450] total_workingset_refault_anon 1843
[  542.314082][T28450] total_workingset_refault_file 4095
[  542.319389][T28450] total_swap 208896
[  542.323323][T28450] total_swapcached 4096
[  542.327493][T28450] total_pgpgin 501072
[  542.331570][T28450] total_pgpgout 501071
[  542.335676][T28450] total_pgfault 479721
[  542.339762][T28450] total_pgmajfault 900
[  542.343878][T28450] total_inactive_anon 0
[  542.348058][T28450] total_active_anon 4096
[  542.352309][T28450] total_inactive_file 0
[  542.356607][T28450] total_active_file 0
[  542.360612][T28450] total_unevictable 0
[  542.364632][T28450] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.6878,pid=28449,uid=0
[  542.379442][T28450] Memory cgroup out of memory: Killed process 28449 (syz.4.6878) total-vm:93896kB, anon-rss:944kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  542.404306][T25209] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  542.492501][   T29] kauditd_printk_skb: 468 callbacks suppressed
[  542.492526][   T29] audit: type=1326 audit(2000000114.832:24840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28541 comm="syz.5.6892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  542.550408][   T29] audit: type=1326 audit(2000000114.882:24841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28541 comm="syz.5.6892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  542.574226][   T29] audit: type=1326 audit(2000000114.882:24842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28541 comm="syz.5.6892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  542.597883][   T29] audit: type=1326 audit(2000000114.882:24843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28541 comm="syz.5.6892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  542.672205][T28550] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=28550 comm=syz.1.6894
[  542.701167][T28550] netlink: 104 bytes leftover after parsing attributes in process `syz.1.6894'.
[  542.715318][   T29] audit: type=1326 audit(2000000114.952:24844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28541 comm="syz.5.6892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  542.739275][   T29] audit: type=1326 audit(2000000114.952:24845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28541 comm="syz.5.6892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  542.762978][   T29] audit: type=1326 audit(2000000114.962:24846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28545 comm="syz.1.6903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  542.786789][   T29] audit: type=1326 audit(2000000114.962:24847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28545 comm="syz.1.6903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  542.810488][   T29] audit: type=1326 audit(2000000114.962:24848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28545 comm="syz.1.6903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  542.834364][   T29] audit: type=1326 audit(2000000114.962:24849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28545 comm="syz.1.6903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  543.003540][T28577] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6904'.
[  543.112078][T28580] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.178980][T28580] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.261141][T28580] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.288072][T28599] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=28599 comm=syz.4.6908
[  543.322458][T28599] netlink: 104 bytes leftover after parsing attributes in process `syz.4.6908'.
[  543.337014][T28580] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.478907][T22121] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  543.519824][T22121] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  543.549710][T22121] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  543.582851][T22121] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  543.602930][T28616] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6911'.
[  543.612097][T28616] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6911'.
[  543.873377][T28588] syz.1.6907 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=0
[  543.887895][T28588] CPU: 0 UID: 0 PID: 28588 Comm: syz.1.6907 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  543.887939][T28588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  543.887957][T28588] Call Trace:
[  543.887965][T28588]  <TASK>
[  543.887975][T28588]  __dump_stack+0x1d/0x30
[  543.888044][T28588]  dump_stack_lvl+0xe8/0x140
[  543.888063][T28588]  dump_stack+0x15/0x1b
[  543.888084][T28588]  dump_header+0x81/0x220
[  543.888191][T28588]  oom_kill_process+0x342/0x400
[  543.888278][T28588]  out_of_memory+0x979/0xb80
[  543.888396][T28588]  try_charge_memcg+0x5e6/0x9e0
[  543.888426][T28588]  obj_cgroup_charge_pages+0xa6/0x150
[  543.888487][T28588]  __memcg_kmem_charge_page+0x9f/0x170
[  543.888524][T28588]  __alloc_frozen_pages_noprof+0x188/0x360
[  543.888614][T28588]  alloc_pages_mpol+0xb3/0x250
[  543.888658][T28588]  alloc_pages_noprof+0x90/0x130
[  543.888825][T28588]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  543.888895][T28588]  __kvmalloc_node_noprof+0x30f/0x4e0
[  543.888930][T28588]  ? ip_set_alloc+0x1f/0x30
[  543.889009][T28588]  ? ip_set_alloc+0x1f/0x30
[  543.889039][T28588]  ? __kmalloc_cache_noprof+0x189/0x320
[  543.889070][T28588]  ip_set_alloc+0x1f/0x30
[  543.889121][T28588]  hash_netiface_create+0x282/0x740
[  543.889155][T28588]  ? __pfx_hash_netiface_create+0x10/0x10
[  543.889194][T28588]  ip_set_create+0x3cc/0x960
[  543.889293][T28588]  ? __nla_parse+0x40/0x60
[  543.889319][T28588]  nfnetlink_rcv_msg+0x4c6/0x590
[  543.889374][T28588]  netlink_rcv_skb+0x120/0x220
[  543.889460][T28588]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  543.889495][T28588]  nfnetlink_rcv+0x16b/0x1690
[  543.889531][T28588]  ? nlmon_xmit+0x4f/0x60
[  543.889553][T28588]  ? consume_skb+0x49/0x150
[  543.889611][T28588]  ? nlmon_xmit+0x4f/0x60
[  543.889653][T28588]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  543.889690][T28588]  ? __dev_queue_xmit+0x1200/0x2000
[  543.889729][T28588]  ? __dev_queue_xmit+0x182/0x2000
[  543.889846][T28588]  ? merge_sched_in+0x605/0xa60
[  543.889936][T28588]  ? ref_tracker_free+0x37d/0x3e0
[  543.889995][T28588]  ? __netlink_deliver_tap+0x4dc/0x500
[  543.890075][T28588]  netlink_unicast+0x5c0/0x690
[  543.890105][T28588]  netlink_sendmsg+0x58b/0x6b0
[  543.890145][T28588]  ? __pfx_netlink_sendmsg+0x10/0x10
[  543.890228][T28588]  __sock_sendmsg+0x145/0x180
[  543.890260][T28588]  ____sys_sendmsg+0x31e/0x4e0
[  543.890299][T28588]  ___sys_sendmsg+0x17b/0x1d0
[  543.890414][T28588]  __x64_sys_sendmsg+0xd4/0x160
[  543.890489][T28588]  x64_sys_call+0x191e/0x2ff0
[  543.890571][T28588]  do_syscall_64+0xd2/0x200
[  543.890594][T28588]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  543.890626][T28588]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  543.890655][T28588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.890728][T28588] RIP: 0033:0x7f2adea2eb69
[  543.890743][T28588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  543.890762][T28588] RSP: 002b:00007f2add08f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  543.890811][T28588] RAX: ffffffffffffffda RBX: 00007f2adec55fa0 RCX: 00007f2adea2eb69
[  543.890828][T28588] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004
[  543.890845][T28588] RBP: 00007f2adeab1df1 R08: 0000000000000000 R09: 0000000000000000
[  543.890889][T28588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  543.890903][T28588] R13: 0000000000000000 R14: 00007f2adec55fa0 R15: 00007ffd11ab2e28
[  543.890927][T28588]  </TASK>
[  543.891103][T28588] memory: usage 307200kB, limit 307200kB, failcnt 3628
[  544.224168][T28626] netlink: 'syz.0.6913': attribute type 21 has an invalid length.
[  544.230752][T28588] memory+swap: usage 307376kB, limit 9007199254740988kB, failcnt 0
[  544.265443][T28588] kmem: usage 307152kB, limit 9007199254740988kB, failcnt 0
[  544.273060][T28588] Memory cgroup stats for /syz1:
[  544.274879][T28588] cache 4096
[  544.283337][T28588] rss 4096
[  544.286475][T28588] shmem 0
[  544.289590][T28588] mapped_file 4096
[  544.293487][T28588] dirty 0
[  544.296082][T28626] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6913'.
[  544.296574][T28588] writeback 0
[  544.309043][T28588] workingset_refault_anon 1636
[  544.314062][T28588] workingset_refault_file 3128
[  544.319137][T28588] swap 180224
[  544.322585][T28588] swapcached 36864
[  544.326526][T28588] pgpgin 516604
[  544.330147][T28588] pgpgout 516592
[  544.333870][T28588] pgfault 541276
[  544.337614][T28588] pgmajfault 906
[  544.341416][T28588] inactive_anon 36864
[  544.345651][T28588] active_anon 0
[  544.349343][T28588] inactive_file 8192
[  544.353419][T28588] active_file 4096
[  544.357301][T28588] unevictable 0
[  544.360970][T28588] hierarchical_memory_limit 314572800
[  544.366685][T28588] hierarchical_memsw_limit 9223372036854771712
[  544.373141][T28588] total_cache 4096
[  544.377020][T28588] total_rss 4096
[  544.380758][T28588] total_shmem 0
[  544.384381][T28588] total_mapped_file 4096
[  544.388832][T28588] total_dirty 0
[  544.392434][T28588] total_writeback 0
[  544.396492][T28588] total_workingset_refault_anon 1636
[  544.401993][T28588] total_workingset_refault_file 3128
[  544.407634][T28588] total_swap 180224
[  544.411593][T28588] total_swapcached 36864
[  544.416034][T28588] total_pgpgin 516604
[  544.420159][T28588] total_pgpgout 516592
[  544.424417][T28588] total_pgfault 541279
[  544.428680][T28588] total_pgmajfault 906
[  544.432903][T28588] total_inactive_anon 36864
[  544.437794][T28588] total_active_anon 0
[  544.441922][T28588] total_inactive_file 8192
[  544.446556][T28588] total_active_file 4096
[  544.451053][T28588] total_unevictable 0
[  544.455249][T28588] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.6907,pid=28587,uid=0
[  544.470681][T28588] Memory cgroup out of memory: Killed process 28587 (syz.1.6907) total-vm:93764kB, anon-rss:940kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:0
[  544.608498][T28647] loop5: detected capacity change from 0 to 128
[  544.621192][T28647] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  544.633965][T28647] ext4 filesystem being mounted at /147/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  544.651294][T28652] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.665358][T28647] EXT4-fs warning (device loop5): ext4_dirblock_csum_verify:375: inode #2: comm syz.5.6923: No space for directory leaf checksum. Please run e2fsck -D.
[  544.680848][T28647] EXT4-fs error (device loop5): __ext4_find_entry:1626: inode #2: comm syz.5.6923: checksumming directory block 0
[  544.698231][T28652] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.709426][T28648] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6919'.
[  544.767506][T28652] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.783456][T28661] EXT4-fs warning (device loop5): ext4_dirblock_csum_verify:375: inode #2: comm syz.5.6923: No space for directory leaf checksum. Please run e2fsck -D.
[  544.798969][T28661] EXT4-fs error (device loop5): __ext4_find_entry:1626: inode #2: comm syz.5.6923: checksumming directory block 0
[  544.827863][T28652] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.847595][T28669] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.884527][ T5032] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  544.937781][T28669] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.952029][T22120] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  544.960394][T22120] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  544.968731][T22120] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  544.985803][T28686] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=28686 comm=syz.1.6928
[  544.999002][T28686] netlink: 104 bytes leftover after parsing attributes in process `syz.1.6928'.
[  545.036769][T28669] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  545.085537][T28669] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  545.244447][T22123] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  545.256810][T22123] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  545.269247][T22123] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  545.281597][ T5032] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  545.453173][T25209] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  545.532361][T28725] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6934'.
[  545.541775][T28725] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6934'.
[  545.961509][T28750] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  546.038798][T28750] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  546.075727][T28750] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  546.118365][T28750] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  546.453866][T28785] FAULT_INJECTION: forcing a failure.
[  546.453866][T28785] name failslab, interval 1, probability 0, space 0, times 0
[  546.467027][T28785] CPU: 0 UID: 0 PID: 28785 Comm: syz.5.6957 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  546.467054][T28785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  546.467140][T28785] Call Trace:
[  546.467146][T28785]  <TASK>
[  546.467153][T28785]  __dump_stack+0x1d/0x30
[  546.467172][T28785]  dump_stack_lvl+0xe8/0x140
[  546.467189][T28785]  dump_stack+0x15/0x1b
[  546.467204][T28785]  should_fail_ex+0x265/0x280
[  546.467287][T28785]  should_failslab+0x8c/0xb0
[  546.467346][T28785]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  546.467371][T28785]  ? sock_alloc_inode+0x34/0xa0
[  546.467393][T28785]  ? __pfx_sock_alloc_inode+0x10/0x10
[  546.467489][T28785]  sock_alloc_inode+0x34/0xa0
[  546.467583][T28785]  alloc_inode+0x3d/0x170
[  546.467604][T28785]  __sock_create+0x122/0x5b0
[  546.467629][T28785]  sock_create_kern+0x38/0x50
[  546.467714][T28785]  mptcp_subflow_create_socket+0x84/0x630
[  546.467832][T28785]  ? avc_has_perm_noaudit+0x1b1/0x200
[  546.467912][T28785]  __mptcp_nmpc_sk+0xb3/0x3a0
[  546.467931][T28785]  mptcp_connect+0x58/0x890
[  546.468012][T28785]  __inet_stream_connect+0x166/0x7e0
[  546.468041][T28785]  ? _raw_spin_unlock_bh+0x36/0x40
[  546.468069][T28785]  ? release_sock+0x116/0x150
[  546.468113][T28785]  ? _raw_spin_unlock_bh+0x36/0x40
[  546.468139][T28785]  ? lock_sock_nested+0x112/0x140
[  546.468178][T28785]  ? selinux_netlbl_socket_connect+0x115/0x130
[  546.468209][T28785]  inet_stream_connect+0x44/0x70
[  546.468286][T28785]  ? __pfx_inet_stream_connect+0x10/0x10
[  546.468315][T28785]  __sys_connect+0x1ef/0x2b0
[  546.468424][T28785]  __x64_sys_connect+0x3f/0x50
[  546.468450][T28785]  x64_sys_call+0x2c08/0x2ff0
[  546.468530][T28785]  do_syscall_64+0xd2/0x200
[  546.468551][T28785]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  546.468615][T28785]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  546.468634][T28785]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.468653][T28785] RIP: 0033:0x7f0259deeb69
[  546.468724][T28785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  546.468740][T28785] RSP: 002b:00007f0258436038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  546.468757][T28785] RAX: ffffffffffffffda RBX: 00007f025a016080 RCX: 00007f0259deeb69
[  546.468769][T28785] RDX: 0000000000000010 RSI: 0000200000000140 RDI: 000000000000000d
[  546.468780][T28785] RBP: 00007f0258436090 R08: 0000000000000000 R09: 0000000000000000
[  546.468791][T28785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  546.468802][T28785] R13: 0000000000000001 R14: 00007f025a016080 R15: 00007ffdba95d498
[  546.468890][T28785]  </TASK>
[  546.468961][T28785] socket: no more sockets
[  546.522445][T28786] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  546.744979][T28786] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  546.754183][T28786] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  546.763156][T28786] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  546.772185][T28786] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  546.781875][T28785] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  546.790511][T28785] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  546.799800][T28785] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  547.243132][T28803] loop4: detected capacity change from 0 to 1024
[  547.250650][T28803] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  547.261648][T28803] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  547.271959][T28783] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  547.274502][T28803] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #2: comm syz.4.6964: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 2, max 1(4), depth 0(0)
[  547.309445][T28803] EXT4-fs (loop4): no journal found
[  547.790226][T28825] FAULT_INJECTION: forcing a failure.
[  547.790226][T28825] name failslab, interval 1, probability 0, space 0, times 0
[  547.803387][T28825] CPU: 0 UID: 0 PID: 28825 Comm: syz.5.6971 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  547.803461][T28825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  547.803473][T28825] Call Trace:
[  547.803480][T28825]  <TASK>
[  547.803488][T28825]  __dump_stack+0x1d/0x30
[  547.803541][T28825]  dump_stack_lvl+0xe8/0x140
[  547.803567][T28825]  dump_stack+0x15/0x1b
[  547.803589][T28825]  should_fail_ex+0x265/0x280
[  547.803631][T28825]  should_failslab+0x8c/0xb0
[  547.803711][T28825]  kmem_cache_alloc_noprof+0x50/0x310
[  547.803738][T28825]  ? alloc_empty_file+0x76/0x200
[  547.803863][T28825]  alloc_empty_file+0x76/0x200
[  547.803902][T28825]  alloc_file_pseudo+0xc6/0x160
[  547.803943][T28825]  __shmem_file_setup+0x1de/0x210
[  547.803990][T28825]  shmem_file_setup+0x3b/0x50
[  547.804024][T28825]  __se_sys_memfd_create+0x2c3/0x590
[  547.804053][T28825]  __x64_sys_memfd_create+0x31/0x40
[  547.804096][T28825]  x64_sys_call+0x2abe/0x2ff0
[  547.804120][T28825]  do_syscall_64+0xd2/0x200
[  547.804227][T28825]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  547.804258][T28825]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  547.804283][T28825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.804304][T28825] RIP: 0033:0x7f0259deeb69
[  547.804319][T28825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  547.804350][T28825] RSP: 002b:00007f0258414e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  547.804373][T28825] RAX: ffffffffffffffda RBX: 0000000000000305 RCX: 00007f0259deeb69
[  547.804460][T28825] RDX: 00007f0258414ef0 RSI: 0000000000000000 RDI: 00007f0259e72784
[  547.804475][T28825] RBP: 0000200000000080 R08: 00007f0258414bb7 R09: 00007f0258414e40
[  547.804489][T28825] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  547.804506][T28825] R13: 00007f0258414ef0 R14: 00007f0258414eb0 R15: 0000200000000a40
[  547.804530][T28825]  </TASK>
[  548.266810][   T29] kauditd_printk_skb: 280 callbacks suppressed
[  548.266829][   T29] audit: type=1326 audit(2000000120.609:25130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28828 comm="syz.2.6973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae5506eb69 code=0x7ffc0000
[  548.310480][   T29] audit: type=1326 audit(2000000120.639:25131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28828 comm="syz.2.6973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fae5506eb69 code=0x7ffc0000
[  548.314574][T28829] netlink: 'syz.2.6973': attribute type 10 has an invalid length.
[  548.335423][   T29] audit: type=1326 audit(2000000120.639:25132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28828 comm="syz.2.6973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae5506eb69 code=0x7ffc0000
[  548.358238][T28829] team0: Port device dummy0 added
[  548.367152][   T29] audit: type=1326 audit(2000000120.639:25133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28828 comm="syz.2.6973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae5506eb69 code=0x7ffc0000
[  548.395994][   T29] audit: type=1326 audit(2000000120.639:25134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28828 comm="syz.2.6973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7fae5506eb69 code=0x7ffc0000
[  548.415915][T28832] netlink: 'syz.2.6973': attribute type 10 has an invalid length.
[  548.420488][   T29] audit: type=1326 audit(2000000120.639:25135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28828 comm="syz.2.6973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae5506eb69 code=0x7ffc0000
[  548.437031][T28832] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  548.452126][   T29] audit: type=1326 audit(2000000120.639:25136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28828 comm="syz.2.6973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae5506eb69 code=0x7ffc0000
[  548.484523][   T29] audit: type=1326 audit(2000000120.639:25137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28828 comm="syz.2.6973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fae5506eb69 code=0x7ffc0000
[  548.508874][   T29] audit: type=1326 audit(2000000120.639:25138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28828 comm="syz.2.6973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae5506eb69 code=0x7ffc0000
[  548.533316][   T29] audit: type=1326 audit(2000000120.639:25139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28828 comm="syz.2.6973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae5506eb69 code=0x7ffc0000
[  548.556882][T28829] netlink: 'syz.2.6973': attribute type 10 has an invalid length.
[  548.597835][T28832] team0: Failed to send options change via netlink (err -105)
[  548.605528][T28832] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  548.614828][T28832] team0: Port device dummy0 removed
[  548.642753][T28832] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  548.680611][T28845] 9pnet_fd: Insufficient options for proto=fd
[  548.698048][T28849] __nla_validate_parse: 6 callbacks suppressed
[  548.698067][T28849] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6981'.
[  548.792520][T28858] loop5: detected capacity change from 0 to 512
[  548.818949][T28858] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.6981: Failed to acquire dquot type 1
[  548.856517][T28867] netlink: 'syz.4.6986': attribute type 29 has an invalid length.
[  548.891373][T28867] loop4: detected capacity change from 0 to 512
[  548.929107][T28858] EXT4-fs (loop5): 1 truncate cleaned up
[  548.941034][T28858] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  548.968049][T28858] ext4 filesystem being mounted at /156/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  548.983129][T28867] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  548.991795][T28867] EXT4-fs (loop4): orphan cleanup on readonly fs
[  549.001005][T28867] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.6986: corrupted inode contents
[  549.014186][T28867] EXT4-fs (loop4): Remounting filesystem read-only
[  549.021841][T28867] EXT4-fs (loop4): 1 truncate cleaned up
[  549.028195][ T5061] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  549.038865][ T5061] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  549.050528][ T5061] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  549.061382][T28867] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  549.075507][T28867] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  549.086484][T28880] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=28880 comm=syz.1.6990
[  549.355732][T28903] 9pnet_fd: Insufficient options for proto=fd
[  549.445005][T28857] syz.2.6984 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  549.459239][T28857] CPU: 1 UID: 0 PID: 28857 Comm: syz.2.6984 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  549.459349][T28857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  549.459366][T28857] Call Trace:
[  549.459375][T28857]  <TASK>
[  549.459386][T28857]  __dump_stack+0x1d/0x30
[  549.459415][T28857]  dump_stack_lvl+0xe8/0x140
[  549.459464][T28857]  dump_stack+0x15/0x1b
[  549.459486][T28857]  dump_header+0x81/0x220
[  549.459520][T28857]  oom_kill_process+0x342/0x400
[  549.459584][T28857]  out_of_memory+0x979/0xb80
[  549.459622][T28857]  try_charge_memcg+0x5e6/0x9e0
[  549.459661][T28857]  obj_cgroup_charge_pages+0xa6/0x150
[  549.459740][T28857]  __memcg_kmem_charge_page+0x9f/0x170
[  549.459782][T28857]  __alloc_frozen_pages_noprof+0x188/0x360
[  549.459864][T28857]  alloc_pages_mpol+0xb3/0x250
[  549.459909][T28857]  alloc_pages_noprof+0x90/0x130
[  549.459966][T28857]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  549.460023][T28857]  __kvmalloc_node_noprof+0x30f/0x4e0
[  549.460098][T28857]  ? ip_set_alloc+0x1f/0x30
[  549.460206][T28857]  ? ip_set_alloc+0x1f/0x30
[  549.460242][T28857]  ? __kmalloc_cache_noprof+0x189/0x320
[  549.460282][T28857]  ip_set_alloc+0x1f/0x30
[  549.460389][T28857]  hash_netiface_create+0x282/0x740
[  549.460426][T28857]  ? __pfx_hash_netiface_create+0x10/0x10
[  549.460466][T28857]  ip_set_create+0x3cc/0x960
[  549.460521][T28857]  ? __nla_parse+0x40/0x60
[  549.460567][T28857]  nfnetlink_rcv_msg+0x4c6/0x590
[  549.460673][T28857]  netlink_rcv_skb+0x120/0x220
[  549.460713][T28857]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  549.460843][T28857]  nfnetlink_rcv+0x16b/0x1690
[  549.460888][T28857]  ? __list_add_valid_or_report+0x38/0xe0
[  549.460965][T28857]  ? merge_sched_in+0x605/0xa60
[  549.461064][T28857]  ? rb_next+0x5c/0x80
[  549.461091][T28857]  ? visit_groups_merge+0xf7e/0xfd0
[  549.461120][T28857]  ? should_fail_ex+0x30/0x280
[  549.461163][T28857]  ? selinux_nlmsg_lookup+0x99/0x890
[  549.461200][T28857]  ? __rcu_read_unlock+0x34/0x70
[  549.461300][T28857]  ? __netlink_lookup+0x266/0x2a0
[  549.461328][T28857]  netlink_unicast+0x5c0/0x690
[  549.461369][T28857]  netlink_sendmsg+0x58b/0x6b0
[  549.461414][T28857]  ? __pfx_netlink_sendmsg+0x10/0x10
[  549.461527][T28857]  __sock_sendmsg+0x145/0x180
[  549.461560][T28857]  ____sys_sendmsg+0x31e/0x4e0
[  549.461674][T28857]  ___sys_sendmsg+0x17b/0x1d0
[  549.461736][T28857]  __x64_sys_sendmsg+0xd4/0x160
[  549.461834][T28857]  x64_sys_call+0x191e/0x2ff0
[  549.461874][T28857]  do_syscall_64+0xd2/0x200
[  549.461904][T28857]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  549.462062][T28857]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  549.462090][T28857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.462119][T28857] RIP: 0033:0x7fae5506eb69
[  549.462139][T28857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  549.462163][T28857] RSP: 002b:00007fae536cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  549.462198][T28857] RAX: ffffffffffffffda RBX: 00007fae55295fa0 RCX: 00007fae5506eb69
[  549.462216][T28857] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004
[  549.462233][T28857] RBP: 00007fae550f1df1 R08: 0000000000000000 R09: 0000000000000000
[  549.462250][T28857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  549.462267][T28857] R13: 0000000000000000 R14: 00007fae55295fa0 R15: 00007ffdeed9e608
[  549.462292][T28857]  </TASK>
[  549.462346][T28857] memory: usage 307116kB, limit 307200kB, failcnt 4953
[  549.471199][T28905] loop4: detected capacity change from 0 to 512
[  549.474660][T28857] memory+swap: usage 307392kB, limit 9007199254740988kB, failcnt 0
[  549.474694][T28857] kmem: usage 307108kB, limit 9007199254740988kB, failcnt 0
[  549.474711][T28857] Memory cgroup stats for /syz2:
[  549.486050][T28857] cache 4096
[  549.492346][T28905] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  549.495737][T28857] rss 4096
[  549.495746][T28857] shmem 0
[  549.495753][T28857] mapped_file 0
[  549.495762][T28857] dirty 0
[  549.495770][T28857] writeback 0
[  549.495779][T28857] workingset_refault_anon 1942
[  549.495789][T28857] workingset_refault_file 4221
[  549.495796][T28857] swap 196608
[  549.495871][T28857] swapcached 8192
[  549.540264][T28905] ip6gretap1: entered promiscuous mode
[  549.545010][T28857] pgpgin 484420
[  549.545022][T28857] pgpgout 484417
[  549.545032][T28857] pgfault 483159
[  549.545041][T28857] pgmajfault 1055
[  549.545057][T28857] inactive_anon 0
[  549.545143][T28857] active_anon 4096
[  549.545153][T28857] inactive_file 0
[  549.545163][T28857] active_file 4096
[  549.545172][T28857] unevictable 0
[  549.545182][T28857] hierarchical_memory_limit 314572800
[  549.545194][T28857] hierarchical_memsw_limit 9223372036854771712
[  549.545207][T28857] total_cache 4096
[  549.545217][T28857] total_rss 4096
[  549.550428][T28905] ip6gretap1: entered allmulticast mode
[  549.556013][T28857] total_shmem 0
[  549.556023][T28857] total_mapped_file 0
[  549.556031][T28857] total_dirty 0
[  549.556040][T28857] total_writeback 0
[  549.556088][T28857] total_workingset_refault_anon 1942
[  549.556104][T28857] total_workingset_refault_file 4221
[  549.556116][T28857] total_swap 196608
[  549.556126][T28857] total_swapcached 8192
[  549.556134][T28857] total_pgpgin 484420
[  549.556144][T28857] total_pgpgout 484417
[  549.556154][T28857] total_pgfault 483159
[  549.556183][T28857] total_pgmajfault 1055
[  549.556193][T28857] total_inactive_anon 0
[  549.995501][T28857] total_active_anon 4096
[  549.999797][T28857] total_inactive_file 0
[  550.003971][T28857] total_active_file 4096
[  550.008416][T28857] total_unevictable 0
[  550.012403][T28857] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.6984,pid=28854,uid=0
[  550.027230][T28857] Memory cgroup out of memory: Killed process 28854 (syz.2.6984) total-vm:93764kB, anon-rss:944kB, file-rss:22224kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  550.047200][T25209] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  550.162769][T28925] netlink: 96 bytes leftover after parsing attributes in process `syz.4.7002'.
[  550.183001][T28925] FAULT_INJECTION: forcing a failure.
[  550.183001][T28925] name failslab, interval 1, probability 0, space 0, times 0
[  550.195685][T28925] CPU: 1 UID: 0 PID: 28925 Comm: syz.4.7002 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  550.195747][T28925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  550.195793][T28925] Call Trace:
[  550.195800][T28925]  <TASK>
[  550.195807][T28925]  __dump_stack+0x1d/0x30
[  550.195833][T28925]  dump_stack_lvl+0xe8/0x140
[  550.195878][T28925]  dump_stack+0x15/0x1b
[  550.195900][T28925]  should_fail_ex+0x265/0x280
[  550.195939][T28925]  should_failslab+0x8c/0xb0
[  550.195981][T28925]  kmem_cache_alloc_node_noprof+0x57/0x320
[  550.196049][T28925]  ? __alloc_skb+0x101/0x320
[  550.196077][T28925]  ? __rtnl_unlock+0x95/0xb0
[  550.196106][T28925]  __alloc_skb+0x101/0x320
[  550.196206][T28925]  netlink_ack+0xfd/0x500
[  550.196246][T28925]  netlink_rcv_skb+0x192/0x220
[  550.196285][T28925]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  550.196339][T28925]  rtnetlink_rcv+0x1c/0x30
[  550.196436][T28925]  netlink_unicast+0x5c0/0x690
[  550.196471][T28925]  netlink_sendmsg+0x58b/0x6b0
[  550.196550][T28925]  ? __pfx_netlink_sendmsg+0x10/0x10
[  550.196625][T28925]  __sock_sendmsg+0x145/0x180
[  550.196656][T28925]  __sys_sendto+0x268/0x330
[  550.196695][T28925]  __x64_sys_sendto+0x76/0x90
[  550.196755][T28925]  x64_sys_call+0x2d05/0x2ff0
[  550.196783][T28925]  do_syscall_64+0xd2/0x200
[  550.196857][T28925]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  550.196882][T28925]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  550.196910][T28925]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.197006][T28925] RIP: 0033:0x7f409bbbeb69
[  550.197026][T28925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  550.197049][T28925] RSP: 002b:00007f409a227038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  550.197073][T28925] RAX: ffffffffffffffda RBX: 00007f409bde5fa0 RCX: 00007f409bbbeb69
[  550.197090][T28925] RDX: 0000000000000090 RSI: 00002000000000c0 RDI: 0000000000000003
[  550.197147][T28925] RBP: 00007f409a227090 R08: 0000000000000000 R09: 0000000000000000
[  550.197164][T28925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  550.197180][T28925] R13: 0000000000000000 R14: 00007f409bde5fa0 R15: 00007ffc19a40b18
[  550.197200][T28925]  </TASK>
[  550.612903][T28937] 9pnet_fd: Insufficient options for proto=fd
[  550.690314][ T5061] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  550.704815][ T5061] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  550.728015][ T5061] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  550.740990][T28953] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7010'.
[  550.763092][ T5061] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  550.811683][T28960] SELinux: security_context_str_to_sid () failed with errno=-22
[  551.147847][T28978] lo speed is unknown, defaulting to 1000
[  551.153666][T28978] lo speed is unknown, defaulting to 1000
[  551.159653][T28978] lo speed is unknown, defaulting to 1000
[  551.166306][T28978] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  551.177106][T28978] lo speed is unknown, defaulting to 1000
[  551.183191][T28978] lo speed is unknown, defaulting to 1000
[  551.189335][T28978] lo speed is unknown, defaulting to 1000
[  551.195278][T28978] lo speed is unknown, defaulting to 1000
[  551.201503][T28978] lo speed is unknown, defaulting to 1000
[  551.207598][T28978] lo speed is unknown, defaulting to 1000
[  551.213674][T28978] lo speed is unknown, defaulting to 1000
[  551.329002][T28973] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(10)
[  551.335666][T28973] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  551.343163][T28973] vhci_hcd vhci_hcd.0: Device attached
[  551.553274][T10301] vhci_hcd: vhci_device speed not set
[  551.565736][T10300] net_ratelimit: 6 callbacks suppressed
[  551.565754][T10300] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  551.606278][T29019] lo speed is unknown, defaulting to 1000
[  551.637076][T10301] usb 11-1: new full-speed USB device number 2 using vhci_hcd
[  551.655310][T29019] netlink: 'syz.2.7020': attribute type 6 has an invalid length.
[  551.867281][T10287] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  552.050136][T29081] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7029'.
[  552.078741][T29081] vhci_hcd: invalid port number 96
[  552.084095][T29081] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  552.117325][T29013] vhci_hcd: connection reset by peer
[  552.129328][T22120] vhci_hcd: stop threads
[  552.133624][T22120] vhci_hcd: release socket
[  552.138134][T22120] vhci_hcd: disconnect device
[  552.253554][T29095] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=29095 comm=syz.4.7033
[  552.281872][T29095] netlink: 104 bytes leftover after parsing attributes in process `syz.4.7033'.
[  552.418112][T29107] loop5: detected capacity change from 0 to 2048
[  552.488352][T29107] Alternate GPT is invalid, using primary GPT.
[  552.494867][T29107]  loop5: p2 p3 p7
[  552.589983][T10297] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  552.996529][T29144] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=29144 comm=syz.1.7046
[  553.011445][T29144] netlink: 104 bytes leftover after parsing attributes in process `syz.1.7046'.
[  553.099331][T29155] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  553.180021][T29155] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  553.240634][T29155] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  553.284132][   T29] kauditd_printk_skb: 656 callbacks suppressed
[  553.284147][   T29] audit: type=1326 audit(2000000125.617:25788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29141 comm="syz.0.7045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe9d5095b27 code=0x7ffc0000
[  553.318965][   T29] audit: type=1326 audit(2000000125.647:25789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29141 comm="syz.0.7045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe9d503ad69 code=0x7ffc0000
[  553.343442][   T29] audit: type=1326 audit(2000000125.647:25790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29141 comm="syz.0.7045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe9d5095b27 code=0x7ffc0000
[  553.367868][   T29] audit: type=1326 audit(2000000125.647:25791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29141 comm="syz.0.7045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe9d503ad69 code=0x7ffc0000
[  553.392256][   T29] audit: type=1326 audit(2000000125.647:25792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29141 comm="syz.0.7045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fe9d509eb69 code=0x7ffc0000
[  553.417928][   T29] audit: type=1326 audit(2000000125.747:25793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29141 comm="syz.0.7045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe9d5095b27 code=0x7ffc0000
[  553.419069][T29155] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  553.442395][   T29] audit: type=1326 audit(2000000125.747:25794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29141 comm="syz.0.7045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe9d503ad69 code=0x7ffc0000
[  553.476121][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  553.484796][   T29] audit: type=1326 audit(2000000125.747:25795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29141 comm="syz.0.7045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fe9d509eb69 code=0x7ffc0000
[  553.509065][   T29] audit: type=1326 audit(2000000125.747:25796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29141 comm="syz.0.7045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe9d5095b27 code=0x7ffc0000
[  553.533516][   T29] audit: type=1326 audit(2000000125.747:25797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29141 comm="syz.0.7045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe9d503ad69 code=0x7ffc0000
[  553.609424][T22121] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  553.630439][ T1035] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  553.643880][ T5019] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  553.666688][ T5019] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  553.675759][ T5019] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  554.005812][T22121] bridge_slave_1: left allmulticast mode
[  554.011731][T22121] bridge_slave_1: left promiscuous mode
[  554.017762][T22121] bridge0: port 2(bridge_slave_1) entered disabled state
[  554.046826][T22121] bridge_slave_0: left allmulticast mode
[  554.052670][T22121] bridge_slave_0: left promiscuous mode
[  554.058390][T22121] bridge0: port 1(bridge_slave_0) entered disabled state
[  554.218696][T22121] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  554.259780][T22121] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  554.289385][T22121] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  554.319513][T22121] bond0 (unregistering): Released all slaves
[  554.382295][T22121] hsr_slave_0: left promiscuous mode
[  554.398647][T22121] hsr_slave_1: left promiscuous mode
[  554.404523][T22121] batman_adv: batadv0: Removing interface: batadv_slave_0
[  554.422391][T22121] batman_adv: batadv0: Removing interface: batadv_slave_1
[  554.550564][T22121] team0 (unregistering): Port device team_slave_1 removed
[  554.572062][T22121] team0 (unregistering): Port device team_slave_0 removed
[  554.672493][T10297] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  554.691337][T29229] infiniband srz1: RDMA CMA: cma_listen_on_dev, error -98
[  554.747208][T29245] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=29245 comm=syz.4.7058
[  554.780847][T29245] netlink: 104 bytes leftover after parsing attributes in process `syz.4.7058'.
[  554.834987][T29176] chnl_net:caif_netlink_parms(): no params data found
[  554.909358][T10287] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  555.029605][T29371] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7062'.
[  555.053012][T29176] bridge0: port 1(bridge_slave_0) entered blocking state
[  555.060171][T29176] bridge0: port 1(bridge_slave_0) entered disabled state
[  555.068556][T29176] bridge_slave_0: entered allmulticast mode
[  555.077394][T29176] bridge_slave_0: entered promiscuous mode
[  555.085396][T29176] bridge0: port 2(bridge_slave_1) entered blocking state
[  555.092612][T29176] bridge0: port 2(bridge_slave_1) entered disabled state
[  555.100108][T29176] bridge_slave_1: entered allmulticast mode
[  555.117362][T29176] bridge_slave_1: entered promiscuous mode
[  555.150582][T29176] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  555.167014][T29408] loop4: detected capacity change from 0 to 512
[  555.171626][T29176] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  555.206385][T29176] team0: Port device team_slave_0 added
[  555.213356][T29176] team0: Port device team_slave_1 added
[  555.223949][T29408] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7062: Failed to acquire dquot type 1
[  555.247696][T29442] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  555.268934][T29408] EXT4-fs (loop4): 1 truncate cleaned up
[  555.276433][T29176] batman_adv: batadv0: Adding interface: batadv_slave_0
[  555.283479][T29176] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  555.309455][T29176] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  555.339304][T29408] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  555.358777][T29442] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  555.381844][T29408] ext4 filesystem being mounted at /178/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  555.383270][T29176] batman_adv: batadv0: Adding interface: batadv_slave_1
[  555.400018][T29176] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  555.426800][T29176] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  555.437889][T10287] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  555.495930][T29442] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  555.543201][T29176] hsr_slave_0: entered promiscuous mode
[  555.551677][T29176] hsr_slave_1: entered promiscuous mode
[  555.571755][T29442] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  555.661142][T29176] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  555.681153][T29176] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  555.690481][T29443] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set
[  555.716066][   T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  555.733773][T29176] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  555.757433][T29176] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  555.797732][T29176] bridge0: port 2(bridge_slave_1) entered blocking state
[  555.804864][T29176] bridge0: port 2(bridge_slave_1) entered forwarding state
[  555.812229][T29176] bridge0: port 1(bridge_slave_0) entered blocking state
[  555.819327][T29176] bridge0: port 1(bridge_slave_0) entered forwarding state
[  555.864482][T29176] 8021q: adding VLAN 0 to HW filter on device bond0
[  555.873919][T25779] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  555.878097][T29176] 8021q: adding VLAN 0 to HW filter on device team0
[  555.952940][ T5032] bridge0: port 2(bridge_slave_1) entered disabled state
[  555.975096][T22123] bridge0: port 2(bridge_slave_1) entered blocking state
[  555.982388][T22123] bridge0: port 2(bridge_slave_1) entered forwarding state
[  556.032298][ T3397] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  556.066367][T29176] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  556.077242][T29176] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  556.177958][T29176] 8021q: adding VLAN 0 to HW filter on device batadv0
[  556.441929][T29176] veth0_vlan: entered promiscuous mode
[  556.454822][T29176] veth1_vlan: entered promiscuous mode
[  556.487725][T29176] veth0_macvtap: entered promiscuous mode
[  556.505186][T29176] veth1_macvtap: entered promiscuous mode
[  556.537269][T29176] batman_adv: batadv0: Interface activated: batadv_slave_0
[  556.553295][T29176] batman_adv: batadv0: Interface activated: batadv_slave_1
[  556.572712][T22123] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  556.601937][T29653] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  556.609721][T29653] batman_adv: batadv0: Removing interface: batadv_slave_0
[  556.620175][T29653] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  556.627816][T29653] batman_adv: batadv0: Removing interface: batadv_slave_1
[  556.636010][T29666] FAULT_INJECTION: forcing a failure.
[  556.636010][T29666] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  556.649165][T29666] CPU: 1 UID: 0 PID: 29666 Comm: syz.5.7088 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  556.649281][T29666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  556.649297][T29666] Call Trace:
[  556.649306][T29666]  <TASK>
[  556.649315][T29666]  __dump_stack+0x1d/0x30
[  556.649343][T29666]  dump_stack_lvl+0xe8/0x140
[  556.649369][T29666]  dump_stack+0x15/0x1b
[  556.649390][T29666]  should_fail_ex+0x265/0x280
[  556.649515][T29666]  should_fail+0xb/0x20
[  556.649553][T29666]  should_fail_usercopy+0x1a/0x20
[  556.649623][T29666]  strncpy_from_user+0x25/0x230
[  556.649659][T29666]  ? kmem_cache_alloc_noprof+0x186/0x310
[  556.649695][T29666]  ? getname_flags+0x80/0x3b0
[  556.649788][T29666]  getname_flags+0xae/0x3b0
[  556.649822][T29666]  __x64_sys_symlinkat+0x40/0x70
[  556.649852][T29666]  x64_sys_call+0x293d/0x2ff0
[  556.649881][T29666]  do_syscall_64+0xd2/0x200
[  556.649912][T29666]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  556.649993][T29666]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  556.650015][T29666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.650044][T29666] RIP: 0033:0x7f0259deeb69
[  556.650065][T29666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  556.650087][T29666] RSP: 002b:00007f0258457038 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[  556.650148][T29666] RAX: ffffffffffffffda RBX: 00007f025a015fa0 RCX: 00007f0259deeb69
[  556.650161][T29666] RDX: 00002000000003c0 RSI: 0000000000000006 RDI: 0000200000001400
[  556.650174][T29666] RBP: 00007f0258457090 R08: 0000000000000000 R09: 0000000000000000
[  556.650189][T29666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  556.650203][T29666] R13: 0000000000000000 R14: 00007f025a015fa0 R15: 00007ffdba95d498
[  556.650224][T29666]  </TASK>
[  556.837017][T10301] usb 11-1: enqueue for inactive port 0
[  556.847686][T10301] usb 11-1: enqueue for inactive port 0
[  556.911613][T22123] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  556.921251][T10301] vhci_hcd: vhci_device speed not set
[  556.936109][T22123] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  556.945137][T22123] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  557.004154][T29678] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7092'.
[  557.019093][T29680] lo speed is unknown, defaulting to 1000
[  557.026228][T29680] lo speed is unknown, defaulting to 1000
[  557.032477][T29680] lo speed is unknown, defaulting to 1000
[  557.035329][T29682] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=29682 comm=syz.0.7093
[  557.052986][T29682] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7093'.
[  557.066354][T29676] loop5: detected capacity change from 0 to 128
[  557.083910][T29684] loop4: detected capacity change from 0 to 512
[  557.087924][T29680] infiniband s
z1: set active
[  557.095414][T29680] infiniband s
z1: added lo
[  557.102999][T10291] lo speed is unknown, defaulting to 1000
[  557.111475][T29676] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  557.125686][T29676] ext4 filesystem being mounted at /171/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  557.137934][T29684] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7092: Failed to acquire dquot type 1
[  557.153324][T29684] EXT4-fs (loop4): 1 truncate cleaned up
[  557.160260][T29680] RDS/IB: s
z1: added
[  557.162033][T29684] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  557.164995][T29680] smc: adding ib device s
z1 with port count 1
[  557.177617][T29684] ext4 filesystem being mounted at /186/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  557.196199][T29680] smc:    ib device s
z1 port 1 has pnetid 
[  557.202722][T10291] lo speed is unknown, defaulting to 1000
[  557.209146][T29680] lo speed is unknown, defaulting to 1000
[  557.256197][T29680] lo speed is unknown, defaulting to 1000
[  557.289030][T25209] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  557.333464][T29680] lo speed is unknown, defaulting to 1000
[  557.396445][T29680] lo speed is unknown, defaulting to 1000
[  557.446363][T29680] lo speed is unknown, defaulting to 1000
[  557.494047][T29680] lo speed is unknown, defaulting to 1000
[  557.510209][T22121] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  557.547568][T22121] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  557.568373][T22121] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  557.600390][T22121] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  557.626721][T29741] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=29741 comm=syz.1.7104
[  557.644664][T29741] netlink: 104 bytes leftover after parsing attributes in process `syz.1.7104'.
[  557.650203][ T3405] net_ratelimit: 29 callbacks suppressed
[  557.650222][ T3405] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  557.784335][T29758] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  557.795918][T29758] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  557.805034][T29758] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  557.815260][T29758] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  557.824340][T29758] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  557.833211][T29758] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  557.880544][T25779] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  557.892161][T29758] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  557.921585][T29758] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  557.929913][T29758] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  558.039993][T29778] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  558.103928][T29778] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  558.154348][T29778] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  558.223362][T29778] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  558.350745][T22123] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  558.364261][   T29] kauditd_printk_skb: 360 callbacks suppressed
[  558.364280][   T29] audit: type=1326 audit(2000000130.704:26154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29801 comm="syz.5.7122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  558.394263][   T29] audit: type=1326 audit(2000000130.704:26155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29801 comm="syz.5.7122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  558.478168][T22123] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  558.488100][T22123] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  558.531686][T22123] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  558.564143][   T29] audit: type=1326 audit(2000000130.754:26156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29801 comm="syz.5.7122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  558.587977][   T29] audit: type=1326 audit(2000000130.754:26157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29801 comm="syz.5.7122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  558.611788][   T29] audit: type=1326 audit(2000000130.754:26158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29801 comm="syz.5.7122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  558.635458][   T29] audit: type=1326 audit(2000000130.754:26159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29801 comm="syz.5.7122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  558.659091][   T29] audit: type=1326 audit(2000000130.754:26160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29801 comm="syz.5.7122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  558.682758][   T29] audit: type=1326 audit(2000000130.754:26161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29801 comm="syz.5.7122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  558.706497][   T29] audit: type=1326 audit(2000000130.754:26162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29801 comm="syz.5.7122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  558.730229][   T29] audit: type=1326 audit(2000000130.754:26163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29801 comm="syz.5.7122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0259deeb69 code=0x7ffc0000
[  558.854320][T29821] loop5: detected capacity change from 0 to 1024
[  558.887003][T29821] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  559.036810][T29821] EXT4-fs error (device loop5): ext4_generic_delete_entry:2668: inode #12: block 7: comm syz.5.7126: bad entry in directory: inode out of bounds - offset=0, inode=150994957, rec_len=16, size=56 fake=0
[  559.087375][T29821] EXT4-fs error (device loop5) in ext4_delete_inline_entry:1687: Corrupt filesystem
[  559.274904][T25209] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  559.380251][T29848] lo speed is unknown, defaulting to 1000
[  560.374519][T29910] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=29910 comm=syz.5.7144
[  560.396623][T29910] netlink: 104 bytes leftover after parsing attributes in process `syz.5.7144'.
[  560.476936][T29920] netlink: 288 bytes leftover after parsing attributes in process `syz.1.7148'.
[  560.594076][T29933] netlink: 'syz.1.7153': attribute type 10 has an invalid length.
[  560.602591][T29933] netlink: 40 bytes leftover after parsing attributes in process `syz.1.7153'.
[  560.797731][T29948] loop6: detected capacity change from 0 to 512
[  560.821456][T29948] EXT4-fs (loop6): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  560.839748][T29948] atomic_op ffff888138351128 conn xmit_atomic 0000000000000000
[  560.885744][T29948] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7159: Failed to acquire dquot type 0
[  560.906777][T29948] EXT4-fs warning (device loop6): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix.
[  560.935378][T29176] EXT4-fs error (device loop6): ext4_readdir:264: inode #2: block 3: comm syz-executor: path /13/file0: bad entry in directory: rec_len is too small for name_len - offset=24, inode=11, rec_len=20, size=4096 fake=0
[  561.114911][T29960] FAULT_INJECTION: forcing a failure.
[  561.114911][T29960] name failslab, interval 1, probability 0, space 0, times 0
[  561.127858][T29960] CPU: 1 UID: 0 PID: 29960 Comm: syz.5.7161 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  561.127896][T29960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  561.127988][T29960] Call Trace:
[  561.127998][T29960]  <TASK>
[  561.128008][T29960]  __dump_stack+0x1d/0x30
[  561.128036][T29960]  dump_stack_lvl+0xe8/0x140
[  561.128102][T29960]  dump_stack+0x15/0x1b
[  561.128125][T29960]  should_fail_ex+0x265/0x280
[  561.128166][T29960]  should_failslab+0x8c/0xb0
[  561.128197][T29960]  kmem_cache_alloc_noprof+0x50/0x310
[  561.128254][T29960]  ? vm_area_alloc+0x2c/0xb0
[  561.128357][T29960]  vm_area_alloc+0x2c/0xb0
[  561.128460][T29960]  create_init_stack_vma+0x28/0x390
[  561.128497][T29960]  alloc_bprm+0x2b9/0x350
[  561.128523][T29960]  do_execveat_common+0x12e/0x750
[  561.128568][T29960]  ? getname_flags+0x154/0x3b0
[  561.128604][T29960]  __x64_sys_execveat+0x73/0x90
[  561.128631][T29960]  x64_sys_call+0x1fec/0x2ff0
[  561.128659][T29960]  do_syscall_64+0xd2/0x200
[  561.128719][T29960]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  561.128748][T29960]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  561.128775][T29960]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.128815][T29960] RIP: 0033:0x7f0259deeb69
[  561.128833][T29960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  561.128899][T29960] RSP: 002b:00007f0258457038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  561.128924][T29960] RAX: ffffffffffffffda RBX: 00007f025a015fa0 RCX: 00007f0259deeb69
[  561.128963][T29960] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  561.128980][T29960] RBP: 00007f0258457090 R08: 0000000000000000 R09: 0000000000000000
[  561.128995][T29960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  561.129065][T29960] R13: 0000000000000000 R14: 00007f025a015fa0 R15: 00007ffdba95d498
[  561.129089][T29960]  </TASK>
[  561.353984][T22120] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.404279][T29967] FAULT_INJECTION: forcing a failure.
[  561.404279][T29967] name failslab, interval 1, probability 0, space 0, times 0
[  561.416986][T29967] CPU: 1 UID: 0 PID: 29967 Comm: syz.4.7166 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  561.417090][T29967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  561.417107][T29967] Call Trace:
[  561.417116][T29967]  <TASK>
[  561.417126][T29967]  __dump_stack+0x1d/0x30
[  561.417154][T29967]  dump_stack_lvl+0xe8/0x140
[  561.417180][T29967]  dump_stack+0x15/0x1b
[  561.417248][T29967]  should_fail_ex+0x265/0x280
[  561.417291][T29967]  ? selinux_bpf_prog_load+0x36/0xf0
[  561.417378][T29967]  should_failslab+0x8c/0xb0
[  561.417411][T29967]  __kmalloc_cache_noprof+0x4c/0x320
[  561.417530][T29967]  selinux_bpf_prog_load+0x36/0xf0
[  561.417563][T29967]  security_bpf_prog_load+0x54/0xa0
[  561.417601][T29967]  bpf_prog_load+0xe6b/0x1070
[  561.417638][T29967]  ? security_bpf+0x2b/0x90
[  561.417695][T29967]  __sys_bpf+0x462/0x7b0
[  561.417785][T29967]  __x64_sys_bpf+0x41/0x50
[  561.417809][T29967]  x64_sys_call+0x2aea/0x2ff0
[  561.417831][T29967]  do_syscall_64+0xd2/0x200
[  561.417879][T29967]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  561.417903][T29967]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  561.417924][T29967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.417952][T29967] RIP: 0033:0x7f409bbbeb69
[  561.417971][T29967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  561.418013][T29967] RSP: 002b:00007f409a227038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  561.418086][T29967] RAX: ffffffffffffffda RBX: 00007f409bde5fa0 RCX: 00007f409bbbeb69
[  561.418103][T29967] RDX: 0000000000000094 RSI: 0000200000000380 RDI: 0000000000000005
[  561.418118][T29967] RBP: 00007f409a227090 R08: 0000000000000000 R09: 0000000000000000
[  561.418135][T29967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  561.418151][T29967] R13: 0000000000000000 R14: 00007f409bde5fa0 R15: 00007ffc19a40b18
[  561.418175][T29967]  </TASK>
[  561.638884][T22120] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.652524][T29979] loop5: detected capacity change from 0 to 2048
[  561.669153][T29968] lo speed is unknown, defaulting to 1000
[  561.704636][T22120] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.717403][T29979]  loop5: p1 < > p4
[  561.723448][T29979] loop5: p4 start 42180 is beyond EOD, truncated
[  561.781404][T22120] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.814708][T30005] loop4: detected capacity change from 0 to 164
[  561.824230][T30005] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  561.840562][T30005] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  561.903194][T22120] bridge_slave_1: left allmulticast mode
[  561.908904][T22120] bridge_slave_1: left promiscuous mode
[  561.914648][T22120] bridge0: port 2(bridge_slave_1) entered disabled state
[  561.933720][T22120] bridge_slave_0: left allmulticast mode
[  561.939424][T22120] bridge_slave_0: left promiscuous mode
[  561.945276][T22120] bridge0: port 1(bridge_slave_0) entered disabled state
[  562.066297][T22120] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  562.083984][T22120] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  562.099023][T22120] bond0 (unregistering): Released all slaves
[  562.139235][T29968] chnl_net:caif_netlink_parms(): no params data found
[  562.233115][T29968] bridge0: port 1(bridge_slave_0) entered blocking state
[  562.239561][T30178] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7179'.
[  562.240605][T29968] bridge0: port 1(bridge_slave_0) entered disabled state
[  562.262202][T29968] bridge_slave_0: entered allmulticast mode
[  562.269881][T29968] bridge_slave_0: entered promiscuous mode
[  562.284588][T22120] hsr_slave_0: left promiscuous mode
[  562.286695][T30184] loop5: detected capacity change from 0 to 128
[  562.300467][T22120] hsr_slave_1: left promiscuous mode
[  562.306379][T30184] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  562.318938][T22120] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  562.326425][T22120] batman_adv: batadv0: Removing interface: batadv_slave_0
[  562.345710][T22120] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  562.353259][T22120] batman_adv: batadv0: Removing interface: batadv_slave_1
[  562.361830][T30184] ext4 filesystem being mounted at /188/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  562.378505][T22120] veth1_macvtap: left promiscuous mode
[  562.384144][T30184] EXT4-fs warning (device loop5): ext4_dirblock_csum_verify:375: inode #2: comm syz.5.7180: No space for directory leaf checksum. Please run e2fsck -D.
[  562.399500][T30184] EXT4-fs error (device loop5): __ext4_find_entry:1626: inode #2: comm syz.5.7180: checksumming directory block 0
[  562.411623][T22120] veth0_macvtap: left promiscuous mode
[  562.417311][T22120] veth1_vlan: left promiscuous mode
[  562.422774][T22120] veth0_vlan: left promiscuous mode
[  562.492815][T30189] EXT4-fs warning (device loop5): ext4_dirblock_csum_verify:375: inode #2: comm syz.5.7180: No space for directory leaf checksum. Please run e2fsck -D.
[  562.508293][T30189] EXT4-fs error (device loop5): __ext4_find_entry:1626: inode #2: comm syz.5.7180: checksumming directory block 0
[  562.550444][T22120] team0 (unregistering): Port device team_slave_1 removed
[  562.561784][T22120] team0 (unregistering): Port device team_slave_0 removed
[  562.597524][T22121] smc: removing ib device s
z1
[  562.603650][T29968] bridge0: port 2(bridge_slave_1) entered blocking state
[  562.610985][T29968] bridge0: port 2(bridge_slave_1) entered disabled state
[  562.619944][T29968] bridge_slave_1: entered allmulticast mode
[  562.627444][T29968] bridge_slave_1: entered promiscuous mode
[  562.634567][ T3397] lo speed is unknown, defaulting to 1000
[  562.640537][ T3397] s
z1: Port: 1 Link DOWN
[  562.687605][T29968] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  562.699102][T29968] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  562.739857][T29968] team0: Port device team_slave_0 added
[  562.747544][T29968] team0: Port device team_slave_1 added
[  562.778610][T29968] batman_adv: batadv0: Adding interface: batadv_slave_0
[  562.785749][T29968] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  562.811684][T29968] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  562.831478][T29968] batman_adv: batadv0: Adding interface: batadv_slave_1
[  562.838522][T29968] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  562.864574][T29968] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  562.902744][T29968] hsr_slave_0: entered promiscuous mode
[  562.908879][T29968] hsr_slave_1: entered promiscuous mode
[  563.018092][T29968] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  563.027731][T29968] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  563.037276][T29968] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  563.046340][T29968] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  563.104000][T29968] 8021q: adding VLAN 0 to HW filter on device bond0
[  563.120590][T29968] 8021q: adding VLAN 0 to HW filter on device team0
[  563.190820][ T5032] bridge0: port 1(bridge_slave_0) entered blocking state
[  563.195270][T10301] net_ratelimit: 194 callbacks suppressed
[  563.195311][T10301] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  563.198283][ T5032] bridge0: port 1(bridge_slave_0) entered forwarding state
[  563.223536][T25209] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  563.236902][ T5032] bridge0: port 2(bridge_slave_1) entered blocking state
[  563.244190][ T5032] bridge0: port 2(bridge_slave_1) entered forwarding state
[  563.316873][T29968] 8021q: adding VLAN 0 to HW filter on device batadv0
[  563.919749][   T29] kauditd_printk_skb: 571 callbacks suppressed
[  563.919778][   T29] audit: type=1326 audit(2000000136.251:26733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30437 comm="syz.1.7190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  563.969489][   T29] audit: type=1326 audit(2000000136.291:26734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30437 comm="syz.1.7190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  563.993176][   T29] audit: type=1326 audit(2000000136.301:26735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30437 comm="syz.1.7190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  564.016872][   T29] audit: type=1326 audit(2000000136.301:26736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30437 comm="syz.1.7190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  564.047722][   T29] audit: type=1326 audit(2000000136.381:26737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30437 comm="syz.1.7190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  564.072558][ T3397] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  564.085436][   T29] audit: type=1326 audit(2000000136.421:26738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30437 comm="syz.1.7190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  564.167336][T29968] veth0_vlan: entered promiscuous mode
[  564.174232][   T29] audit: type=1326 audit(2000000136.421:26739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30437 comm="syz.1.7190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  564.178292][T29968] veth1_vlan: entered promiscuous mode
[  564.198860][   T29] audit: type=1326 audit(2000000136.451:26740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30448 comm="syz.0.7191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9d509eb69 code=0x7ffc0000
[  564.228164][   T29] audit: type=1326 audit(2000000136.471:26741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30448 comm="syz.0.7191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fe9d509eb69 code=0x7ffc0000
[  564.241576][T29968] veth0_macvtap: entered promiscuous mode
[  564.252735][   T29] audit: type=1326 audit(2000000136.471:26742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30448 comm="syz.0.7191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9d509eb69 code=0x7ffc0000
[  564.284795][T10300] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  564.311176][T29968] veth1_macvtap: entered promiscuous mode
[  564.386205][T29968] batman_adv: batadv0: Interface activated: batadv_slave_0
[  564.395310][T29968] batman_adv: batadv0: Interface activated: batadv_slave_1
[  564.431953][T22121] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  564.469426][T22121] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  564.509527][T22121] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  564.521251][T30474] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  564.529473][T30474] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  564.544184][T22121] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  564.557375][T30474] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  564.579880][T30481] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  564.593425][T30481] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  564.602917][T30473] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  564.679870][T30489] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7204'.
[  564.694905][T30491] FAULT_INJECTION: forcing a failure.
[  564.694905][T30491] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  564.708285][T30491] CPU: 1 UID: 0 PID: 30491 Comm: syz.7.7205 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  564.708317][T30491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  564.708329][T30491] Call Trace:
[  564.708335][T30491]  <TASK>
[  564.708343][T30491]  __dump_stack+0x1d/0x30
[  564.708440][T30491]  dump_stack_lvl+0xe8/0x140
[  564.708459][T30491]  dump_stack+0x15/0x1b
[  564.708479][T30491]  should_fail_ex+0x265/0x280
[  564.708571][T30491]  should_fail_alloc_page+0xf2/0x100
[  564.708687][T30491]  __alloc_frozen_pages_noprof+0xff/0x360
[  564.708735][T30491]  alloc_pages_bulk_noprof+0x4b8/0x540
[  564.708777][T30491]  ? __kmalloc_noprof+0x1dd/0x3e0
[  564.708857][T30491]  ? copy_splice_read+0xc2/0x5f0
[  564.708901][T30491]  copy_splice_read+0xf3/0x5f0
[  564.708979][T30491]  ? __pfx_copy_splice_read+0x10/0x10
[  564.709073][T30491]  splice_direct_to_actor+0x26f/0x680
[  564.709110][T30491]  ? __pfx_direct_splice_actor+0x10/0x10
[  564.709136][T30491]  do_splice_direct+0xda/0x150
[  564.709200][T30491]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  564.709233][T30491]  do_sendfile+0x380/0x650
[  564.709274][T30491]  __x64_sys_sendfile64+0x105/0x150
[  564.709311][T30491]  x64_sys_call+0x2bb0/0x2ff0
[  564.709466][T30491]  do_syscall_64+0xd2/0x200
[  564.709495][T30491]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  564.709524][T30491]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  564.709627][T30491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  564.709655][T30491] RIP: 0033:0x7fb629a6eb69
[  564.709670][T30491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  564.709765][T30491] RSP: 002b:00007fb6280cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  564.709785][T30491] RAX: ffffffffffffffda RBX: 00007fb629c95fa0 RCX: 00007fb629a6eb69
[  564.709798][T30491] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[  564.709816][T30491] RBP: 00007fb6280cf090 R08: 0000000000000000 R09: 0000000000000000
[  564.709840][T30491] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  564.709856][T30491] R13: 0000000000000000 R14: 00007fb629c95fa0 R15: 00007ffcaddc0168
[  564.709880][T30491]  </TASK>
[  565.009012][T30502] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7210'.
[  565.098001][T30503] loop5: detected capacity change from 0 to 512
[  565.116478][T30503] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.7210: Failed to acquire dquot type 1
[  565.129660][T30503] EXT4-fs (loop5): 1 truncate cleaned up
[  565.136622][T30503] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  565.150402][T30503] ext4 filesystem being mounted at /193/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  565.289622][T30513] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7212'.
[  565.299258][T30513] netlink: 32 bytes leftover after parsing attributes in process `syz.7.7212'.
[  565.323994][T10300] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  565.889747][T25209] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  566.004091][T30557] veth1_vlan: entered allmulticast mode
[  566.035110][T30562] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=30562 comm=syz.0.7228
[  566.047940][T30562] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7228'.
[  566.307091][T30583] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7236'.
[  566.439398][T30589] FAULT_INJECTION: forcing a failure.
[  566.439398][T30589] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  566.453116][T30589] CPU: 0 UID: 0 PID: 30589 Comm: syz.7.7238 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  566.453153][T30589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  566.453169][T30589] Call Trace:
[  566.453177][T30589]  <TASK>
[  566.453185][T30589]  __dump_stack+0x1d/0x30
[  566.453210][T30589]  dump_stack_lvl+0xe8/0x140
[  566.453234][T30589]  dump_stack+0x15/0x1b
[  566.453320][T30589]  should_fail_ex+0x265/0x280
[  566.453358][T30589]  should_fail+0xb/0x20
[  566.453386][T30589]  should_fail_usercopy+0x1a/0x20
[  566.453404][T30589]  _copy_from_user+0x1c/0xb0
[  566.453538][T30589]  ___sys_sendmsg+0xc1/0x1d0
[  566.453595][T30589]  __x64_sys_sendmsg+0xd4/0x160
[  566.453683][T30589]  x64_sys_call+0x191e/0x2ff0
[  566.453781][T30589]  do_syscall_64+0xd2/0x200
[  566.453808][T30589]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  566.453885][T30589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.453910][T30589] RIP: 0033:0x7fb629a6eb69
[  566.453929][T30589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  566.453958][T30589] RSP: 002b:00007fb6280cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  566.454018][T30589] RAX: ffffffffffffffda RBX: 00007fb629c95fa0 RCX: 00007fb629a6eb69
[  566.454040][T30589] RDX: 0000000000000850 RSI: 00002000000002c0 RDI: 0000000000000007
[  566.454071][T30589] RBP: 00007fb6280cf090 R08: 0000000000000000 R09: 0000000000000000
[  566.454117][T30589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  566.454132][T30589] R13: 0000000000000000 R14: 00007fb629c95fa0 R15: 00007ffcaddc0168
[  566.454156][T30589]  </TASK>
[  566.662274][T30592] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=30592 comm=syz.1.7240
[  566.675200][T30592] netlink: 104 bytes leftover after parsing attributes in process `syz.1.7240'.
[  566.727656][    C0] vcan0: j1939_tp_rxtimer: 0xffff88811a875200: rx timeout, send abort
[  566.734815][T30598] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  567.189252][    C0] vcan0: j1939_tp_rxtimer: 0xffff88811a874400: rx timeout, send abort
[  567.237770][    C0] vcan0: j1939_tp_rxtimer: 0xffff88811a875200: abort rx timeout. Force session deactivation
[  567.445407][T30621] loop7: detected capacity change from 0 to 8192
[  567.538209][T30632] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=30632 comm=syz.7.7252
[  567.551701][T30632] netlink: 104 bytes leftover after parsing attributes in process `syz.7.7252'.
[  567.602008][T30639] netlink: 76 bytes leftover after parsing attributes in process `syz.0.7254'.
[  567.698221][    C0] vcan0: j1939_tp_rxtimer: 0xffff88811a874400: abort rx timeout. Force session deactivation
[  567.913760][T30650] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7258'.
[  567.976620][T30652] FAULT_INJECTION: forcing a failure.
[  567.976620][T30652] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  567.989735][T30652] CPU: 1 UID: 0 PID: 30652 Comm: syz.5.7259 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  567.989772][T30652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  567.989789][T30652] Call Trace:
[  567.989798][T30652]  <TASK>
[  567.989809][T30652]  __dump_stack+0x1d/0x30
[  567.989837][T30652]  dump_stack_lvl+0xe8/0x140
[  567.989869][T30652]  dump_stack+0x15/0x1b
[  567.989888][T30652]  should_fail_ex+0x265/0x280
[  567.990071][T30652]  should_fail+0xb/0x20
[  567.990106][T30652]  should_fail_usercopy+0x1a/0x20
[  567.990126][T30652]  _copy_from_user+0x1c/0xb0
[  567.990159][T30652]  autofs_dev_ioctl+0xdd/0x6a0
[  567.990237][T30652]  ? __pfx_autofs_dev_ioctl+0x10/0x10
[  567.990266][T30652]  __se_sys_ioctl+0xcb/0x140
[  567.990324][T30652]  __x64_sys_ioctl+0x43/0x50
[  567.990375][T30652]  x64_sys_call+0x1816/0x2ff0
[  567.990402][T30652]  do_syscall_64+0xd2/0x200
[  567.990433][T30652]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  567.990527][T30652]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  567.990550][T30652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.990630][T30652] RIP: 0033:0x7f0259deeb69
[  567.990650][T30652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  567.990674][T30652] RSP: 002b:00007f0258457038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  567.990698][T30652] RAX: ffffffffffffffda RBX: 00007f025a015fa0 RCX: 00007f0259deeb69
[  567.990710][T30652] RDX: 0000200000000240 RSI: 00000000c0189374 RDI: 0000000000000005
[  567.990770][T30652] RBP: 00007f0258457090 R08: 0000000000000000 R09: 0000000000000000
[  567.990783][T30652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  567.990797][T30652] R13: 0000000000000000 R14: 00007f025a015fa0 R15: 00007ffdba95d498
[  567.990821][T30652]  </TASK>
[  567.992667][T30655] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=30655 comm=syz.7.7261
[  568.100499][T30659] netlink: 'syz.0.7260': attribute type 3 has an invalid length.
[  568.199514][T10300] net_ratelimit: 12 callbacks suppressed
[  568.199597][T10300] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  568.241152][T30661] netlink: 'syz.5.7262': attribute type 4 has an invalid length.
[  568.251361][T30661] FAULT_INJECTION: forcing a failure.
[  568.251361][T30661] name failslab, interval 1, probability 0, space 0, times 0
[  568.264195][T30661] CPU: 1 UID: 0 PID: 30661 Comm: syz.5.7262 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  568.264234][T30661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  568.264250][T30661] Call Trace:
[  568.264258][T30661]  <TASK>
[  568.264266][T30661]  __dump_stack+0x1d/0x30
[  568.264366][T30661]  dump_stack_lvl+0xe8/0x140
[  568.264391][T30661]  dump_stack+0x15/0x1b
[  568.264413][T30661]  should_fail_ex+0x265/0x280
[  568.264453][T30661]  should_failslab+0x8c/0xb0
[  568.264477][T30661]  kmem_cache_alloc_node_noprof+0x57/0x320
[  568.264526][T30661]  ? __alloc_skb+0x101/0x320
[  568.264555][T30661]  ? nlmsg_notify+0xcf/0x170
[  568.264645][T30661]  __alloc_skb+0x101/0x320
[  568.264672][T30661]  rtmsg_ifa+0xac/0x170
[  568.264704][T30661]  __inet_del_ifa+0x4d1/0x7f0
[  568.264763][T30661]  ? ip_mc_destroy_dev+0x26e/0x2d0
[  568.264794][T30661]  inetdev_event+0x658/0xc10
[  568.264834][T30661]  ? __pfx_ib_netdevice_event+0x10/0x10
[  568.264928][T30661]  ? ib_netdevice_event+0x186/0x5f0
[  568.264952][T30661]  ? __pfx_arp_netdev_event+0x10/0x10
[  568.264979][T30661]  ? __pfx_inetdev_event+0x10/0x10
[  568.265016][T30661]  raw_notifier_call_chain+0x6f/0x1b0
[  568.265118][T30661]  ? call_netdevice_notifiers_info+0x9c/0x100
[  568.265153][T30661]  call_netdevice_notifiers_info+0xae/0x100
[  568.265186][T30661]  netif_set_mtu_ext+0x356/0x470
[  568.265224][T30661]  do_setlink+0x751/0x2810
[  568.265254][T30661]  ? save_fpregs_to_fpstate+0x100/0x160
[  568.265351][T30661]  ? _raw_spin_unlock+0x26/0x50
[  568.265395][T30661]  ? finish_task_switch+0xad/0x2b0
[  568.265416][T30661]  ? __schedule+0x6b9/0xb30
[  568.265451][T30661]  rtnl_setlink+0x311/0x420
[  568.265526][T30661]  ? selinux_capable+0x31/0x40
[  568.265551][T30661]  ? security_capable+0x83/0x90
[  568.265571][T30661]  ? ns_capable+0x7d/0xb0
[  568.265629][T30661]  ? __pfx_rtnl_setlink+0x10/0x10
[  568.265659][T30661]  rtnetlink_rcv_msg+0x5fe/0x6d0
[  568.265693][T30661]  netlink_rcv_skb+0x120/0x220
[  568.265782][T30661]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  568.265879][T30661]  rtnetlink_rcv+0x1c/0x30
[  568.265900][T30661]  netlink_unicast+0x5c0/0x690
[  568.265941][T30661]  netlink_sendmsg+0x58b/0x6b0
[  568.265977][T30661]  ? __pfx_netlink_sendmsg+0x10/0x10
[  568.266016][T30661]  __sock_sendmsg+0x145/0x180
[  568.266094][T30661]  sock_write_iter+0x165/0x1b0
[  568.266157][T30661]  do_iter_readv_writev+0x421/0x4c0
[  568.266187][T30661]  vfs_writev+0x2df/0x8b0
[  568.266222][T30661]  do_writev+0xe7/0x210
[  568.266285][T30661]  __x64_sys_writev+0x45/0x50
[  568.266318][T30661]  x64_sys_call+0x1e9a/0x2ff0
[  568.266339][T30661]  do_syscall_64+0xd2/0x200
[  568.266396][T30661]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  568.266424][T30661]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  568.266522][T30661] RIP: 0033:0x7f0259deeb69
[  568.266539][T30661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  568.266557][T30661] RSP: 002b:00007f0258457038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  568.266575][T30661] RAX: ffffffffffffffda RBX: 00007f025a015fa0 RCX: 00007f0259deeb69
[  568.266591][T30661] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000004
[  568.266607][T30661] RBP: 00007f0258457090 R08: 0000000000000000 R09: 0000000000000000
[  568.266621][T30661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  568.266706][T30661] R13: 0000000000000000 R14: 00007f025a015fa0 R15: 00007ffdba95d498
[  568.266730][T30661]  </TASK>
[  568.766833][T30674] netlink: 132 bytes leftover after parsing attributes in process `syz.1.7266'.
[  568.799472][T30678] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7268'.
[  568.826553][T30680] 
: renamed from bond0 (while UP)
[  568.857952][T30682] netlink: 76 bytes leftover after parsing attributes in process `syz.1.7270'.
[  568.909205][T30686] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=30686 comm=syz.0.7272
[  568.927327][   T29] kauditd_printk_skb: 825 callbacks suppressed
[  568.927430][   T29] audit: type=1326 audit(2000000141.259:27566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30683 comm="syz.7.7271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb629a6eb69 code=0x7ffc0000
[  568.957919][T30689] loop4: detected capacity change from 0 to 512
[  568.976454][T30686] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7272'.
[  569.001565][T30689] Quota error (device loop4): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  569.002262][   T29] audit: type=1326 audit(2000000141.269:27567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30677 comm="syz.4.7268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f409bbbeb69 code=0x7ffc0000
[  569.012060][T30689] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  569.035277][   T29] audit: type=1326 audit(2000000141.269:27568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30677 comm="syz.4.7268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7f409bbbeb69 code=0x7ffc0000
[  569.035317][   T29] audit: type=1326 audit(2000000141.269:27569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30677 comm="syz.4.7268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f409bbbeb69 code=0x7ffc0000
[  569.035373][   T29] audit: type=1326 audit(2000000141.269:27570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30677 comm="syz.4.7268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f409bbbeb69 code=0x7ffc0000
[  569.035474][   T29] audit: type=1326 audit(2000000141.269:27571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30677 comm="syz.4.7268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f409bbbeb69 code=0x7ffc0000
[  569.035577][   T29] audit: type=1326 audit(2000000141.269:27572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30677 comm="syz.4.7268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f409bbbeb69 code=0x7ffc0000
[  569.035611][   T29] audit: type=1326 audit(2000000141.269:27573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30677 comm="syz.4.7268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f409bbbeb69 code=0x7ffc0000
[  569.192846][T30689] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7268: Failed to acquire dquot type 1
[  569.221382][T30689] EXT4-fs (loop4): 1 truncate cleaned up
[  569.228054][T30689] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  569.263107][T30689] ext4 filesystem being mounted at /202/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  569.278056][T30702] netlink: 'syz.5.7275': attribute type 10 has an invalid length.
[  569.291781][T30702] team0: Port device dummy0 added
[  569.670339][T25779] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  569.984363][T30730] veth1_macvtap: left promiscuous mode
[  570.742484][T30758] syz.0.7285 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=0
[  570.757522][T30758] CPU: 0 UID: 0 PID: 30758 Comm: syz.0.7285 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  570.757556][T30758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  570.757571][T30758] Call Trace:
[  570.757580][T30758]  <TASK>
[  570.757587][T30758]  __dump_stack+0x1d/0x30
[  570.757611][T30758]  dump_stack_lvl+0xe8/0x140
[  570.757635][T30758]  dump_stack+0x15/0x1b
[  570.757739][T30758]  dump_header+0x81/0x220
[  570.757772][T30758]  oom_kill_process+0x342/0x400
[  570.757870][T30758]  out_of_memory+0x979/0xb80
[  570.757938][T30758]  try_charge_memcg+0x5e6/0x9e0
[  570.757969][T30758]  obj_cgroup_charge_pages+0xa6/0x150
[  570.758003][T30758]  __memcg_kmem_charge_page+0x9f/0x170
[  570.758093][T30758]  __alloc_frozen_pages_noprof+0x188/0x360
[  570.758142][T30758]  alloc_pages_mpol+0xb3/0x250
[  570.758176][T30758]  alloc_pages_noprof+0x90/0x130
[  570.758210][T30758]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  570.758373][T30758]  __kvmalloc_node_noprof+0x30f/0x4e0
[  570.758418][T30758]  ? ip_set_alloc+0x1f/0x30
[  570.758446][T30758]  ? ip_set_alloc+0x1f/0x30
[  570.758473][T30758]  ? __kmalloc_cache_noprof+0x189/0x320
[  570.758548][T30758]  ip_set_alloc+0x1f/0x30
[  570.758576][T30758]  hash_netiface_create+0x282/0x740
[  570.758618][T30758]  ? __pfx_hash_netiface_create+0x10/0x10
[  570.758784][T30758]  ip_set_create+0x3cc/0x960
[  570.758825][T30758]  ? __nla_parse+0x40/0x60
[  570.758847][T30758]  nfnetlink_rcv_msg+0x4c6/0x590
[  570.758893][T30758]  netlink_rcv_skb+0x120/0x220
[  570.758995][T30758]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  570.759028][T30758]  nfnetlink_rcv+0x16b/0x1690
[  570.759055][T30758]  ? nlmon_xmit+0x4f/0x60
[  570.759078][T30758]  ? consume_skb+0x49/0x150
[  570.759173][T30758]  ? nlmon_xmit+0x4f/0x60
[  570.759196][T30758]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  570.759262][T30758]  ? __dev_queue_xmit+0x1200/0x2000
[  570.759372][T30758]  ? __dev_queue_xmit+0x182/0x2000
[  570.759479][T30758]  ? merge_sched_in+0x605/0xa60
[  570.759500][T30758]  ? ref_tracker_free+0x37d/0x3e0
[  570.759540][T30758]  ? __netlink_deliver_tap+0x4dc/0x500
[  570.759577][T30758]  netlink_unicast+0x5c0/0x690
[  570.759671][T30758]  netlink_sendmsg+0x58b/0x6b0
[  570.759717][T30758]  ? __pfx_netlink_sendmsg+0x10/0x10
[  570.759751][T30758]  __sock_sendmsg+0x145/0x180
[  570.759828][T30758]  ____sys_sendmsg+0x31e/0x4e0
[  570.759883][T30758]  ___sys_sendmsg+0x17b/0x1d0
[  570.759930][T30758]  __x64_sys_sendmsg+0xd4/0x160
[  570.760095][T30758]  x64_sys_call+0x191e/0x2ff0
[  570.760118][T30758]  do_syscall_64+0xd2/0x200
[  570.760142][T30758]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  570.760167][T30758]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  570.760217][T30758]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.760297][T30758] RIP: 0033:0x7fe9d509eb69
[  570.760313][T30758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  570.760333][T30758] RSP: 002b:00007fe9d3707038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  570.760354][T30758] RAX: ffffffffffffffda RBX: 00007fe9d52c5fa0 RCX: 00007fe9d509eb69
[  570.760439][T30758] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004
[  570.760452][T30758] RBP: 00007fe9d5121df1 R08: 0000000000000000 R09: 0000000000000000
[  570.760465][T30758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  570.760479][T30758] R13: 0000000000000000 R14: 00007fe9d52c5fa0 R15: 00007ffda96136e8
[  570.760498][T30758]  </TASK>
[  570.760610][T30758] memory: usage 307200kB, limit 307200kB, failcnt 3945
[  570.890353][T30777] FAULT_INJECTION: forcing a failure.
[  570.890353][T30777] name failslab, interval 1, probability 0, space 0, times 0
[  570.893873][T30758] memory+swap: usage 307384kB, limit 9007199254740988kB, failcnt 0
[  570.898305][T30777] CPU: 1 UID: 0 PID: 30777 Comm: syz.4.7290 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  570.898473][T30777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  570.898553][T30777] Call Trace:
[  570.898636][T30777]  <TASK>
[  570.898647][T30777]  __dump_stack+0x1d/0x30
[  570.898676][T30777]  dump_stack_lvl+0xe8/0x140
[  570.898703][T30777]  dump_stack+0x15/0x1b
[  570.898800][T30777]  should_fail_ex+0x265/0x280
[  570.898846][T30777]  should_failslab+0x8c/0xb0
[  570.898881][T30777]  kmem_cache_alloc_noprof+0x50/0x310
[  570.898990][T30777]  ? skb_clone+0x151/0x1f0
[  570.899016][T30777]  skb_clone+0x151/0x1f0
[  570.899127][T30777]  __netlink_deliver_tap+0x2c9/0x500
[  570.899175][T30777]  netlink_unicast+0x66b/0x690
[  570.899210][T30777]  netlink_sendmsg+0x58b/0x6b0
[  570.899273][T30777]  ? __pfx_netlink_sendmsg+0x10/0x10
[  570.899318][T30777]  __sock_sendmsg+0x145/0x180
[  570.899352][T30777]  ____sys_sendmsg+0x31e/0x4e0
[  570.899401][T30777]  ___sys_sendmsg+0x17b/0x1d0
[  570.899586][T30777]  __x64_sys_sendmsg+0xd4/0x160
[  570.899636][T30777]  x64_sys_call+0x191e/0x2ff0
[  570.899668][T30777]  do_syscall_64+0xd2/0x200
[  570.899769][T30777]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  570.899803][T30777]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  570.899833][T30777]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.899863][T30777] RIP: 0033:0x7f409bbbeb69
[  570.899974][T30777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  570.900001][T30777] RSP: 002b:00007f409a206038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  570.900028][T30777] RAX: ffffffffffffffda RBX: 00007f409bde6080 RCX: 00007f409bbbeb69
[  570.900046][T30777] RDX: 0000000000000840 RSI: 00002000000002c0 RDI: 000000000000000a
[  570.900064][T30777] RBP: 00007f409a206090 R08: 0000000000000000 R09: 0000000000000000
[  570.900086][T30777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  570.900118][T30777] R13: 0000000000000000 R14: 00007f409bde6080 R15: 00007ffc19a40b18
[  570.900143][T30777]  </TASK>
[  571.111218][T30779] loop7: detected capacity change from 0 to 128
[  571.117762][T30758] kmem: usage 307176kB, limit 9007199254740988kB, failcnt 0
[  571.260692][T30779] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  571.263548][T30758] Memory cgroup stats for 
[  571.277231][T30779] ext4 filesystem being mounted at /27/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  571.279946][T30758] /syz0
[  571.328531][T30779] EXT4-fs warning (device loop7): ext4_dirblock_csum_verify:375: inode #2: comm syz.7.7291: No space for directory leaf checksum. Please run e2fsck -D.
[  571.333655][T30758] :
[  571.339786][T30779] EXT4-fs error (device loop7): __ext4_find_entry:1626: inode #2: comm syz.7.7291: checksumming directory block 0
[  571.427833][T30758] cache 0
[  571.428313][T30787] EXT4-fs warning (device loop7): ext4_dirblock_csum_verify:375: inode #2: comm syz.7.7291: No space for directory leaf checksum. Please run e2fsck -D.
[  571.430946][T30758] rss 4096
[  571.446176][T30787] EXT4-fs error (device loop7): __ext4_find_entry:1626: inode #2: comm syz.7.7291: checksumming directory block 0
[  571.462226][T30758] shmem 0
[  571.465266][T30758] mapped_file 0
[  571.468924][T30758] dirty 0
[  571.472035][T30758] writeback 0
[  571.475465][T30758] workingset_refault_anon 1355
[  571.480455][T30758] workingset_refault_file 3074
[  571.485387][T30758] swap 188416
[  571.488849][T30758] swapcached 20480
[  571.492844][T30758] pgpgin 608052
[  571.496456][T30758] pgpgout 608046
[  571.500271][T30758] pgfault 569793
[  571.504032][T30758] pgmajfault 923
[  571.507747][T30758] inactive_anon 8192
[  571.511815][T30758] active_anon 12288
[  571.515858][T30758] inactive_file 0
[  571.519761][T30758] active_file 4096
[  571.523624][T30758] unevictable 0
[  571.527276][T30758] hierarchical_memory_limit 314572800
[  571.532858][T30758] hierarchical_memsw_limit 9223372036854771712
[  571.539330][T30758] total_cache 0
[  571.542945][T30758] total_rss 4096
[  571.546608][T30758] total_shmem 0
[  571.550282][T30758] total_mapped_file 0
[  571.554437][T30758] total_dirty 0
[  571.558110][T30758] total_writeback 0
[  571.562050][T30758] total_workingset_refault_anon 1355
[  571.567605][T30758] total_workingset_refault_file 3074
[  571.573123][T30758] total_swap 188416
[  571.577070][T30758] total_swapcached 20480
[  571.581559][T30758] total_pgpgin 608052
[  571.585685][T30758] total_pgpgout 608046
[  571.589953][T30758] total_pgfault 569793
[  571.594162][T30758] total_pgmajfault 923
[  571.598483][T30758] total_inactive_anon 8192
[  571.603156][T30758] total_active_anon 12288
[  571.607714][T30758] total_inactive_file 0
[  571.612042][T30758] total_active_file 4096
[  571.616457][T30758] total_unevictable 0
[  571.620613][T30758] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.7285,pid=30757,uid=0
[  571.635979][T30758] Memory cgroup out of memory: Killed process 30757 (syz.0.7285) total-vm:93764kB, anon-rss:944kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:0
[  571.952300][T29968] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  572.168961][T30808] FAULT_INJECTION: forcing a failure.
[  572.168961][T30808] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  572.182537][T30808] CPU: 0 UID: 0 PID: 30808 Comm: syz.4.7301 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  572.182577][T30808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  572.182664][T30808] Call Trace:
[  572.182672][T30808]  <TASK>
[  572.182681][T30808]  __dump_stack+0x1d/0x30
[  572.182728][T30808]  dump_stack_lvl+0xe8/0x140
[  572.182751][T30808]  dump_stack+0x15/0x1b
[  572.182767][T30808]  should_fail_ex+0x265/0x280
[  572.182817][T30808]  should_fail+0xb/0x20
[  572.182848][T30808]  should_fail_usercopy+0x1a/0x20
[  572.182969][T30808]  _copy_from_user+0x1c/0xb0
[  572.183002][T30808]  copy_clone_args_from_user+0x38d/0x490
[  572.183043][T30808]  __se_sys_clone3+0x6f/0x200
[  572.183110][T30808]  __x64_sys_clone3+0x31/0x40
[  572.183147][T30808]  x64_sys_call+0x1fc9/0x2ff0
[  572.183170][T30808]  do_syscall_64+0xd2/0x200
[  572.183200][T30808]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  572.183281][T30808]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  572.183301][T30808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  572.183382][T30808] RIP: 0033:0x7f409bbbeb69
[  572.183402][T30808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  572.183420][T30808] RSP: 002b:00007f409a226f08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  572.183441][T30808] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f409bbbeb69
[  572.183458][T30808] RDX: 00007f409a226f20 RSI: 0000000000000058 RDI: 00007f409a226f20
[  572.183473][T30808] RBP: 00007f409a227090 R08: 0000000000000000 R09: 0000000000000058
[  572.183538][T30808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  572.183549][T30808] R13: 0000000000000001 R14: 00007f409bde5fa0 R15: 00007ffc19a40b18
[  572.183568][T30808]  </TASK>
[  572.436176][T30816] loop7: detected capacity change from 0 to 2048
[  572.509459][T30816] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  572.715123][T30816] EXT4-fs (loop7): Online defrag not supported with bigalloc
[  572.867660][T30836] __nla_validate_parse: 7 callbacks suppressed
[  572.867760][T30836] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7309'.
[  573.007360][T30836] loop4: detected capacity change from 0 to 512
[  573.179073][T30836] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7309: Failed to acquire dquot type 1
[  573.214293][T30836] EXT4-fs (loop4): 1 truncate cleaned up
[  573.244531][T30836] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  573.323161][T30836] ext4 filesystem being mounted at /211/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  573.419015][T30826] syz.0.7306 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=0
[  573.432916][T30826] CPU: 1 UID: 0 PID: 30826 Comm: syz.0.7306 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  573.432973][T30826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  573.432990][T30826] Call Trace:
[  573.432999][T30826]  <TASK>
[  573.433007][T30826]  __dump_stack+0x1d/0x30
[  573.433028][T30826]  dump_stack_lvl+0xe8/0x140
[  573.433047][T30826]  dump_stack+0x15/0x1b
[  573.433067][T30826]  dump_header+0x81/0x220
[  573.433135][T30826]  oom_kill_process+0x342/0x400
[  573.433174][T30826]  out_of_memory+0x979/0xb80
[  573.433209][T30826]  try_charge_memcg+0x5e6/0x9e0
[  573.433277][T30826]  obj_cgroup_charge_pages+0xa6/0x150
[  573.433354][T30826]  __memcg_kmem_charge_page+0x9f/0x170
[  573.433398][T30826]  __alloc_frozen_pages_noprof+0x188/0x360
[  573.433461][T30826]  alloc_pages_mpol+0xb3/0x250
[  573.433506][T30826]  alloc_pages_noprof+0x90/0x130
[  573.433549][T30826]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  573.433672][T30826]  __kvmalloc_node_noprof+0x30f/0x4e0
[  573.433710][T30826]  ? ip_set_alloc+0x1f/0x30
[  573.433764][T30826]  ? ip_set_alloc+0x1f/0x30
[  573.433803][T30826]  ? __kmalloc_cache_noprof+0x189/0x320
[  573.433855][T30826]  ip_set_alloc+0x1f/0x30
[  573.433889][T30826]  hash_netiface_create+0x282/0x740
[  573.434007][T30826]  ? __pfx_hash_netiface_create+0x10/0x10
[  573.434045][T30826]  ip_set_create+0x3cc/0x960
[  573.434164][T30826]  ? __nla_parse+0x40/0x60
[  573.434220][T30826]  nfnetlink_rcv_msg+0x4c6/0x590
[  573.434356][T30826]  netlink_rcv_skb+0x120/0x220
[  573.434508][T30826]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  573.434550][T30826]  nfnetlink_rcv+0x16b/0x1690
[  573.434584][T30826]  ? nlmon_xmit+0x4f/0x60
[  573.434613][T30826]  ? consume_skb+0x49/0x150
[  573.434652][T30826]  ? nlmon_xmit+0x4f/0x60
[  573.434681][T30826]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  573.434726][T30826]  ? __dev_queue_xmit+0x1200/0x2000
[  573.434824][T30826]  ? __dev_queue_xmit+0x182/0x2000
[  573.434894][T30826]  ? merge_sched_in+0x605/0xa60
[  573.434988][T30826]  ? ref_tracker_free+0x37d/0x3e0
[  573.435037][T30826]  ? __netlink_deliver_tap+0x4dc/0x500
[  573.435112][T30826]  netlink_unicast+0x5c0/0x690
[  573.435153][T30826]  netlink_sendmsg+0x58b/0x6b0
[  573.435226][T30826]  ? __pfx_netlink_sendmsg+0x10/0x10
[  573.435337][T30826]  __sock_sendmsg+0x145/0x180
[  573.435362][T30826]  ____sys_sendmsg+0x31e/0x4e0
[  573.435406][T30826]  ___sys_sendmsg+0x17b/0x1d0
[  573.435477][T30826]  __x64_sys_sendmsg+0xd4/0x160
[  573.435526][T30826]  x64_sys_call+0x191e/0x2ff0
[  573.435553][T30826]  do_syscall_64+0xd2/0x200
[  573.435600][T30826]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  573.435631][T30826]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  573.435659][T30826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.435765][T30826] RIP: 0033:0x7fe9d509eb69
[  573.435784][T30826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  573.435830][T30826] RSP: 002b:00007fe9d3707038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  573.435861][T30826] RAX: ffffffffffffffda RBX: 00007fe9d52c5fa0 RCX: 00007fe9d509eb69
[  573.435878][T30826] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004
[  573.435895][T30826] RBP: 00007fe9d5121df1 R08: 0000000000000000 R09: 0000000000000000
[  573.435979][T30826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  573.435995][T30826] R13: 0000000000000000 R14: 00007fe9d52c5fa0 R15: 00007ffda96136e8
[  573.436020][T30826]  </TASK>
[  573.436029][T30826] memory: usage 307200kB, limit 307200kB, failcnt 4231
[  573.780999][T30826] memory+swap: usage 307624kB, limit 9007199254740988kB, failcnt 0
[  573.788941][T30826] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0
[  573.796233][T30826] Memory cgroup stats for /syz0:
[  573.796965][T25779] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  573.806081][T30826] cache 0
[  573.814178][T30826] rss 0
[  573.816963][T30826] shmem 0
[  573.820151][T30826] mapped_file 0
[  573.823635][T30826] dirty 0
[  573.826658][T30826] writeback 0
[  573.829982][T30826] workingset_refault_anon 1430
[  573.834756][T30826] workingset_refault_file 3241
[  573.839577][T30826] swap 434176
[  573.842957][T30826] swapcached 0
[  573.846365][T30826] pgpgin 608759
[  573.849874][T30826] pgpgout 608758
[  573.853423][T30858] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7316'.
[  573.853433][T30826] pgfault 570670
[  573.862365][T30826] pgmajfault 978
[  573.862379][T30826] inactive_anon 0
[  573.862389][T30826] active_anon 0
[  573.862399][T30826] inactive_file 0
[  573.862406][T30826] active_file 4096
[  573.862416][T30826] unevictable 0
[  573.862424][T30826] hierarchical_memory_limit 314572800
[  573.862479][T30826] hierarchical_memsw_limit 9223372036854771712
[  573.862492][T30826] total_cache 0
[  573.862502][T30826] total_rss 0
[  573.862511][T30826] total_shmem 0
[  573.862574][T30826] total_mapped_file 0
[  573.862584][T30826] total_dirty 0
[  573.862594][T30826] total_writeback 0
[  573.862602][T30826] total_workingset_refault_anon 1430
[  573.862611][T30826] total_workingset_refault_file 3241
[  573.862623][T30826] total_swap 434176
[  573.862632][T30826] total_swapcached 0
[  573.862642][T30826] total_pgpgin 608759
[  573.862662][T30826] total_pgpgout 608758
[  573.885068][T30860] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7319'.
[  573.887936][T30826] total_pgfault 570670
[  573.887948][T30826] total_pgmajfault 978
[  573.887956][T30826] total_inactive_anon 0
[  573.887963][T30826] total_active_anon 0
[  573.887974][T30826] total_inactive_file 0
[  573.887983][T30826] total_active_file 4096
[  573.888061][T30826] total_unevictable 0
[  573.894589][T30860] FAULT_INJECTION: forcing a failure.
[  573.894589][T30860] name failslab, interval 1, probability 0, space 0, times 0
[  573.899614][T30826] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.7306,pid=30825,uid=0
[  573.899751][T30826] Memory cgroup out of memory: Killed process 30825 (syz.0.7306) total-vm:93896kB, anon-rss:940kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:0
[  573.903421][T30860] CPU: 0 UID: 0 PID: 30860 Comm: syz.5.7319 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  573.903487][T30860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  573.903505][T30860] Call Trace:
[  573.903514][T30860]  <TASK>
[  573.903525][T30860]  __dump_stack+0x1d/0x30
[  573.903555][T30860]  dump_stack_lvl+0xe8/0x140
[  573.903582][T30860]  dump_stack+0x15/0x1b
[  573.903731][T30860]  should_fail_ex+0x265/0x280
[  573.903777][T30860]  should_failslab+0x8c/0xb0
[  573.903820][T30860]  kmem_cache_alloc_noprof+0x50/0x310
[  573.903878][T30860]  ? skb_clone+0x151/0x1f0
[  573.903896][T30860]  skb_clone+0x151/0x1f0
[  573.903917][T30860]  __netlink_deliver_tap+0x2c9/0x500
[  573.904021][T30860]  netlink_unicast+0x66b/0x690
[  573.904064][T30860]  netlink_sendmsg+0x58b/0x6b0
[  573.904160][T30860]  ? __pfx_netlink_sendmsg+0x10/0x10
[  573.904284][T30860]  __sock_sendmsg+0x145/0x180
[  573.904394][T30860]  ____sys_sendmsg+0x31e/0x4e0
[  573.904444][T30860]  ___sys_sendmsg+0x17b/0x1d0
[  573.904509][T30860]  __x64_sys_sendmsg+0xd4/0x160
[  573.904618][T30860]  x64_sys_call+0x191e/0x2ff0
[  573.904650][T30860]  do_syscall_64+0xd2/0x200
[  573.904683][T30860]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  573.904717][T30860]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  573.904749][T30860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.904891][T30860] RIP: 0033:0x7f0259deeb69
[  573.904912][T30860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  573.904938][T30860] RSP: 002b:00007f0258457038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  573.904965][T30860] RAX: ffffffffffffffda RBX: 00007f025a015fa0 RCX: 00007f0259deeb69
[  573.904983][T30860] RDX: 0000000020000000 RSI: 0000200000000180 RDI: 0000000000000006
[  573.905001][T30860] RBP: 00007f0258457090 R08: 0000000000000000 R09: 0000000000000000
[  573.905023][T30860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  573.905041][T30860] R13: 0000000000000000 R14: 00007f025a015fa0 R15: 00007ffdba95d498
[  573.905068][T30860]  </TASK>
[  573.905183][T30860] netlink: 32 bytes leftover after parsing attributes in process `syz.5.7319'.
[  574.008233][   T29] kauditd_printk_skb: 445 callbacks suppressed
[  574.008252][   T29] audit: type=1326 audit(2000000146.316:28017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30855 comm="syz.1.7316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  574.278695][   T29] audit: type=1326 audit(2000000146.316:28018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30855 comm="syz.1.7316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  574.280933][T30865] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7317'.
[  574.302514][   T29] audit: type=1326 audit(2000000146.316:28019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30855 comm="syz.1.7316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  574.302570][   T29] audit: type=1326 audit(2000000146.316:28020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30855 comm="syz.1.7316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  574.302602][   T29] audit: type=1326 audit(2000000146.316:28021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30855 comm="syz.1.7316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  574.302637][   T29] audit: type=1326 audit(2000000146.316:28022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30855 comm="syz.1.7316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  574.302684][   T29] audit: type=1326 audit(2000000146.316:28023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30855 comm="syz.1.7316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  574.302726][   T29] audit: type=1326 audit(2000000146.316:28024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30855 comm="syz.1.7316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adea2eb69 code=0x7ffc0000
[  574.302762][   T29] audit: type=1326 audit(2000000146.316:28025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30855 comm="syz.1.7316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2adea30a87 code=0x7ffc0000
[  574.302796][   T29] audit: type=1326 audit(2000000146.316:28026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30855 comm="syz.1.7316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f2adea309fc code=0x7ffc0000
[  574.519159][T29968] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  574.529900][T30874] loop5: detected capacity change from 0 to 128
[  574.540287][T30874] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  574.553184][T30865] loop4: detected capacity change from 0 to 512
[  574.560998][T30874] ext4 filesystem being mounted at /211/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  574.579769][T30865] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7317: Failed to acquire dquot type 1
[  574.592872][T30878] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  574.604596][T30865] EXT4-fs (loop4): 1 truncate cleaned up
[  574.610146][T30874] EXT4-fs warning (device loop5): ext4_dirblock_csum_verify:375: inode #2: comm syz.5.7323: No space for directory leaf checksum. Please run e2fsck -D.
[  574.611087][T30865] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  574.626317][T30874] EXT4-fs error (device loop5): __ext4_find_entry:1626: inode #2: comm syz.5.7323: checksumming directory block 0
[  574.638245][T30865] ext4 filesystem being mounted at /212/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  574.691315][T30878] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  574.740881][T30878] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  574.769836][T30888] EXT4-fs warning (device loop5): ext4_dirblock_csum_verify:375: inode #2: comm syz.5.7323: No space for directory leaf checksum. Please run e2fsck -D.
[  574.785316][T30888] EXT4-fs error (device loop5): __ext4_find_entry:1626: inode #2: comm syz.5.7323: checksumming directory block 0
[  574.811894][T30878] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  574.865052][T30905] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7327'.
[  574.874167][T30905] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7327'.
[  574.907218][T22119] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  574.931406][T22119] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  574.944397][T22119] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  574.960345][T22119] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  575.063097][T25779] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  575.397610][T25209] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  575.445424][T30946] RDS: rds_bind could not find a transport for ::ffff:172.30.0.6, load rds_tcp or rds_rdma?
[  575.635127][T30952] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  575.641721][T30952] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  575.649927][T30952] vhci_hcd vhci_hcd.0: Device attached
[  575.783951][T30958] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=30958 comm=syz.0.7341
[  575.801246][T30958] netlink: 104 bytes leftover after parsing attributes in process `syz.0.7341'.
[  575.910836][T10287] usb 11-1: new high-speed USB device number 3 using vhci_hcd
[  575.934342][T30962] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7343'.
[  575.943412][T30962] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7343'.
[  576.348235][T30953] vhci_hcd: connection reset by peer
[  576.354336][T22122] vhci_hcd: stop threads
[  576.358852][T22122] vhci_hcd: release socket
[  576.363506][T22122] vhci_hcd: disconnect device
[  576.482108][T30976] loop4: detected capacity change from 0 to 512
[  576.518322][T30976] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7347: Failed to acquire dquot type 1
[  576.571279][T30976] EXT4-fs (loop4): 1 truncate cleaned up
[  576.588230][T30976] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  576.609619][T30976] ext4 filesystem being mounted at /219/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  576.906284][T30990] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=30990 comm=syz.5.7352
[  576.995521][T30994] loop5: detected capacity change from 0 to 128
[  577.038576][T30994] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  577.084119][T30994] ext4 filesystem being mounted at /216/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  577.123362][T30994] EXT4-fs warning (device loop5): ext4_dirblock_csum_verify:375: inode #2: comm syz.5.7354: No space for directory leaf checksum. Please run e2fsck -D.
[  577.138917][T30994] EXT4-fs error (device loop5): __ext4_find_entry:1626: inode #2: comm syz.5.7354: checksumming directory block 0
[  577.194903][T25779] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  577.225360][T30994] EXT4-fs warning (device loop5): ext4_dirblock_csum_verify:375: inode #2: comm syz.5.7354: No space for directory leaf checksum. Please run e2fsck -D.
[  577.240776][T30994] EXT4-fs error (device loop5): __ext4_find_entry:1626: inode #2: comm syz.5.7354: checksumming directory block 0
[  577.661239][T31012] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[  577.828158][T25209] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  577.975068][T31006] ==================================================================
[  577.983188][T31006] BUG: KCSAN: data-race in page_pool_put_unrefed_netmem / page_pool_release
[  577.991885][T31006] 
[  577.994211][T31006] write to 0xffff88813a53d180 of 8 bytes by task 31010 on cpu 1:
[  578.001927][T31006]  page_pool_release+0x28d/0x860
[  578.006880][T31006]  page_pool_destroy+0x202/0x370
[  578.011827][T31006]  bpf_test_run_xdp_live+0xf79/0xfe0
[  578.017127][T31006]  bpf_prog_test_run_xdp+0x4f5/0x910
[  578.022423][T31006]  bpf_prog_test_run+0x227/0x390
[  578.027398][T31006]  __sys_bpf+0x4b9/0x7b0
[  578.031650][T31006]  __x64_sys_bpf+0x41/0x50
[  578.036079][T31006]  x64_sys_call+0x2aea/0x2ff0
[  578.040757][T31006]  do_syscall_64+0xd2/0x200
[  578.045266][T31006]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  578.051161][T31006] 
[  578.053488][T31006] read to 0xffff88813a53d180 of 8 bytes by task 31006 on cpu 0:
[  578.061122][T31006]  page_pool_put_unrefed_netmem+0x38b/0x4b0
[  578.067033][T31006]  napi_pp_put_page+0xe9/0x200
[  578.071807][T31006]  skb_free_head+0x12c/0x150
[  578.076404][T31006]  skb_release_data+0x33b/0x370
[  578.081263][T31006]  __kfree_skb+0x44/0x150
[  578.085695][T31006]  sk_skb_reason_drop+0xbd/0x270
[  578.090643][T31006]  udp_recvmsg+0x11a/0xb30
[  578.095069][T31006]  inet_recvmsg+0x143/0x290
[  578.099624][T31006]  sock_recvmsg+0xf6/0x170
[  578.104043][T31006]  ____sys_recvmsg+0xf5/0x280
[  578.108732][T31006]  ___sys_recvmsg+0x11f/0x370
[  578.113409][T31006]  do_recvmmsg+0x1ef/0x540
[  578.117915][T31006]  __x64_sys_recvmmsg+0xe5/0x170
[  578.122853][T31006]  x64_sys_call+0x27a6/0x2ff0
[  578.127542][T31006]  do_syscall_64+0xd2/0x200
[  578.132069][T31006]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  578.137973][T31006] 
[  578.140298][T31006] value changed: 0xffffea000630f540 -> 0x0000000000000000
[  578.147406][T31006] 
[  578.149722][T31006] Reported by Kernel Concurrency Sanitizer on:
[  578.155868][T31006] CPU: 0 UID: 0 PID: 31006 Comm: syz.0.7356 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  578.168016][T31006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  578.178070][T31006] ==================================================================
[  581.002321][T10287] vhci_hcd: vhci_device speed not set