last executing test programs:

3m31.329645884s ago: executing program 2 (id=2741):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f00000100000012"], 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000a40)={r2, 0x0, 0x0}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000380)='kfree\x00', r1}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000025940000000c0a01030000000000000000070000080900020073797a31000000000900010073797a30000000006800038064000080080003400000000258000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c0002400000000000000010140001800c0001"], 0x118}}, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000980), r4)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="090322bd700005dcdf2501000000180001801400020076657468300000000000000000000000200002801c"], 0x4c}}, 0x24040804)
r6 = socket$packet(0x11, 0x2, 0x300)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x0, 0x6}]}, 0x10)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r9=>0x0})
sendto$packet(r6, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x8100, r9, 0x1, 0x0, 0x6, @local}, 0x14)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000700)=<r10=>0x0)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r11)
sendmsg$NFC_CMD_DEV_UP(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x1c, r12, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r10}]}, 0x1c}}, 0x800)
write$nci(r3, &(0x7f0000000000)=@NCI_OP_RF_DEACTIVATE_NTF={0x1, 0x0, 0x3, 0x6, 0x7, {0x3, 0xea}}, 0x5)
write$nci(r3, 0x0, 0x0)

3m30.26180783s ago: executing program 2 (id=2749):
syz_open_dev$evdev(&(0x7f00000000c0), 0x200000000000000, 0x820b01)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x6d)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r2}})

3m29.846188047s ago: executing program 2 (id=2753):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x18)
socket$inet_smc(0x2b, 0x1, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)={0xe0, 0x28, 0x1, 0x4, 0x25dfdbf8, "", [@nested={0xcd, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2d}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3dd", @typed={0x4, 0xe9}]}]}, 0xe0}], 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/anycast6\x00')
syz_usb_connect(0x6, 0x36, &(0x7f00000005c0)=ANY=[], 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

3m29.294817084s ago: executing program 2 (id=2761):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0xfcc4)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='module_request\x00'}, 0x10)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
pivot_root(&(0x7f00000001c0)='./file0\x00', 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000240)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x0, 0x1, 0x0, {0x5, 0x4, 0x1, 0xa, 0x4, 0x68, 0x8001, 0x2, 0x2, 0x1ff, @broadcast, @remote}}}}}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000003ef0001800e000100636f6e6e6c696d69740000000c000280080001400000e41f08000340000001"], 0xd0}, 0x1, 0x0, 0x0, 0x60000800}, 0x4000024)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000200)={[{@lazytime}, {@nomblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@nombcache}, {@quota}, {@quota}]}, 0xff, 0x443, &(0x7f0000000940)="$eJzs3MtvG0UYAPBv10mgLxJKefQBBMqj4pE0aYEeuIBA4gASEhzKMSRpVeo2qAkSrSoICJUjqsQdcUTiL+BELwg4IXGFAzdUqUK9tHAyWnu3cYztNsbuQv37SevM7I4182V37JmdbAIYWpPZSxKxNSJ+iYjxRnZ9gcnGj6uXz87/efnsfBK12ht/JPVyVy6fnS+KFu/bkmf2pRHpJ0nsblPv8ukzx+eq1cVTeX565cS708unzzx97MTc0cWjiydnDx06eGDmuWdnn+lLnFlcV3Z9sLRn5ytvnX9t/vD5t3/4Oinib4mjTya7HXy0VutzdeXa1pRORkpsCBtSiYjsdI3W+/94VGLt5I3Hyx+X2jhgoGq5DodXa8AtLImyWwCUo/iiz+a/xXbzRh/lu/RCYwKUxX013xpHRiLNy4y2zG/7aTIiDq/+9UW2xWDuQwAArPNtNv55qt34L417msrdka+hTETEnRGxPSLuiogdEXF3RL3svRFx3wbrb10k+ef4J73YU2A3KBv/PZ+vba0f/xWjv5io5Llt9fhHkyPHqov7G8dWs5csP9Oljgsv/fxZp2PN479sy+ovxoJ5Oy6O3Lb+PQtzK3O9xtvq0kcRu0baxZ9cWwlIImJnROzqsY5jT3y1p9Ox68ffRR/WmWpfRjzeOP+r0RJ/Iem+Pjl9e1QX9083XRUtfvzp3Oud6v9X8fdBdv43t73+r8U/kTSv1y5vvI5zv37acU7T6/U/lrxZT4/l+96fW1k5NRMxlrzaaHTz/tm19xb5onwW/7697fv/9lj7TeyOiOwivj8iHoiIB/O2PxQRD0fE3i7xf//iI+/0Hv9gZfEvbOj8ryXGonVP+0Tl+HffrKt0YiPxZ+f/YD21L99T//xLusd1I+3q7WoGAACA/580IrZGkk5dS6fp1FTjb/h3xOa0urS88uSRpfdOLjSeEZiI0bS40zXedD90Jp/WF/nZlvyB/L7x55VN9fzU/FJ1oezgYcht6dD/M79Xym4dMHCe14Lhpf/D8NL/YXjp/zC82vT/TWW0A7j52n3/fxgRFx4roTHATdXS/y37wRAx/4fhpf/D8LqB/v/brfXvqoGIWN4U139IfrCJSpRZu0SPiUj/E82QGFCi7E8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg7AAD//9aZ7PU=")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18030000000000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
fchown(0xffffffffffffffff, 0x0, 0xee01)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x43, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xfffffffffffffe5f)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffc7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r6}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
set_mempolicy(0x3, &(0x7f00000002c0)=0x1ff, 0x5)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x40, 0x2)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29, <r7=>0xffffffffffffffff}, './file0\x00'})
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x100001f, &(0x7f0000000700)={[{@errors_remount}, {@noquota}, {@i_version}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xc470}}]}, 0x21, 0x454, &(0x7f0000000280)="$eJzs281vG0UbAPBnbad9274lKSof/YAGCqICkTRpgR44tAgkDnCCQzmGJK1K3QY1QaJVBQGhckSVOHBDSFyQ+As4wQUBJySucEeVKpRLCyejtXcTx7GdOLGbEP9+0iozu7OZebI79sxONoC+NRwRn0TE/yPi94gYjIikscBw7cfdheuTfy9cn0yiUnnjr6Ra7s7C9cm8aH7enjwzX8sfalLv7NVrFyfK5ekrWX507tK7o7NXrz174dLE+enz05fHT506eWLshefHn+tKnGmb7hz8YObwgVffuvn65Nmbb//8bZKFFw1xdMlwu4NPdrmyzba3Lp2UNrEhdKQYEenlGqj2/8EoxtLFG4xXPt7UxgE9ValUKjtbH56vANtYEnWZ/CMB6AP5F306/823ezPy2Bpun6lNgNK472Zb7UgpClmZgYb5bTels62z8/98mW7Rm+cQAADLfH+m9nPl+K8QD9aVO52tDQ1FxL66xY39EfFARLXsQxHxcIf1Ny6SrBz/FG51+Cs7ko7/XszWtpaP//LRXwwVs9zeavwDybkL5enjEXFfRByLgZ1pfqxNHT+8/NtnrY4N143/0i2tPx8LZu24VWp4QDc1MTexkZjr3f4o4mCpWfzJ4kpAEhEHIuLgkfXVceHpbw63OrZ6/G10YZ2p8lXEU7XrPx8N8eeS9uuTo/+L8vTx0fyuWOmXX28UW9Xfafz7vlias3VDev13N73/F+MfqhTr1mtnO6/jxh+ftpzTrPf+35G8WU3vyPa9PzE3d2UsYkfyWrb/9NL+8aVz83xePo3/2NHm/f/+WPpLHIqI9CZ+JCIejYgjWdsfi4jHI+Jom/h/eumJd9Yff2+l8U+tcv2T+vX6dSSKF3/8blmlQ53En17/k9XUsWzPWj7/1trAjf79AAAA4L+gUP3f/6QwspguFEZGav8vvz92F8ozs3PPnJt57/JU7R2BoRgo5E+6Buueh45l0/o8P96QP5E9N/68uKuaH5mcKU9tdvDQ5/a06P+pP1s+tQa2De9rQf/S/6F/6f/Qv/R/6FvN3v/ftYYywDbQ7Pv/w9VP+7oXbQHuLeN/6F+d9v/a5MCUALYD3//Qv/R/6Esbea+/l4l8/WGrtGdZolJZrUyp3emlrRpXR4kobIlmSPQosckfTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF3ybwAAAP//Tkri5g==")
open(0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r7, 0x84, 0x4, &(0x7f0000000040)=0x4c, 0x4)

3m28.950111329s ago: executing program 2 (id=2765):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00'}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(0x0, r0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES8=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r3 = openat$cgroup_subtree(r2, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000040)={[{0x2d, 'cpuset'}]}, 0x56)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4, 0x0, 0x100}, 0x18)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="01100000000000000025010100000800010001000000c58c2028d9e9f7cb8fa7bd78eb49dc8c67073da02c64cdb4eb356f2f196b337a0c03be1a3b738d6891a2c1930e1ab5467affe9847af4d4b0bf6077b80cd5f3b0a5de00383e55f30cbec42e72740c2d794bee6890e59d1507c766818341a315a04f52f442c076bad431457125a9e55d18cbd0cb5aa38f8376a09c7425c17930ebe2627701209eda86d23c91b5e51e469efa52cf22831213874c80694911b113cc18bec954cf22ff04579b21de17fa5d50b48ad9a71ed87f12c54cee974c7f30be57993f3d7aa6a42655b61c1e655e599790eccfa16887922d32f10522603ee7b8ce04cfc2850a995a656acca0ffd125b980c8855857b5eb112afc306d0acc299c397f9fbaa9de05b87a167edf43337242ed306542df9e845daeddb5827c12d8ade74a5d33af948e4e37d19a01821a6d64de5d71a7b99cd6569b2cdeb5e277223258246288e8d33438bc816e749d66090527e46957e9a90e5aa939a24aa992be5408a4ee03c1ef850f145836b1c5e00fe308deea416fd665c9ae37f7eee4f356"], 0x1c}, 0x1, 0x0, 0x0, 0x48880}, 0x4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r6 = io_uring_setup(0x2312, &(0x7f0000000300)={0x0, 0x763, 0x2000, 0x0, 0x11cb})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x810)
perf_event_open(0x0, 0x0, 0x6, 0xffffffffffffffff, 0x8)
r8 = openat(0xffffffffffffffff, &(0x7f0000000240)='./file1\x00', 0x8842, 0x6e)
pwrite64(r8, 0x0, 0x0, 0x9000)
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000100070000000900020073797a300000000014000780050015000000000008001240000000000d000300686173"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c00000003060500000000000000f100000000064500010007000000333431a7178530d0b04c4560972c727a2a6411d27b16a6074d0685a141e306e61fea0bd9227f69aa5b0ce00520d55224428ab6d7bd590378b87ef583e669552211ed79435ef7fe9adb2e264d30eb95b9a20c1a22cce184913416f2d0a0aa61459c7e756de0d7e2fa1acf8647881fd8bf129284291a61bfcda0b7260b38b588ba68e81f622a94a0dd4315ae371acee797f68869093a807395671273acdd1f2b15c2c3cb"], 0x1c}, 0x1, 0x0, 0x0, 0x24040800}, 0x8d0)
eventfd(0x4)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000000))

3m25.977653623s ago: executing program 2 (id=2770):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000000000000000000000000000000000097c440", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200000004000085000000860000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="d800000010008104687da3aa7143a0b8c81d080b25000000e8fe55a11800150006001400000000120800030043000040a8002b000a00034006000dc3036010fab94dcf5c046109d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88a2ddddbbb219c6c09136dd481c417898516277ce06bbace80177ccbec4c2ee5a7cef4260027836b0d17a58af5d6d93424841f468430dfe1d9d322fe7c0aaa16b8ddc64193071e9f8775730d16a4683f7a5025ccc89e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5", 0xd8}], 0x1}, 0x20000080)

3m10.889749157s ago: executing program 32 (id=2770):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000000000000000000000000000000000097c440", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200000004000085000000860000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="d800000010008104687da3aa7143a0b8c81d080b25000000e8fe55a11800150006001400000000120800030043000040a8002b000a00034006000dc3036010fab94dcf5c046109d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88a2ddddbbb219c6c09136dd481c417898516277ce06bbace80177ccbec4c2ee5a7cef4260027836b0d17a58af5d6d93424841f468430dfe1d9d322fe7c0aaa16b8ddc64193071e9f8775730d16a4683f7a5025ccc89e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5", 0xd8}], 0x1}, 0x20000080)

1m12.783788294s ago: executing program 4 (id=4520):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080), 0x8) (async, rerun: 32)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4000005}, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
r2 = socket(0x1, 0x803, 0x0) (async, rerun: 64)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
socket$key(0xf, 0x3, 0x2) (async)
r4 = fsopen(&(0x7f0000000000)='ext2\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000080)='/d\xc0\xa1\xe5\x86v,w$\xb1\xe7\xfa\x85 (\x87\x02\x14oev/udmabufE', 0x0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000000)={0x0, 0xc19, 0x0, 0x0, 0x8, "7f12ddc1517600"})
r6 = syz_open_pts(r5, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$TCSETAF(r5, 0x5408, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xb, "cb4672ac02132ca6"}) (async)
ioctl$TIOCGPTPEER(r5, 0x5441, 0x0) (async, rerun: 32)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) (async, rerun: 32)
close_range(r4, 0xffffffffffffffff, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r3}, 0x18) (async)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000025940000000c0a01030000000000000000070000080900020073797a31000000000900010073797a30000000006800038064000080080003400000000258000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c0002"], 0x118}}, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETFILTEREBPF(r8, 0x800454e1, &(0x7f0000000200)=r0) (async)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="4800000110000104000000000400000000000000", @ANYRES32=r9, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=r9, @ANYBLOB="0000000043030000"], 0x48}}, 0x0)

1m12.618190686s ago: executing program 4 (id=4523):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffc01, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x18)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000540)={[{@delalloc}, {@nojournal_checksum}, {@journal_async_commit}, {@dioread_lock}, {@data_err_ignore}, {@mb_optimize_scan}, {@mb_optimize_scan}, {@nobarrier}, {@abort}, {@user_xattr}, {@noblock_validity}, {@errors_remount}]}, 0x0, 0x570, &(0x7f00000019c0)="$eJzs3c1rHOUfAPDvbF76+vs1hVJURAI9WNFumsSXCh7qUbRY0HtdkjGUbLoluylNLLQ92IsXKYKIBfHgTe8ei/+Af0VBi0VK0IOXyGxm022zm2zTbXbrfj4w4XlmZvM835l5nn1mn1k2gIE1nv0pRDwfEV8mEYciIsm3DUe+cXx9v9X7V2ayJYm1tY/+TOr7ZfnG/2q87kCeeS4ifvk84tXC5nKryyvzpXI5XczzE7WFixPV5ZUT5xdKc+lcemFqevrUG9NTb7/1ZtdifeXs3998ePu9U18cW/36p7uHbyZxOg7m25rjeALXmjPjMZ4fk5E4/ciOk10orJ8kva4AOzKUt/ORyPqAQzGUt3rgv+9qRKwBAyrR/mFANcYBjXv7Lt0HPzPuvbt+A7Q5/uH1z0Zib/3eaP9q8tCdUXa/O9aF8rMyfv791s1sie59DgGwrWvXI+Lk8PDm/i/J+7+dO9nBPo+Wof+D3XM7G/+81mr8U9gY/0SL8c+BFm13J7Zv/4W7XSimrWz8907L8e/GpNXYUJ77X33MN5J8er6cZn3b/yPieIzsyfJbzeecWr2z1m5b8/gvW7LyG2PBvB53h/c8/JrZUq30JDE3u3c94oWW499k4/wnLc5/djzOdljG0fTWS+22bR//07X2fcTLLc//gxmtZOv5yYn69TDRuCo2++vG0V/blb85/tHYzfiz879/6/jHkub52urjl/Hd3n/Sdtseij86v/5Hk4/r6dF83eVSrbY4GTGafLB5/dSD1zbyjf2z+I8f27r/a3X974uITzqM/8aRH1/sKP4eXP9Z/LOPdf4fP3Hn/c++bVd+Z/3f6/XU8XxNJ/1fpxV8kmMHAAAAAAAA/aYQEQcjKRQ30oVCsbj+fMeR2F8oj60//xGzUf+u7FiMFBoz3YeanoeYzJ+HbeSnHslPR8ThiPhqaF89X5yplGd7HTwAAAAAAAAAAAAAAAAAAAD0iQNtvv+f+W2o17UDnjo/+Q2Da9v2341fegL6kvd/GFzaPwwu7R8Gl/YPg6up/e/pZT2A3ef9HwaX9g+DS/sHAAAAAAAAAAAAAAAAAAAAAAAAAACArjp75ky2rK3evzKT5WcvLS/NVy6dmE2r88WFpZniTGXxYnGuUpkrp8WZysJ2/69cqVycnIqlyxO1tFqbqC6vnFuoLF2onTu/UJpLz6UjuxIVAAAAAAAAAAAAAAAAAAAAPFuqyyvzpXI5XZSQ2FFiuD+qsZ7ILummNVd7XZ+tEn/80BfVaJfodc8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/8GwAA//9ITzKe")
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000c80)=@filter={'filter\x00', 0x42, 0x4, 0x278, 0xffffffff, 0xb8, 0xb8, 0xb8, 0xffffffff, 0xffffffff, 0x200, 0x200, 0x200, 0xffffffff, 0x5, 0x0, {[{{@ip={@remote, @remote, 0xff, 0xff000000, 'geneve1\x00', 'pimreg1\x00', {}, {0xff}, 0x11, 0x0, 0x10}, 0x74000002, 0x70, 0x98, 0x1ba, {0x46010000, 0x2c000000000000}}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@ip={@private=0xa010101, @broadcast, 0xffffffff, 0xffffff00, 'veth1_macvtap\x00', 'rose0\x00', {}, {}, 0xa, 0x1}, 0x287, 0x70, 0x98}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x7]}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2d8)
r1 = socket(0x10, 0x803, 0x0)
setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000040)=0x3, 0x4)
sendto(r1, &(0x7f00000000c0)="120000001200e7ef007b000000000000", 0x10, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000c40)=[{{0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000700)=""/23, 0x17}, 0x80009}], 0x16c, 0x10002, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x89901)
move_mount(r2, 0x0, 0xffffffffffffffff, 0x0, 0x46)
socket$inet(0x2, 0x1, 0x5f0)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xe, 0x0, &(0x7f0000000080)="259a53f288476d2688ca4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1m12.331517121s ago: executing program 4 (id=4526):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
sendfile(r2, r2, 0x0, 0x800000009)

1m12.152350723s ago: executing program 4 (id=4527):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x1, 0x12)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000880)={&(0x7f0000000580)={0x54, 0x2, 0x1, 0x401, 0x0, 0x0, {0x3}, [@CTA_LABELS_MASK={0x10, 0x17, [0x1, 0x453, 0x7]}, @CTA_MARK_MASK={0x8}, @CTA_SYNPROXY={0x14, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x80}]}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x4}, @CTA_SYNPROXY={0x4}, @CTA_NAT_SRC={0x4}, @CTA_SYNPROXY={0x4}]}, 0x54}}, 0x11)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file0\x00', 0x8080, 0x105)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffc00, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x200000005c832, 0xffffffffffffffff, 0x0)
r5 = io_uring_setup(0x3ea7, &(0x7f0000000080)={0x0, 0x4fa8c, 0x1000, 0xfffffefe, 0xae})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x100000, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x109, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000240)='kfree\x00', r7}, 0x18)
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4084, 0xff4}], 0x1)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a2c000000060a0904e1ff000000000000020000000900010073797a30000000000900020073797a320000000020000000080a05000000000000000000020000000900010073797a30000000002c000000080a01010000000000000000020000000900020073797a32000000000900010073797a3000000000140000001100010000000000000000000000000a"], 0xa0}}, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[@ANYBLOB='-4'], 0xc)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
syz_clone(0x22300000, 0x0, 0x0, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0xb}]})

1m11.01144197s ago: executing program 4 (id=4535):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'vlan1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="5c0000001000010000000000000000", @ANYRES32=r1, @ANYBLOB="c89904bd0000000008000d000000000034001680300001802c000c80"], 0x5c}}, 0x0)

1m10.678937805s ago: executing program 4 (id=4540):
r0 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = memfd_create(&(0x7f00000004c0)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?&^\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xeb\xf1\xd0\xe3\xe5\x19T\xff\x01\x00\x00\xe2\x9f\xd9\xae\xcf>/\x05V%$6\x9fU\x86\xbe\xcbx\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\x97.A\x84\x1d\xc2\x86\x89{\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8\x83\x87+nM\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x10M\x8b\xd0\xc0\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xdc\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5W\xfb\x82\xac\x19,\\D\x91T\xfd\x9c\xb8\x8b\x88\xa5\xcc\x8fI\x00\xf0\xc9%\n\xa7\xd6\x0f:\xb0\xf5?\xc3\x88\x1e\xbb-\xa6\xecA\x92\xaf\xa4Xl\v\xa5\xca\v|\xe2L\xac\x80\xc7\x15\x96fh\x83\x15\xc7\xea\xd5\xe8\x89W\x11\xd7oC\xe4\x06\xa8[O\xe6\x1d=\x87\x93\x0f\x87I\xdf\xb1\xeb\x89\x11.\x01\x00\r`\x1e8\x94\xb7\xbc\xc3\xad\xf1\x92/(A=A\x8b\xa5\xb0\x89\x9e5\x12\xa4\x9a\va\xdf\xf4\xea\xc6\xc7\x10g\x1d\xd5\xb0\xbb\xd2\xfc]fC\x8d\x0f\xa6q\x0f\xef\x90\xfe\x94k\xf1\xb8\xfa\xbbb\xb1\x00\x99\xf7\xfd\'\xae\x906\xe0\xaa\xdbtWWH\xa4L\xb5pe,\xdfN\x0f8\t\xe7X_H\xd4\xe3\xb2,oj\xac\xd7\xbd\xd0\xadW\x1f<\xd0s\xa8\x1f(\x00/ \xe4]@\xf7mA\xe8\xd1\xf4:\xb3\xeb\x81\xb9\x018\x1c\x95%o\x05x\x1a\x90\xf4\x03\xe7\xe9\xa9\x00'/649, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x20051, r1, 0xce9e1000)
ioctl$FS_IOC_RESVSP(r1, 0x4030582b, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x10ff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r2}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = open_tree(0xffffffffffffff9c, 0x0, 0x0)
open_tree(r3, &(0x7f0000000000)='./file0\x00', 0x81100)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0xf, 0x0, 0x700, 0x0, [@sadb_key={0x5, 0x9, 0xe0, 0x0, "01d78771b90bd8a3b4914783c50400003d5b9538a9d03e6e9bfdac55"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x2, 0xd}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}]}, 0x78}, 0x1, 0x7}, 0x0)

1m10.677536715s ago: executing program 33 (id=4540):
r0 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = memfd_create(&(0x7f00000004c0)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?&^\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xeb\xf1\xd0\xe3\xe5\x19T\xff\x01\x00\x00\xe2\x9f\xd9\xae\xcf>/\x05V%$6\x9fU\x86\xbe\xcbx\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\x97.A\x84\x1d\xc2\x86\x89{\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8\x83\x87+nM\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x10M\x8b\xd0\xc0\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xdc\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5W\xfb\x82\xac\x19,\\D\x91T\xfd\x9c\xb8\x8b\x88\xa5\xcc\x8fI\x00\xf0\xc9%\n\xa7\xd6\x0f:\xb0\xf5?\xc3\x88\x1e\xbb-\xa6\xecA\x92\xaf\xa4Xl\v\xa5\xca\v|\xe2L\xac\x80\xc7\x15\x96fh\x83\x15\xc7\xea\xd5\xe8\x89W\x11\xd7oC\xe4\x06\xa8[O\xe6\x1d=\x87\x93\x0f\x87I\xdf\xb1\xeb\x89\x11.\x01\x00\r`\x1e8\x94\xb7\xbc\xc3\xad\xf1\x92/(A=A\x8b\xa5\xb0\x89\x9e5\x12\xa4\x9a\va\xdf\xf4\xea\xc6\xc7\x10g\x1d\xd5\xb0\xbb\xd2\xfc]fC\x8d\x0f\xa6q\x0f\xef\x90\xfe\x94k\xf1\xb8\xfa\xbbb\xb1\x00\x99\xf7\xfd\'\xae\x906\xe0\xaa\xdbtWWH\xa4L\xb5pe,\xdfN\x0f8\t\xe7X_H\xd4\xe3\xb2,oj\xac\xd7\xbd\xd0\xadW\x1f<\xd0s\xa8\x1f(\x00/ \xe4]@\xf7mA\xe8\xd1\xf4:\xb3\xeb\x81\xb9\x018\x1c\x95%o\x05x\x1a\x90\xf4\x03\xe7\xe9\xa9\x00'/649, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x20051, r1, 0xce9e1000)
ioctl$FS_IOC_RESVSP(r1, 0x4030582b, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x10ff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r2}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = open_tree(0xffffffffffffff9c, 0x0, 0x0)
open_tree(r3, &(0x7f0000000000)='./file0\x00', 0x81100)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0xf, 0x0, 0x700, 0x0, [@sadb_key={0x5, 0x9, 0xe0, 0x0, "01d78771b90bd8a3b4914783c50400003d5b9538a9d03e6e9bfdac55"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x2, 0xd}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}]}, 0x78}, 0x1, 0x7}, 0x0)

31.76057008s ago: executing program 6 (id=5014):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000980), r2)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x44, r3, 0x101, 0x70bd29, 0x25dfdbfd, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x44}, 0x1, 0x0, 0x0, 0x88800}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
r6 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r6, &(0x7f0000007940)={&(0x7f00000008c0)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a'], 0x30}, 0x40880)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), r0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000170000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000feffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000c80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000200)='kmem_cache_free\x00', r8}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r10}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r11=>0xffffffffffffffff})
syz_usb_connect(0x3, 0x8c6, &(0x7f00000000c0)=ANY=[], 0x0)
close_range(r11, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x66960000)
sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="9e", 0x1a000, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

31.165547309s ago: executing program 6 (id=5025):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$tipc(r3, &(0x7f0000003280)={0x0, 0x0, 0x0}, 0x0)
sendmsg$tipc(r3, &(0x7f0000000e40)={0x0, 0x0, 0x0}, 0x0)
sendmsg$inet(r3, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0x1}], 0x1}, 0x20000000)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000840)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000a80)='kfree\x00', r6}, 0x18)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="020300030c00000000000000000000000100090000000000030006006c0000000200000000000000000000000000800002000100000000000002060b00000000030005000000000002000000000000000000000000000000010018"], 0x60}, 0x1, 0x7}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r8, 0x0, 0x40, &(0x7f0000000900)=@mangle={'mangle\x00', 0x44, 0x6, 0x510, 0x3a8, 0x210, 0x210, 0x0, 0x138, 0x478, 0x478, 0x478, 0x478, 0x478, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x570)
sendmsg$tipc(r3, &(0x7f0000002700)={0x0, 0x0, 0x0}, 0x0)
mount$bpf(0x0, &(0x7f0000000100)='.\x00', &(0x7f00000006c0), 0x400008, &(0x7f0000000880)=ANY=[@ANYBLOB='00000000000003,gid='])
setsockopt$sock_attach_bpf(r2, 0x1, 0x21, &(0x7f00000001c0), 0x4)
sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x0, 0x0, 0xfffffffffffffcd2, 0x0, 0x0, 0x48880}, 0x4010)
r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x80)
ioctl$SNDRV_TIMER_IOCTL_TREAD64(r9, 0x400454a4, &(0x7f0000000080)=0x1)

30.908673093s ago: executing program 6 (id=5031):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f000001000000"], 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000a40)={r2, 0x0, 0x0}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000380)='kfree\x00', r1}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000025940000000c0a01030000000000000000070000080900020073797a31000000000900010073797a30000000006800038064000080080003400000000258000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c0002400000000000000010140001800c0001"], 0x118}}, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000980), r6)
sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="090322bd700005dcdf2501000000180001801400020076657468300000000000000000000000200002801c"], 0x4c}}, 0x24040804)
r8 = socket$packet(0x11, 0x2, 0x300)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r10, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x0, 0x6}]}, 0x10)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r11=>0x0})
sendto$packet(r8, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x8100, r11, 0x1, 0x0, 0x6, @local}, 0x14)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r12)
sendmsg$NFC_CMD_DEV_UP(r12, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x1c, r13, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}}, 0x800)
write$nci(r3, &(0x7f0000000000)=@NCI_OP_RF_DEACTIVATE_NTF={0x1, 0x0, 0x3, 0x6, 0x7, {0x3, 0xea}}, 0x5)
write$nci(r3, 0x0, 0x0)

30.773048025s ago: executing program 6 (id=5033):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
r0 = open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r0, 0x0)
write$bt_hci(r0, &(0x7f00000000c0)={0x1, @change_conn_link_key={{0x415, 0x2}, {0xc8}}}, 0x6)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x8000000000000001}, 0x18)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r2, 0x1)
r3 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r3, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0}, 0x0)
accept4(r2, 0x0, 0x0, 0x400000000000000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
lgetxattr(0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000200)='ext2\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000380)={[{@noacl}, {@acl}, {@data_journal}, {@journal_ioprio}, {@grpjquota_path={'grpjquota', 0x3d, './file2'}}, {@nouser_xattr}]}, 0x1, 0x7b1, &(0x7f0000000f80)="$eJzs3c9rHNcdAPDvrH5ZslupUGjdk6DQCoxXlavaLfTg0kMp1GBoz7XFai1crbRGuzKWENimFHoJJCGHQHLxOT+cW675cU3+ixyCjZPIJg45hA2zOyutrF15FWtXIvp8YDTvzbzRe1+9+fG0M+wEcGxNpj9yEacj4uUkYjxbnkTEUD01GHGxUe7p5kYhnZKo1f75ZVIv82RzoxAt26ROZplfRsRH/4s4k9tdb2VtfXGuVCquZPnp6tKN6cra+tnrS3MLxYXi8vmZ2dlzF/5w4fzBxfr1p+unHr7yt9++e/Hb//7i/ksfJ3ExTmXrWuM4KJMxmf1NhtI/4Q5/PejKDlnSdclTPW0H+5MemgONozxOx3gM1FMdjPazZQBAr9yOiBoAcMwkrv8AcMw0Pwd4srlRaE6H+4lEfz36S0ScaMTfvL/ZWDOY3bM7Ub8POvYk2XFnJImIiQOofzIi3nz/32+nU/ToPiRAO3fuRsTVicnd5/9k1zML+/W7vVbWRuqzyWcWO/9B/3yQjn/+2G78l9sa/0Sb8c9Im2P3h3j+8Z97cADVdJSO//7c8mzb05b4MxMDWe4n9THfUHLteqmYntt+GhFTMTSS5mfqRds/BTX1+LvHnepvHf999ep/3krrT+fbJXIPBkd2bjM/V5170bibHt2N+NVgu/iTrf5POox/L3dZx9//9P83Oq1L40/jbU674++t2r2I37Tt/+2+TPZ8PnG6vjtMN3eKNt777PWxTvVv9/9IfZ7W3/xfoB/S/h/bO/6JpPV5zcr+6/jk3viHnda17v/t42+//w8n/6qnh7Nlt+aq1ZWZiOHkH7uXn9vetplvlk/jn/p1++O/0/6fy56NvbqV29vgwy/eyX5V2/jr7nSKv7fS+Of31f97JGrZNs+suv90caBT/d31/2w9NZUt6eb895yWvsDeDAAAAAAAAAAAAAAAAAAAAAAAAAD7l6u/kTnJ5bfSuVw+33iH989jLFcqV6pnrpVXl+cbb26eiKFc86sux1u+D3Um+z78LF9/dXhLvvj7iPhZRLw2MlrP5wvl0vxhBw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmZM73/9/O53l8411n48cdusAgJ45cdgNAAD6zvUfAI6f/V3/R3vWDgCgf7av/0l3G9S6LAcAHFld//9/tbftAAD6x/1/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuzypUvpVPtmc6OQ5udvrq0ulm+enS9WFvNLq4V8obxyI79QLi+UivlCeanjL7rTmJXK5Ruzsbx6a7parFSnK2vrV5bKq8vVK9eX5haKV4pDfYsMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALpXWVtfnCuViisSeyZGj0YzjkxiMI5EM370ieFDq731LDF6eCcoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCPu+wAAAP//tFkkvQ==")
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'batadv_slave_0\x00', <r7=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000500)=ANY=[@ANYRES16=r7, @ANYRES32=r6, @ANYBLOB="5b6674b3717a0aee795f5d0debc29b7331f18c2c6d5297caba20fb8a7fad7f9bad9e2fe5796d02c20b98", @ANYBLOB="9528caf7b0a5514f5c727c94a8bb566001707d80ea81eca3787e1f39d56eb55ecf024f91d9980d328a3029e15001c82def182dfdbfb2bbf2ef8c448700050070b4fa0bf197e433b4c896043a2d3d010000000000002ca00400022607e1d5209cbd6274bc0f6e73628202afbf793db16294c690d28be19f5b14d3772d55b41b00008418060c528c429e"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
sendmsg$key(r5, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="020300030f000000000700000000000005000900e000000001d78771b90bd8a3b4914783c50400003d5b9538a9d03e6e9bfdac5500000000030006000000000002000000000000000000000000000000020001000000000000d110054500020d000002000000ac14140000000000"], 0x78}, 0x1, 0x7}, 0x0)
setsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f00000002c0), 0x4)
write$binfmt_script(r4, &(0x7f0000000100)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
syz_clone(0x3000, 0x0, 0x0, &(0x7f0000000800), 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
r9 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r9, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './file0\x00'})

30.512437589s ago: executing program 6 (id=5034):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x22004001, 0x0, 0x0)
shutdown(r0, 0x1)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x400000107ffff000, 0x4)
openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140), 0x2, 0x0)
syz_clone(0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r1, 0x0, 0x10000000000ac6}, 0x18)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r2}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021940000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000680003806400dec6080003400000000258000b80200001800a00010071756f7461000000100002800c0001400000000000000000340001800a0001006c696d69740000002400028008000440000000010c00024000000000000000000c0001400000000000000003"], 0x118}}, 0x0)

30.288479982s ago: executing program 6 (id=5041):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x80)
ioctl$SNDRV_TIMER_IOCTL_TREAD64(r0, 0x400454a4, &(0x7f0000000080)=0x1)

30.288004902s ago: executing program 34 (id=5041):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x80)
ioctl$SNDRV_TIMER_IOCTL_TREAD64(r0, 0x400454a4, &(0x7f0000000080)=0x1)

4.814591869s ago: executing program 3 (id=5310):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x10, 0x803, 0x0)
r4 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x54, 0x2c, 0xd27, 0x30bd29, 0x40000002, {0x0, 0x0, 0x0, r5, {0x0, 0x6}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x7}, {0x7, 0xffffffffffffff5c}}}]}]}]}}]}, 0x54}}, 0x0)

4.515287064s ago: executing program 3 (id=5314):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000000000000000000000000000000000097c440", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200000004000085000000860000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
r6 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r7}, &(0x7f0000000180), &(0x7f00000001c0)=r6}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r9 = syz_io_uring_setup(0x235, &(0x7f0000001240)={0x0, 0x10008cc8, 0x10000, 0x2, 0x75}, &(0x7f0000000000)=<r10=>0x0, &(0x7f0000000100)=<r11=>0x0)
r12 = io_uring_register$IORING_REGISTER_PERSONALITY(r9, 0x9, 0x0, 0x0)
syz_io_uring_submit(r10, r11, &(0x7f00000009c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r12}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r8}, 0x10)
r13 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r13, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="d800000010008104687da3aa7143a0b8c81d080b25000000e8fe55a11800150006001400000000120800030043000040a8002b000a00034006000dc3036010fab94dcf5c046109d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88a2ddddbbb219c6c09136dd481c417898516277ce06bbace80177ccbec4c2ee5a7cef4260027836b0d17a58af5d6d93424841f468430dfe1d9d322fe7c0aaa16b8ddc64193071e9f8775730d16a4683f7a5025ccc89e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5", 0xd8}], 0x1}, 0x20000080)

3.313749941s ago: executing program 0 (id=5322):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000980), r2)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x44, r3, 0x101, 0x70bd29, 0x25dfdbfd, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x44}, 0x1, 0x0, 0x0, 0x88800}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
r6 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r6, &(0x7f0000007940)={&(0x7f00000008c0)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a'], 0x30}, 0x40880)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), r0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000170000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000feffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000c80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000200)='kmem_cache_free\x00', r8}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r10}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r11=>0xffffffffffffffff})
syz_usb_connect(0x3, 0x8c6, &(0x7f00000000c0)=ANY=[], 0x0)
close_range(r11, 0xffffffffffffffff, 0x0)
r12 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r12, &(0x7f00000002c0)="9e", 0x1a000, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

3.214191073s ago: executing program 1 (id=5324):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
sendto$inet6(r2, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

3.149524653s ago: executing program 1 (id=5325):
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff0000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x18, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='sched_switch\x00', r0}, 0x18)
futex(&(0x7f000000cffc), 0x0, 0x2, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x80801c, &(0x7f0000000380)={[{@nojournal_checksum}]}, 0x1, 0x503, &(0x7f0000000880)="$eJzs3c9vI1cdAPDvOL+cNG3S0gMgoEspLGi1TuJto6oHWE4IoUqIHkHahsQbRbHjKHZKE/aQ/g9IVOIER/4Azj1x54LgxmU5IPEjAm1W4mA040nWm7U3ZpPYUfz5SKN5b2bs73trzXv21xu/AEbWjYg4iIjJiPgwIuby40m+xd32ll736PDB6tHhg9UkWq0P/plk59Nj0fGY1Ev5cxYj4kffi/hp8mzcxt7+5kq1WtlpV6cXmrXthcbe/u2N2sp6Zb2yVS4vLy0vvnvnnfKF9fWN2mRe+vLDPxx86+dps2bzI539uEjtrk+cxEmNR8QPLiPYEIzl/ZkcdkN4IYWIeC0i3szu/7kYy15NAOA6a7XmojXXWQcArrtClgNLCqU8FzAbhUKp1M7hvR4zhWq90bx1v767tdbOlc3HROH+RrWymOcK52MiSetLWflJvXyqficiXo2IX0xNZ/XSar26Nsw3PgAwwl46Nf//Z6o9/wMA11xx2A0AAAbO/A8Ao8f8DwCjx/wPAKPnyfx/d6jtAAAGx+d/ABg95n8AGCk/fP/9dGsd5b9/vfbR3u5m/aPba5XGZqm2u1pare9sl9br9fXsN3tqZz1ftV7fXno7dj+e//Z2o7nQ2Nu/V6vvbjXvZb/rfa8yMZBeAQDP8+obn/05iYiD96azLTrWcjBXw/VWGHYDgKEZG3YDgKGx2heMrnN8xpcegGuiyxK9TylGxPTpg61Wq3V5TQIu2c0vyP/DqOrI//tfwDBi5P9hdMn/w+hqtZJ+1/yPfi8EAK42OX6gx/f/r+X73+ZfDvxk7fQVn15mqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBqO17/t5SvBT4bhUKpFPFyRMzHRHJ/o1pZjIhXIuJPUxNTaX1pyG0GAM6r8LckX//r5txbs6fPTiaPp7J9RPzsVx/88uOVZnPnj+nxf50cb36aHy8Po/0AwFmO5+ls3/FB/tHhg9XjbZDt+ft3I6LYjn90OBlHJ/HHYzzbF2MiImb+neT1tqQjd3EeB59ExOe79T+J2SwH0l759HT8NPbLA41feCp+ITvX3qf/Fp+7gLbAqPksHX/udrv/CnEj23e//4vZCHV++fiXPtXqUTYGPol/PP6N9Rj/bvQb4+3ff79dmn723CcRXxyPOI591DH+HMdPesR/q8/4f/nSV97sda7164ib0T1+Z6yFZm17obG3f3ujtrJeWa9slcvLS8uL7955p7yQ5agXes8G/3jv1itZocslaf9nesQvntH/r/fZ/9/898Mff7XHuTT+N7/WLX4hXn9O/HRO/Eaf8VdmflfsdS6Nv9aj/2e9/rf6jP/wr/vPLBsOAAxPY29/c6VarewMsnD8RmKgQRX6K0zlL85Vac9ThSvbsM2V6ncGFWsy/q9HtVovFKvXiHERWTfgKji56SPi8bAbAwAAAAAAAAAAAAAAdHWpf6iUtAvD7iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADX1/8CAAD//8jOyzo=")
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x2f00, 0x0, 0x4, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x4, 0x2f, 0x0, @empty, @multicast1}}}})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x6, 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd})
fcntl$lock(r2, 0x26, &(0x7f00000000c0)={0x1, 0x2, 0x9, 0x401})
openat2(r2, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x82, 0x1, 0x12}, 0x18)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0)
ioctl$EVIOCGRAB(r4, 0x40044590, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382)
setuid(0x0)
pwritev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r5, 0x4c00, 0xffffffffffffffff)
sendfile(r5, r5, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r5, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x40000004, 0x0, 0xffffffff, 0x18, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x6, 0x7]})

2.949347596s ago: executing program 5 (id=5327):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = gettid()
sendmsg$unix(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000640)='>', 0x1}], 0x1, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r2, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="1c000000000000000100000402000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=r0, @ANYBLOB="e5ffff6e18"], 0xa0}, 0x4004881)
recvmsg(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x160)

2.948784327s ago: executing program 5 (id=5328):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000140)={[{@noload}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@lazytime}, {@quota}, {@quota}]}, 0x3, 0x443, &(0x7f0000000940)="$eJzs3MtvG0UYAPBv10mgLxJKefQBBMqj4pE0aYEeuIBA4gASEhzKMSRpVeo2qAkSrSoICJUjqsQdcUTiL+BELwg4IXGFAzdUqUK9tHAyWnu3cYztNsbuQv37SevM7I4182V37JmdbAIYWpPZSxKxNSJ+iYjxRnZ9gcnGj6uXz87/efnsfBK12ht/JPVyVy6fnS+KFu/bkmf2pRHpJ0nsblPv8ukzx+eq1cVTeX565cS708unzzx97MTc0cWjiydnDx06eGDmuWdnn+lLnFlcV3Z9sLRn5ytvnX9t/vD5t3/4Oinib4mjTya7HXy0VutzdeXa1pRORkpsCBtSiYjsdI3W+/94VGLt5I3Hyx+X2jhgoGq5DodXa8AtLImyWwCUo/iiz+a/xXbzRh/lu/RCYwKUxX013xpHRiLNy4y2zG/7aTIiDq/+9UW2xWDuQwAArPNtNv55qt34L417msrdka+hTETEnRGxPSLuiogdEXF3RL3svRFx3wbrb10k+ef4J73YU2A3KBv/PZ+vba0f/xWjv5io5Llt9fhHkyPHqov7G8dWs5csP9Oljgsv/fxZp2PN479sy+ovxoJ5Oy6O3Lb+PQtzK3O9xtvq0kcRu0baxZ9cWwlIImJnROzqsY5jT3y1p9Ox68ffRR/WmWpfRjzeOP+r0RJ/Iem+Pjl9e1QX9083XRUtfvzp3Oud6v9X8fdBdv43t73+r8U/kTSv1y5vvI5zv37acU7T6/U/lrxZT4/l+96fW1k5NRMxlrzaaHTz/tm19xb5onwW/7697fv/9lj7TeyOiOwivj8iHoiIB/O2PxQRD0fE3i7xf//iI+/0Hv9gZfEvbOj8ryXGonVP+0Tl+HffrKt0YiPxZ+f/YD21L99T//xLusd1I+3q7WoGAACA/580IrZGkk5dS6fp1FTjb/h3xOa0urS88uSRpfdOLjSeEZiI0bS40zXedD90Jp/WF/nZlvyB/L7x55VN9fzU/FJ1oezgYcht6dD/M79Xym4dMHCe14Lhpf/D8NL/YXjp/zC82vT/TWW0A7j52n3/fxgRFx4roTHATdXS/y37wRAx/4fhpf/D8LqB/v/brfXvqoGIWN4U139IfrCJSpRZu0SPiUj/E82QGFCi7E8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg7AAD//9aZ7PU=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$EXT4_IOC_SETFSUUID(r1, 0x4008662c, 0x0)
r2 = socket(0x10, 0x2, 0x0)
sendto$inet6(r2, &(0x7f00000007c0)="7800000018002507b9199b02ffff48000203be04020406050a02040c5c000900580006050a0000000d0085a168d0bf46d32345653600648d27000b000a00070849935ade4a460c89b6ec0cff3959547f509058ad86c902007a00004a32000407160012000a0000000000e000e21800003b6ed538f6523250", 0x78, 0x2251197285d76a80, 0x0, 0x0)

2.818358829s ago: executing program 5 (id=5329):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, 0x0, 0x4000080)
bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
sendto$inet6(r2, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

2.814684109s ago: executing program 5 (id=5330):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYBLOB="000000000000000000000000000000000097c440", @ANYRES32=0x0, @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200000004000085000000860000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="d800000010008104687da3aa7143a0b8c81d080b25000000e8fe55a11800150006001400000000120800030043000040a8002b000a00034006000dc3036010fab94dcf5c046109d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88a2ddddbbb219c6c09136dd481c417898516277ce06bbace80177ccbec4c2ee5a7cef4260027836b0d17a58af5d6d93424841f468430dfe1d9d322fe7c0aaa16b8ddc64193071e9f8775730d16a4683f7a5025ccc89e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5", 0xd8}], 0x1}, 0x20000080)

2.131138059s ago: executing program 0 (id=5332):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0, 0x0, 0x10000000000ac6}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB], 0x118}}, 0x0)

2.130138359s ago: executing program 1 (id=5333):
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b70300000000002085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x18, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='sched_switch\x00', r0}, 0x18)
futex(&(0x7f000000cffc), 0x0, 0x2, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x80801c, &(0x7f0000000380)={[{@nojournal_checksum}]}, 0x1, 0x503, &(0x7f0000000880)="$eJzs3c9vI1cdAPDvOL+cNG3S0gMgoEspLGi1TuJto6oHWE4IoUqIHkHahsQbRbHjKHZKE/aQ/g9IVOIER/4Azj1x54LgxmU5IPEjAm1W4mA040nWm7U3ZpPYUfz5SKN5b2bs73trzXv21xu/AEbWjYg4iIjJiPgwIuby40m+xd32ll736PDB6tHhg9UkWq0P/plk59Nj0fGY1Ev5cxYj4kffi/hp8mzcxt7+5kq1WtlpV6cXmrXthcbe/u2N2sp6Zb2yVS4vLy0vvnvnnfKF9fWN2mRe+vLDPxx86+dps2bzI539uEjtrk+cxEmNR8QPLiPYEIzl/ZkcdkN4IYWIeC0i3szu/7kYy15NAOA6a7XmojXXWQcArrtClgNLCqU8FzAbhUKp1M7hvR4zhWq90bx1v767tdbOlc3HROH+RrWymOcK52MiSetLWflJvXyqficiXo2IX0xNZ/XSar26Nsw3PgAwwl46Nf//Z6o9/wMA11xx2A0AAAbO/A8Ao8f8DwCjx/wPAKPnyfx/d6jtAAAGx+d/ABg95n8AGCk/fP/9dGsd5b9/vfbR3u5m/aPba5XGZqm2u1pare9sl9br9fXsN3tqZz1ftV7fXno7dj+e//Z2o7nQ2Nu/V6vvbjXvZb/rfa8yMZBeAQDP8+obn/05iYiD96azLTrWcjBXw/VWGHYDgKEZG3YDgKGx2heMrnN8xpcegGuiyxK9TylGxPTpg61Wq3V5TQIu2c0vyP/DqOrI//tfwDBi5P9hdMn/w+hqtZJ+1/yPfi8EAK42OX6gx/f/r+X73+ZfDvxk7fQVn15mqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBqO17/t5SvBT4bhUKpFPFyRMzHRHJ/o1pZjIhXIuJPUxNTaX1pyG0GAM6r8LckX//r5txbs6fPTiaPp7J9RPzsVx/88uOVZnPnj+nxf50cb36aHy8Po/0AwFmO5+ls3/FB/tHhg9XjbZDt+ft3I6LYjn90OBlHJ/HHYzzbF2MiImb+neT1tqQjd3EeB59ExOe79T+J2SwH0l759HT8NPbLA41feCp+ITvX3qf/Fp+7gLbAqPksHX/udrv/CnEj23e//4vZCHV++fiXPtXqUTYGPol/PP6N9Rj/bvQb4+3ff79dmn723CcRXxyPOI591DH+HMdPesR/q8/4f/nSV97sda7164ib0T1+Z6yFZm17obG3f3ujtrJeWa9slcvLS8uL7955p7yQ5agXes8G/3jv1itZocslaf9nesQvntH/r/fZ/9/898Mff7XHuTT+N7/WLX4hXn9O/HRO/Eaf8VdmflfsdS6Nv9aj/2e9/rf6jP/wr/vPLBsOAAxPY29/c6VarewMsnD8RmKgQRX6K0zlL85Vac9ThSvbsM2V6ncGFWsy/q9HtVovFKvXiHERWTfgKji56SPi8bAbAwAAAAAAAAAAAAAAdHWpf6iUtAvD7iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADX1/8CAAD//8jOyzo=")
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x2f00, 0x0, 0x4, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x4, 0x2f, 0x0, @empty, @multicast1}}}})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
openat2(r2, 0x0, &(0x7f00000003c0)={0x82, 0x1, 0x12}, 0x18)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0)
ioctl$EVIOCGRAB(r4, 0x40044590, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382)
r6 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x1)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, <r8=>0x0}, &(0x7f0000000280)=0x5)
setuid(r8)
pwritev(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r5, 0x4c00, r6)
sendfile(r5, r5, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r5, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x40000004, 0x0, 0xffffffff, 0x18, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x6, 0x7]})

2.129449159s ago: executing program 3 (id=5334):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0xd146, 0x0, 0xc, 0x288}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='0'], 0x30}})
io_uring_enter(r1, 0x3516, 0x0, 0x4, 0x0, 0x0)

1.926317482s ago: executing program 0 (id=5335):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f000001000000"], 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000a40)={r2, 0x0, 0x0}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000380)='kfree\x00', r1}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000025940000000c0a01030000000000000000070000080900020073797a31000000000900010073797a30000000006800038064000080080003400000000258000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c0002400000000000000010140001800c0001"], 0x118}}, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000980), r6)
sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="090322bd700005dcdf2501000000180001801400020076657468300000000000000000000000200002801c"], 0x4c}}, 0x24040804)
r8 = socket$packet(0x11, 0x2, 0x300)
r9 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x0, 0x6}]}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r10=>0x0})
sendto$packet(r8, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x8100, r10, 0x1, 0x0, 0x6, @local}, 0x14)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000700)=<r11=>0x0)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r12)
sendmsg$NFC_CMD_DEV_UP(r12, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x1c, r13, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r11}]}, 0x1c}}, 0x800)
write$nci(r3, &(0x7f0000000000)=@NCI_OP_RF_DEACTIVATE_NTF={0x1, 0x0, 0x3, 0x6, 0x7, {0x3, 0xea}}, 0x5)
write$nci(r3, 0x0, 0x0)

1.901194452s ago: executing program 7 (id=5336):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
sendto$inet6(r2, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

1.812613613s ago: executing program 3 (id=5337):
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0, 0x0, 0xb}, 0x18)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sched_getparam(0x0, &(0x7f0000000040))
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_GET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000000614010029bd7000ffdbdf250800", @ANYRES32=r3], 0x40}}, 0x0)
listen(r2, 0x6)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000007400)={&(0x7f0000007380)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000073c0)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x801)
write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="280000006a006bb20000000000000000000000000000010008000500", @ANYRES32=0x0, @ANYBLOB='\b\x00\n'], 0x28}}, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000007300))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r7 = accept(r1, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000004080)={{r8}, &(0x7f0000004000), &(0x7f0000004040)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', r9, 0x0, 0x8000000000000}, 0x18)

1.801704763s ago: executing program 7 (id=5338):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
sendfile(r2, r2, 0x0, 0x800000009)

1.628512176s ago: executing program 7 (id=5339):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000980), r1)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x44, r2, 0x101, 0x70bd29, 0x25dfdbfd, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x44}, 0x1, 0x0, 0x0, 0x88800}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
r5 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r5, &(0x7f0000007940)={&(0x7f00000008c0)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a'], 0x30}, 0x40880)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x66960000)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r8, &(0x7f00000002c0)="9e", 0x1a000, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

1.223559802s ago: executing program 1 (id=5340):
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000700)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70400000861d52e5ecbe0f273f49a71979251cb58a18dcc904ad494129a1d92d4", @ANYRESDEC=r0, @ANYRESDEC=r0, @ANYRESDEC=r0, @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000202070250000000000000000bfa1000000032326a0010000f8ffffffb702000001000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='comm\x00')
set_mempolicy(0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='sched_switch\x00'}, 0x18)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(0x0, 0x1, 0x800001, 0x0, 0x0, 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext3\x00', &(0x7f0000000140)='./file1\x00', 0x80801c, &(0x7f0000000580), 0x1, 0x511, &(0x7f0000001080)="$eJzs3c9vG1kdAPDvOL+cbHaTXfYACNiyLBRU1Unc3Wi1BygnhNBKiD2C1A2JG0Wx4yh2ShMqkf4PSFTiBEf+AM49ceeC4MalHJD4EYGaShyMZjxJndRuQvPDIf58pNG8NzPx971Yfs/zTewXwMC6FhE7ETEaEZ9GxFR+PMm3uN3e0uue7j5Y3Nt9sJhEq/XJP5LsfHosOn4m9Vr+mMWI+MF3In6cvBi3sbW9ulCtVjba1fGZZm19prG1fXOltrBcWa6slcvzc/OzH976oHxmfX2nNpqXvvjk9zvf+GnarMn8SGc/zlK76yMHcVLDEfG98wjWB0N5f0b73RBeSSEi3oqId7PX/1QMZc8mAHCVtVpT0ZrqrAMAV10hy4ElhVKeC5iMQqFUaufw3o6JQrXeaN64W99cW2rnyqZjpHB3pVqZzXOF0zGSpPW5rPy8Xj5SvxURb0bEz8fGs3ppsV5d6ucbHwAYYK8dmf//Pdae/wGAK67Y7wYAABfuRPO///AEgCvF/T8ADB7zPwAMnufz/+2+tgMAuDju/wFg8Jj/AWCgfP/jj9OttZd///XSva3N1fq9m0uVxmqptrlYWqxvrJeW6/Xl7Dt7asc9XrVeX597PzbvT39zvdGcaWxt36nVN9ead7Lv9b5TGbmQXgEAL/PmO4//lETEzkfj2RYdn/QzV8PVVuh3A4C+Gep3A4C+sdoXDK5T3ONLD8AV0WWJ3kOKETF+9GCr1WqdX5OAc3b9c/L/MKg68v/+CxgGjPw/DC75fxhcrVZy0jX/46QXAgCXmxw/0OPv/2/l+9/kfxz40dLRKx6dZ6sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgcttf/7eUrwU+GYVCqRTxekRMx0hyd6VamY2INyLij2MjY2l9rs9tBgBOq/DXJF//6/rUe5NHz44mz8ayfUT85Jef/OL+QrO58Yf0+D8Pjjcf5cfL/Wg/AHCc/Xk623fcyD/dfbC4v11ke/727YgotuPv7Y7G3kH84RjO9sUYiYiJfyV5vS3pyF2cxs7DiPhst/4nMZnlQNornx6Nn8Z+/ULjFw7FL2Tn2vv0d/GZM2gLDJrH6fhzu9vrrxDXsn33138xG6FOLx//0oda3MvGwOfx98e/oR7j37WTxnj/d99tl8ZfPPcw4vPDEfux9zrGn/34SY/47/WM+LNDtT9/4Uvv9rqy9auI69E9fmesmWZtfaaxtX1zpbawXFmurJXL83Pzsx/e+qA8k+WoZ3rPBn//6MYbWaHLJWn/J3rELx7T/6/2jHjYr//z6Q+/3ONcGv/rX+kWvxBvvyR+Oid+7YTxFyZ+W+x1Lo2/1KP/xz3/N04Y/8lftl9YNhwA6J/G1vbqQrVa2bjIwv4bifOOlb6D60sH/58LY/mTc1nac6hwaRu2ulD91kXFGo3/6adarVeK1WvEOIusG3AZHLzoI+JZvxsDAAAAAAAAAAAAAAB0da4fVErahX73EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKvrvwEAAP//sq3KGA==")
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x2f00, 0x0, 0x4, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x4, 0x2f, 0x0, @empty, @multicast1}}}})
move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000004c0), 0x208e24b)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syz_clone3(&(0x7f0000000600)={0x40000080, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280), {0x7}, &(0x7f0000000340)=""/74, 0x4a, &(0x7f00000003c0)=""/181, &(0x7f00000005c0)=[0x0, 0x0, 0x0], 0x3, {r0}}, 0x58)
ioprio_set$pid(0x1, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00')
pread64(r3, 0x0, 0x0, 0x6f)
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil)
socket(0x2, 0x80805, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r2, 0x0)
getrandom(&(0x7f0000000040)=""/133, 0xfffffffffffffdde, 0x2)

1.029757335s ago: executing program 0 (id=5341):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f00000100000012"], 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000a40)={r2, 0x0, 0x0}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000380)='kfree\x00', r1}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000025940000000c0a01030000000000000000070000080900020073797a31000000000900010073797a30000000006800038064000080080003400000000258000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c00024000"], 0x118}}, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000980), r6)
sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="090322bd700005dcdf2501000000180001801400020076657468300000000000000000000000200002801c"], 0x4c}}, 0x24040804)
r8 = socket$packet(0x11, 0x2, 0x300)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r10, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x0, 0x6}]}, 0x10)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r11=>0x0})
sendto$packet(r8, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x8100, r11, 0x1, 0x0, 0x6, @local}, 0x14)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000700)=<r12=>0x0)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r13)
sendmsg$NFC_CMD_DEV_UP(r13, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x1c, r14, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r12}]}, 0x1c}}, 0x800)
write$nci(r3, &(0x7f0000000000)=@NCI_OP_RF_DEACTIVATE_NTF={0x1, 0x0, 0x3, 0x6, 0x7, {0x3, 0xea}}, 0x5)
write$nci(r3, 0x0, 0x0)

1.028710675s ago: executing program 7 (id=5342):
prlimit64(0x0, 0xe, 0x0, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="d800000010008104687da3aa7143a0b8c81d080b25000000e8fe55a11800150006001400000000120800030043000040a8002b000a00034006000dc3036010fab94dcf5c046109d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88a2ddddbbb219c6c09136dd481c417898516277ce06bbace80177ccbec4c2ee5a7cef4260027836b0d17a58af5d6d93424841f468430dfe1d9d322fe7c0aaa16b8ddc64193071e9f8775730d16a4683f7a5025ccc89e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5", 0xd8}], 0x1}, 0x20000080)

903.498447ms ago: executing program 3 (id=5343):
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="2000000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

701.62626ms ago: executing program 3 (id=5344):
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff0000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x18, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='sched_switch\x00', r0}, 0x18)
futex(&(0x7f000000cffc), 0x0, 0x2, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x80801c, &(0x7f0000000380)={[{@nojournal_checksum}]}, 0x1, 0x503, &(0x7f0000000880)="$eJzs3c9vI1cdAPDvOL+cNG3S0gMgoEspLGi1TuJto6oHWE4IoUqIHkHahsQbRbHjKHZKE/aQ/g9IVOIER/4Azj1x54LgxmU5IPEjAm1W4mA040nWm7U3ZpPYUfz5SKN5b2bs73trzXv21xu/AEbWjYg4iIjJiPgwIuby40m+xd32ll736PDB6tHhg9UkWq0P/plk59Nj0fGY1Ev5cxYj4kffi/hp8mzcxt7+5kq1WtlpV6cXmrXthcbe/u2N2sp6Zb2yVS4vLy0vvnvnnfKF9fWN2mRe+vLDPxx86+dps2bzI539uEjtrk+cxEmNR8QPLiPYEIzl/ZkcdkN4IYWIeC0i3szu/7kYy15NAOA6a7XmojXXWQcArrtClgNLCqU8FzAbhUKp1M7hvR4zhWq90bx1v767tdbOlc3HROH+RrWymOcK52MiSetLWflJvXyqficiXo2IX0xNZ/XSar26Nsw3PgAwwl46Nf//Z6o9/wMA11xx2A0AAAbO/A8Ao8f8DwCjx/wPAKPnyfx/d6jtAAAGx+d/ABg95n8AGCk/fP/9dGsd5b9/vfbR3u5m/aPba5XGZqm2u1pare9sl9br9fXsN3tqZz1ftV7fXno7dj+e//Z2o7nQ2Nu/V6vvbjXvZb/rfa8yMZBeAQDP8+obn/05iYiD96azLTrWcjBXw/VWGHYDgKEZG3YDgKGx2heMrnN8xpcegGuiyxK9TylGxPTpg61Wq3V5TQIu2c0vyP/DqOrI//tfwDBi5P9hdMn/w+hqtZJ+1/yPfi8EAK42OX6gx/f/r+X73+ZfDvxk7fQVn15mqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBqO17/t5SvBT4bhUKpFPFyRMzHRHJ/o1pZjIhXIuJPUxNTaX1pyG0GAM6r8LckX//r5txbs6fPTiaPp7J9RPzsVx/88uOVZnPnj+nxf50cb36aHy8Po/0AwFmO5+ls3/FB/tHhg9XjbZDt+ft3I6LYjn90OBlHJ/HHYzzbF2MiImb+neT1tqQjd3EeB59ExOe79T+J2SwH0l759HT8NPbLA41feCp+ITvX3qf/Fp+7gLbAqPksHX/udrv/CnEj23e//4vZCHV++fiXPtXqUTYGPol/PP6N9Rj/bvQb4+3ff79dmn723CcRXxyPOI591DH+HMdPesR/q8/4f/nSV97sda7164ib0T1+Z6yFZm17obG3f3ujtrJeWa9slcvLS8uL7955p7yQ5agXes8G/3jv1itZocslaf9nesQvntH/r/fZ/9/898Mff7XHuTT+N7/WLX4hXn9O/HRO/Eaf8VdmflfsdS6Nv9aj/2e9/rf6jP/wr/vPLBsOAAxPY29/c6VarewMsnD8RmKgQRX6K0zlL85Vac9ThSvbsM2V6ncGFWsy/q9HtVovFKvXiHERWTfgKji56SPi8bAbAwAAAAAAAAAAAAAAdHWpf6iUtAvD7iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADX1/8CAAD//8jOyzo=")
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x2f00, 0x0, 0x4, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x4, 0x2f, 0x0, @empty, @multicast1}}}})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x6, 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd})
fcntl$lock(r2, 0x26, &(0x7f00000000c0)={0x1, 0x2, 0x9, 0x401})
openat2(r2, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x82, 0x1, 0x12}, 0x18)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0)
ioctl$EVIOCGRAB(r4, 0x40044590, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382)
setuid(0x0)
pwritev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r5, 0x4c00, 0xffffffffffffffff)
sendfile(r5, r5, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r5, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x40000004, 0x0, 0xffffffff, 0x18, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x6, 0x7]})

470.243174ms ago: executing program 7 (id=5345):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000980), r2)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x44, r3, 0x101, 0x70bd29, 0x25dfdbfd, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x44}, 0x1, 0x0, 0x0, 0x88800}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
r6 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r6, &(0x7f0000007940)={&(0x7f00000008c0)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a'], 0x30}, 0x40880)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), r0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000170000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000feffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000c80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x66960000)
r10 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r10, &(0x7f00000002c0)="9e", 0x1a000, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

254.782717ms ago: executing program 1 (id=5346):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
close(r0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_elf32(r2, &(0x7f0000001240)={{0x7f, 0x45, 0x4c, 0x46, 0x4, 0x7, 0x0, 0x3, 0x7, 0x2, 0x3, 0x3, 0x309, 0x38, 0xfffffffc, 0xe, 0x0, 0x20, 0x1, 0x5}, [{0x3, 0x8, 0xf3, 0x2, 0x4, 0x200004, 0xc, 0x404}]}, 0x58)
close(r2)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000002880)=ANY=[@ANYBLOB="b4000000000b00007910000000000000db100003e10000009500740000000000079c69dc7ded5dbe11b62ac5ea9fca11027d19e93adb605feb92de3145e8ed7ac5b8902070213cdfdc646c4890cdeb50347c32060581172b94c6dd22a2b589b6cbad46ed6ef79f7468f5e603950c4f67581c92ef8a7e000017d5f1110ed29d3b2aaf153bcf69bebf18262352ba68d39942c3b567e06411d8879622f74cc431dabd332c4c4702e4c3d41bfb54b574e8947309c7503c3e8ea23e12e064f442e8cbeab77cdf1ebd8465593c0000000000000000000000000000006f429b14459ffd88bee4b9d894ddad0980af53a1feb155f1010400bfb5b81b73035fd5a76985d4710fb6fbfb2a933a09dd6317e77ca962327022fb34017197ff712a35c63cdd0dec053fdbc310f29c6b8be788b559a80135bb7369351b952ade2339eddde60eb16301b0f4640be5852e1cef861b861b7b19ea03dfc83f729d02e9e73db24dd5dfb09d4b1bbbd5dd5daa4615b0845f264f229f9806862e116612ade616b1769e97549d095b0a4d02801406491d77a65fe74f8aa67391e8cb3c000020000000000083b92cdfc143ceba1c18cab05100ecc4"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f00000001c0)=@urb_type_bulk={0x3, {0xf}, 0x39f, 0x2, &(0x7f0000000080)="e32794dac96d757306768fc92238a310034a9c0b67206b6bb34e2eb89b7a9f7ec73477129718737b0dd138cc5262c909353f58411f855e9bb76767927d8e6c0d233ee1d778d2885b234c577170de83bb6ebf03b5c32c82eb47e5cd4fa0f467624142ca27e4200ae0894270a4237616c470f782dbde58f5fad0c89ecb7111d4a62dd3cd3e2b9354c786ed57e596fda97730889e6698f6426a0b07bc6891d4114b77", 0xa1, 0x91, 0x2, 0x6, 0xff, 0x3, &(0x7f0000000140)="049fa2338c7a4d92d75a296e857539c75d23d5cfea0d9c6e4a4c387486559bd7fc1e1a946ced1754d81d4b05b0e68ef21d1f6218ef14188d8539ba25d58e6afebc2066f29a4b104ebe1b3f0f9c13fd4e006110211c13074071182371"})
sched_setscheduler(r1, 0x6, &(0x7f0000000000)=0x3)

220.849137ms ago: executing program 1 (id=5347):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f000001000000"], 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000a40)={r2, 0x0, 0x0}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000380)='kfree\x00', r1}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000025940000000c0a01030000000000000000070000080900020073797a31000000000900010073797a30000000006800038064000080080003400000000258000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c0002400000000000000010140001800c0001"], 0x118}}, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000980), r6)
sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="090322bd700005dcdf2501000000180001801400020076657468300000000000000000000000200002801c"], 0x4c}}, 0x24040804)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x0, 0x6}]}, 0x10)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r10=>0x0})
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x8100, r10, 0x1, 0x0, 0x6, @local}, 0x14)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000700)=<r11=>0x0)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r12)
sendmsg$NFC_CMD_DEV_UP(r12, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x1c, r13, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r11}]}, 0x1c}}, 0x800)
write$nci(r3, &(0x7f0000000000)=@NCI_OP_RF_DEACTIVATE_NTF={0x1, 0x0, 0x3, 0x6, 0x7, {0x3, 0xea}}, 0x5)
write$nci(r3, 0x0, 0x0)

140.812718ms ago: executing program 0 (id=5348):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x108, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x80, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c00020007009300000000000c0001"], 0x30}, 0x1, 0x0, 0x0, 0x8080}, 0x4080)

139.215998ms ago: executing program 7 (id=5349):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x6, 0x8ca9}, 0x4c58, 0x10000, 0x0, 0x1, 0x8000000000000001, 0x20002, 0x9, 0x0, 0x20000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = eventfd2(0x6, 0x80800)
write$eventfd(r0, &(0x7f0000000340), 0x8)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000040)={0x2, 0xa000, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
setsockopt$inet_int(r1, 0x0, 0x1, &(0x7f00000009c0)=0x1234, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
writev(r2, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
io_setup(0x6, &(0x7f0000000000))
io_setup(0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='objagg_obj_put\x00'}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x60}, {0x16}]})
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10)
socket(0x1e, 0x4, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x24, r5, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0x0)

84.877729ms ago: executing program 0 (id=5350):
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000018c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"})
r3 = syz_open_pts(r2, 0x0)
dup3(r3, r2, 0x0)
ppoll(&(0x7f0000000140)=[{r2}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x3)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000180)={0x38000, 0x8, 0x0, 0x2, 0x5, "aa32b73986bbee6bd231334cbfa0b758261a93"})
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000001900)=<r4=>0x0)
prlimit64(r4, 0x8, 0x0, &(0x7f0000001940))
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$VT_RESIZE(r6, 0x5609, &(0x7f0000000180)={0x65f5, 0x1, 0xff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0, <r7=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f00000001c0)=r5}, 0x20)
r8 = syz_open_dev$vcsn(&(0x7f0000001700), 0x5, 0x2000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000280)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, @map_val={0x18, 0xa, 0x2, 0x0, r1}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x2}, @tail_call={{0x18, 0x2, 0x1, 0x0, r7}}], &(0x7f00000014c0)='GPL\x00', 0x839, 0xfd, &(0x7f0000001600)=""/253, 0x40f00, 0x4c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000001500)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000001540)={0x2, 0x3, 0xfffffff6, 0xa3}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000001740)=[r8, r0, r0, r1, r1, r1, r5], &(0x7f0000001780)=[{0x3, 0x3, 0x4, 0x6}, {0x4, 0x4, 0xd, 0x9}, {0x0, 0x2, 0x4, 0x4}, {0x2, 0x1, 0x6, 0x2}, {0x1, 0x4, 0x4, 0xe}, {0x2, 0x2, 0x2, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r9}, 0x10)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(r10, 0x0, 0x61, &(0x7f0000001980)=ANY=[@ANYBLOB="62696c74657200000000000000000000000000000000000000000000000000000f0000e5707641f34a211bb2590d2aba65dfc300cf8c1a247e"], 0x0)
bind$inet(r10, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r10, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r10, &(0x7f0000007fc0), 0x800001d, 0x0)

24.33618ms ago: executing program 5 (id=5351):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x22004001, 0x0, 0x0)
shutdown(r0, 0x1)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x400000107ffff000, 0x4)
openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140), 0x2, 0x0)
syz_clone(0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r1, 0x0, 0x10000000000ac6}, 0x18)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ff"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r2}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021940000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000680003806400dec6080003400000000258000b80200001800a00010071756f7461000000100002800c0001400000000000000000340001800a0001006c696d69740000002400028008000440000000010c00024000000000000000000c0001400000000000000003"], 0x118}}, 0x0)

0s ago: executing program 5 (id=5352):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c00020007009300000000000c0001"], 0x30}, 0x1, 0x0, 0x0, 0x8080}, 0x4080)

kernel console output (not intermixed with test programs):

esystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  410.841073][T16647] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  410.872229][T16647] EXT4-fs error (device loop6): ext4_free_blocks:6587: comm syz.6.4563: Freeing blocks not in datazone - block = 0, count = 16
[  410.900010][T16671] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4573'.
[  410.956173][T16546] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  410.967589][T16675] ALSA: seq fatal error: cannot create timer (-19)
[  411.008326][T16683] vhci_hcd: invalid port number 65
[  411.013535][T16683] vhci_hcd: SetHubDepth req not supported for USB 2.0 roothub
[  411.382474][T16692] SELinux:  policydb magic number 0x2674838c does not match expected magic number 0xf97cff8c
[  411.422031][T16692] SELinux: failed to load policy
[  411.513081][T16692] SELinux: ebitmap: truncated map
[  411.547478][T16692] SELinux: failed to load policy
[  411.646608][T16702] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4583'.
[  411.744340][T16706] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4585'.
[  411.835515][T16714] ALSA: seq fatal error: cannot create timer (-19)
[  411.890412][T16723] FAULT_INJECTION: forcing a failure.
[  411.890412][T16723] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  411.903612][T16723] CPU: 1 UID: 0 PID: 16723 Comm: syz.0.4592 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  411.903649][T16723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  411.903723][T16723] Call Trace:
[  411.903732][T16723]  <TASK>
[  411.903743][T16723]  __dump_stack+0x1d/0x30
[  411.903771][T16723]  dump_stack_lvl+0xe8/0x140
[  411.903797][T16723]  dump_stack+0x15/0x1b
[  411.903814][T16723]  should_fail_ex+0x265/0x280
[  411.903850][T16723]  should_fail+0xb/0x20
[  411.903916][T16723]  should_fail_usercopy+0x1a/0x20
[  411.903959][T16723]  _copy_from_user+0x1c/0xb0
[  411.903987][T16723]  do_ip6t_set_ctl+0x3a9/0x840
[  411.904082][T16723]  nf_setsockopt+0x196/0x1b0
[  411.904105][T16723]  ipv6_setsockopt+0x11a/0x130
[  411.904206][T16723]  udpv6_setsockopt+0x99/0xb0
[  411.904231][T16723]  sock_common_setsockopt+0x66/0x80
[  411.904263][T16723]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  411.904314][T16723]  __sys_setsockopt+0x181/0x200
[  411.904357][T16723]  __x64_sys_setsockopt+0x64/0x80
[  411.904396][T16723]  x64_sys_call+0x2bd5/0x2fb0
[  411.904454][T16723]  do_syscall_64+0xd2/0x200
[  411.904475][T16723]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  411.904504][T16723]  ? clear_bhb_loop+0x40/0x90
[  411.904542][T16723]  ? clear_bhb_loop+0x40/0x90
[  411.904571][T16723]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.904654][T16723] RIP: 0033:0x7f4e3660e929
[  411.904669][T16723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  411.904734][T16723] RSP: 002b:00007f4e34c77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  411.904759][T16723] RAX: ffffffffffffffda RBX: 00007f4e36835fa0 RCX: 00007f4e3660e929
[  411.904775][T16723] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000007
[  411.904791][T16723] RBP: 00007f4e34c77090 R08: 0000000000000590 R09: 0000000000000000
[  411.904807][T16723] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  411.904882][T16723] R13: 0000000000000000 R14: 00007f4e36835fa0 R15: 00007fff3e99e548
[  411.904901][T16723]  </TASK>
[  412.294591][T16742] __vm_enough_memory: pid: 16742, comm: syz.6.4599, bytes: 21195373707264 not enough memory for the allocation
[  412.368686][T16742] loop6: detected capacity change from 0 to 512
[  412.386195][T16742] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  412.399787][T16742] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c0a8, mo2=0002]
[  412.412730][T16742] System zones: 1-12
[  412.420928][T16742] EXT4-fs error (device loop6): ext4_xattr_inode_iget:437: inode #11: comm syz.6.4599: missing EA_INODE flag
[  412.437181][T16742] EXT4-fs (loop6): Remounting filesystem read-only
[  412.445494][T16750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4601'.
[  412.446466][T16742] EXT4-fs (loop6): 1 orphan inode deleted
[  412.454582][T16750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4601'.
[  412.479686][T16742] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  412.528311][T16546] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  412.541175][T16756] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4603'.
[  412.568593][T16758] FAULT_INJECTION: forcing a failure.
[  412.568593][T16758] name failslab, interval 1, probability 0, space 0, times 0
[  412.583009][T16758] CPU: 1 UID: 0 PID: 16758 Comm: syz.6.4604 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  412.583037][T16758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  412.583097][T16758] Call Trace:
[  412.583107][T16758]  <TASK>
[  412.583123][T16758]  __dump_stack+0x1d/0x30
[  412.583149][T16758]  dump_stack_lvl+0xe8/0x140
[  412.583170][T16758]  dump_stack+0x15/0x1b
[  412.583188][T16758]  should_fail_ex+0x265/0x280
[  412.583271][T16758]  should_failslab+0x8c/0xb0
[  412.583368][T16758]  kmem_cache_alloc_node_noprof+0x57/0x320
[  412.583400][T16758]  ? __alloc_skb+0x101/0x320
[  412.583431][T16758]  __alloc_skb+0x101/0x320
[  412.583462][T16758]  netlink_alloc_large_skb+0xba/0xf0
[  412.583572][T16758]  netlink_sendmsg+0x3cf/0x6b0
[  412.583595][T16758]  ? __pfx_netlink_sendmsg+0x10/0x10
[  412.583667][T16758]  __sock_sendmsg+0x142/0x180
[  412.583693][T16758]  ____sys_sendmsg+0x31e/0x4e0
[  412.583836][T16758]  ___sys_sendmsg+0x17b/0x1d0
[  412.583884][T16758]  __x64_sys_sendmsg+0xd4/0x160
[  412.583923][T16758]  x64_sys_call+0x2999/0x2fb0
[  412.583951][T16758]  do_syscall_64+0xd2/0x200
[  412.583972][T16758]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  412.584000][T16758]  ? clear_bhb_loop+0x40/0x90
[  412.584034][T16758]  ? clear_bhb_loop+0x40/0x90
[  412.584057][T16758]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.584154][T16758] RIP: 0033:0x7f9350bce929
[  412.584171][T16758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  412.584191][T16758] RSP: 002b:00007f934f237038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  412.584212][T16758] RAX: ffffffffffffffda RBX: 00007f9350df5fa0 RCX: 00007f9350bce929
[  412.584233][T16758] RDX: 0000000000044804 RSI: 0000200000000880 RDI: 0000000000000003
[  412.584246][T16758] RBP: 00007f934f237090 R08: 0000000000000000 R09: 0000000000000000
[  412.584259][T16758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  412.584272][T16758] R13: 0000000000000000 R14: 00007f9350df5fa0 R15: 00007ffe7893f248
[  412.584291][T16758]  </TASK>
[  412.913447][T16764] loop6: detected capacity change from 0 to 512
[  412.935133][T16764] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  412.969844][T16764] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  413.010470][T16546] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  413.187581][T16788] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4616'.
[  413.231692][T16790] --map-set only usable from mangle table
[  413.267193][T16794] loop6: detected capacity change from 0 to 512
[  413.284438][T16794] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  413.300606][T16794] ext4 filesystem being mounted at /16/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  413.329028][T16546] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  413.352071][T16803] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4623'.
[  413.427387][T16817] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4628'.
[  413.448440][T16809] syzkaller1: entered promiscuous mode
[  413.454187][T16809] syzkaller1: entered allmulticast mode
[  413.574525][T16821] loop6: detected capacity change from 0 to 512
[  414.176023][T16831] netlink: 'syz.3.4632': attribute type 3 has an invalid length.
[  414.504469][T16861] __vm_enough_memory: pid: 16861, comm: syz.3.4644, bytes: 21196127236096 not enough memory for the allocation
[  414.587463][T16864] netlink: 'syz.0.4641': attribute type 3 has an invalid length.
[  414.604498][T16864] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  414.705692][   T29] kauditd_printk_skb: 1134 callbacks suppressed
[  414.705707][   T29] audit: type=1326 audit(1750740688.848:22501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16828 comm="syz.1.4631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7febc5e158e7 code=0x7ffc0000
[  414.739348][   T29] audit: type=1326 audit(1750740688.848:22502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16828 comm="syz.1.4631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7febc5dbab19 code=0x7ffc0000
[  414.765547][   T29] audit: type=1326 audit(1750740688.848:22503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16828 comm="syz.1.4631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  414.789714][   T29] audit: type=1326 audit(1750740688.848:22504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16828 comm="syz.1.4631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7febc5e158e7 code=0x7ffc0000
[  414.814789][   T29] audit: type=1326 audit(1750740688.848:22505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16828 comm="syz.1.4631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7febc5dbab19 code=0x7ffc0000
[  414.838745][   T29] audit: type=1326 audit(1750740688.848:22506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16828 comm="syz.1.4631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  414.862847][   T29] audit: type=1326 audit(1750740688.888:22507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16828 comm="syz.1.4631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7febc5e158e7 code=0x7ffc0000
[  414.894840][   T29] audit: type=1326 audit(1750740688.888:22508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16828 comm="syz.1.4631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7febc5dbab19 code=0x7ffc0000
[  414.919450][   T29] audit: type=1326 audit(1750740688.888:22509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16828 comm="syz.1.4631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  414.945231][   T29] audit: type=1326 audit(1750740688.898:22510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16828 comm="syz.1.4631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7febc5e158e7 code=0x7ffc0000
[  416.059701][T16897] __nla_validate_parse: 2 callbacks suppressed
[  416.059717][T16897] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4658'.
[  416.153027][T16891] netlink: 'syz.1.4655': attribute type 3 has an invalid length.
[  416.161009][T16891] netlink: 152 bytes leftover after parsing attributes in process `syz.1.4655'.
[  416.186418][T16891] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  416.188162][T16904] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4661'.
[  416.448064][T16912] bridge_slave_0: left allmulticast mode
[  416.453983][T16912] bridge0: port 1(bridge_slave_0) entered disabled state
[  416.520544][T16922] loop5: detected capacity change from 0 to 512
[  416.649561][T16922] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  416.666635][T16922] ext4 filesystem being mounted at /372/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  416.811163][T16933] netlink: 'syz.1.4668': attribute type 3 has an invalid length.
[  416.820324][T16933] netlink: 152 bytes leftover after parsing attributes in process `syz.1.4668'.
[  416.838712][T16933] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  417.642117][T16932] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4671'.
[  417.654881][T11537] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  418.118061][T16935] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[  418.651709][T16937] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4673'.
[  419.302945][T16942] 9pnet_fd: Insufficient options for proto=fd
[  419.537252][T16961] SELinux:  Context system_u:object_r:hald_sonypic_exec_t:s0 is not valid (left unmapped).
[  419.654273][T16947] netlink: 'syz.5.4676': attribute type 3 has an invalid length.
[  419.663322][T16947] netlink: 152 bytes leftover after parsing attributes in process `syz.5.4676'.
[  419.719307][   T29] kauditd_printk_skb: 114 callbacks suppressed
[  419.719322][   T29] audit: type=1326 audit(1750740693.988:22625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16968 comm="syz.0.4687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e3660e929 code=0x7ffc0000
[  419.782723][T16947] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  419.812911][   T29] audit: type=1326 audit(1750740694.018:22626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16968 comm="syz.0.4687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e3660e929 code=0x7ffc0000
[  419.842093][   T29] audit: type=1326 audit(1750740694.018:22627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16968 comm="syz.0.4687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4e3660e929 code=0x7ffc0000
[  419.871842][   T29] audit: type=1326 audit(1750740694.018:22628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16968 comm="syz.0.4687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e3660e929 code=0x7ffc0000
[  419.898612][   T29] audit: type=1326 audit(1750740694.018:22629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16968 comm="syz.0.4687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4e3660e929 code=0x7ffc0000
[  419.925656][   T29] audit: type=1326 audit(1750740694.018:22630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16968 comm="syz.0.4687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e3660e929 code=0x7ffc0000
[  419.955268][T16971] vhci_hcd: invalid port number 65
[  419.955864][   T29] audit: type=1326 audit(1750740694.018:22631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16968 comm="syz.0.4687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4e3660e929 code=0x7ffc0000
[  419.962298][T16971] vhci_hcd: SetHubDepth req not supported for USB 2.0 roothub
[  419.992930][   T29] audit: type=1326 audit(1750740694.018:22632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16968 comm="syz.0.4687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e3660e929 code=0x7ffc0000
[  420.028093][   T29] audit: type=1326 audit(1750740694.018:22633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16968 comm="syz.0.4687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4e3660e929 code=0x7ffc0000
[  420.055605][   T29] audit: type=1326 audit(1750740694.018:22634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16968 comm="syz.0.4687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e3660e929 code=0x7ffc0000
[  420.672903][T16990] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4695'.
[  420.683928][T16990] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4695'.
[  420.699745][T16990] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4695'.
[  420.962715][T17011] netlink: 'syz.5.4696': attribute type 3 has an invalid length.
[  420.985664][T17011] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  421.874476][T17025] __nla_validate_parse: 4 callbacks suppressed
[  421.874543][T17025] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4705'.
[  422.113861][T17032] vhci_hcd: invalid port number 65
[  422.119712][T17032] vhci_hcd: SetHubDepth req not supported for USB 2.0 roothub
[  422.236696][T17038] SET target dimension over the limit!
[  422.279840][T17038] netlink: 'syz.3.4711': attribute type 1 has an invalid length.
[  422.288386][T17038] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4711'.
[  422.306796][T17036] loop6: detected capacity change from 0 to 512
[  423.054556][T17046] netlink: 'syz.1.4713': attribute type 3 has an invalid length.
[  423.079893][T17046] netlink: 152 bytes leftover after parsing attributes in process `syz.1.4713'.
[  423.101909][T17046] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  423.451823][T17051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4715'.
[  423.461859][T17051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4715'.
[  423.597936][T17051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4715'.
[  423.646397][T17051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4715'.
[  423.656441][T17051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4715'.
[  423.717845][T17051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4715'.
[  423.777571][T17051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4715'.
[  423.828631][T17066] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[  425.063726][T17101] loop6: detected capacity change from 0 to 256
[  425.073346][   T29] kauditd_printk_skb: 169 callbacks suppressed
[  425.073364][   T29] audit: type=1400 audit(1750740699.338:22804): avc:  denied  { mount } for  pid=17100 comm="syz.6.4733" name="/" dev="loop6" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  425.147841][   T29] audit: type=1400 audit(1750740699.398:22805): avc:  denied  { write } for  pid=17100 comm="syz.6.4733" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  425.634919][   T29] audit: type=1400 audit(1750740699.898:22806): avc:  denied  { unmount } for  pid=16546 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  425.719878][   T29] audit: type=1326 audit(1750740699.988:22807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17133 comm="syz.6.4741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  425.743642][   T29] audit: type=1326 audit(1750740699.988:22808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17133 comm="syz.6.4741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  425.821852][   T29] audit: type=1326 audit(1750740699.988:22809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17133 comm="syz.6.4741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  425.848464][   T29] audit: type=1326 audit(1750740699.988:22810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17133 comm="syz.6.4741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  425.872469][   T29] audit: type=1326 audit(1750740699.988:22811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17133 comm="syz.6.4741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  425.896526][   T29] audit: type=1326 audit(1750740699.988:22812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17133 comm="syz.6.4741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  425.920225][   T29] audit: type=1326 audit(1750740699.988:22813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17133 comm="syz.6.4741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  426.058314][T17141] C: renamed from team_slave_0 (while UP)
[  426.083020][T17141] netlink: 'syz.6.4741': attribute type 3 has an invalid length.
[  426.097284][T17141] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  427.113144][T17155] __nla_validate_parse: 15 callbacks suppressed
[  427.113165][T17155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4748'.
[  427.113247][T17155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4748'.
[  427.113293][T17155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4748'.
[  427.141080][T17155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4748'.
[  427.141117][T17155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4748'.
[  427.141205][T17155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4748'.
[  427.234242][T17155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4748'.
[  427.234341][T17155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4748'.
[  427.234379][T17155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4748'.
[  427.726537][T17197] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4759'.
[  427.812926][T17198] netlink: 'syz.0.4758': attribute type 3 has an invalid length.
[  427.834225][T17198] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  428.302093][T17214] FAULT_INJECTION: forcing a failure.
[  428.302093][T17214] name failslab, interval 1, probability 0, space 0, times 0
[  428.322630][T17214] CPU: 1 UID: 0 PID: 17214 Comm: syz.1.4766 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  428.322694][T17214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  428.322711][T17214] Call Trace:
[  428.322720][T17214]  <TASK>
[  428.322740][T17214]  __dump_stack+0x1d/0x30
[  428.322761][T17214]  dump_stack_lvl+0xe8/0x140
[  428.322780][T17214]  dump_stack+0x15/0x1b
[  428.322868][T17214]  should_fail_ex+0x265/0x280
[  428.322907][T17214]  should_failslab+0x8c/0xb0
[  428.322937][T17214]  kmem_cache_alloc_node_noprof+0x57/0x320
[  428.323042][T17214]  ? __alloc_skb+0x101/0x320
[  428.323081][T17214]  __alloc_skb+0x101/0x320
[  428.323107][T17214]  ? audit_log_start+0x365/0x6c0
[  428.323151][T17214]  audit_log_start+0x380/0x6c0
[  428.323252][T17214]  audit_seccomp+0x48/0x100
[  428.323278][T17214]  ? __seccomp_filter+0x68c/0x10d0
[  428.323300][T17214]  __seccomp_filter+0x69d/0x10d0
[  428.323331][T17214]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  428.323439][T17214]  ? vfs_write+0x75e/0x8e0
[  428.323545][T17214]  __secure_computing+0x82/0x150
[  428.323567][T17214]  syscall_trace_enter+0xcf/0x1e0
[  428.323598][T17214]  do_syscall_64+0xac/0x200
[  428.323632][T17214]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  428.323666][T17214]  ? clear_bhb_loop+0x40/0x90
[  428.323747][T17214]  ? clear_bhb_loop+0x40/0x90
[  428.323772][T17214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  428.323793][T17214] RIP: 0033:0x7febc5e1e929
[  428.323808][T17214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  428.323870][T17214] RSP: 002b:00007febc4487038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6
[  428.323889][T17214] RAX: ffffffffffffffda RBX: 00007febc6045fa0 RCX: 00007febc5e1e929
[  428.323901][T17214] RDX: 0000200000000140 RSI: 0000000000000010 RDI: 0000000000000000
[  428.323913][T17214] RBP: 00007febc4487090 R08: 0000000000000000 R09: 0000000000000000
[  428.323925][T17214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  428.323942][T17214] R13: 0000000000000000 R14: 00007febc6045fa0 R15: 00007ffee9a1b898
[  428.323966][T17214]  </TASK>
[  428.635802][T17215] loop5: detected capacity change from 0 to 512
[  428.656212][T17215] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  428.670736][T17215] ext4 filesystem being mounted at /386/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  428.734563][T17225] loop6: detected capacity change from 0 to 1024
[  428.755823][T17225] EXT4-fs (loop6): Can't support bigalloc feature without extents feature
[  428.755823][T17225] 
[  428.771175][T17225] EXT4-fs (loop6): couldn't mount as ext2 due to feature incompatibilities
[  428.871085][T17225] loop6: detected capacity change from 0 to 512
[  428.901112][T17225] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  428.922813][T17225] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  428.966745][T16546] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  429.122191][T11537] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  429.258129][T17241] loop5: detected capacity change from 0 to 512
[  430.178521][T17284] FAULT_INJECTION: forcing a failure.
[  430.178521][T17284] name failslab, interval 1, probability 0, space 0, times 0
[  430.191274][T17284] CPU: 1 UID: 0 PID: 17284 Comm: syz.6.4788 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  430.191308][T17284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  430.191324][T17284] Call Trace:
[  430.191332][T17284]  <TASK>
[  430.191341][T17284]  __dump_stack+0x1d/0x30
[  430.191413][T17284]  dump_stack_lvl+0xe8/0x140
[  430.191438][T17284]  dump_stack+0x15/0x1b
[  430.191460][T17284]  should_fail_ex+0x265/0x280
[  430.191499][T17284]  should_failslab+0x8c/0xb0
[  430.191589][T17284]  __kvmalloc_node_noprof+0x123/0x4e0
[  430.191628][T17284]  ? bpf_test_run_xdp_live+0xed/0xfe0
[  430.191667][T17284]  bpf_test_run_xdp_live+0xed/0xfe0
[  430.191742][T17284]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  430.191775][T17284]  ? __pfx_autoremove_wake_function+0x10/0x10
[  430.191818][T17284]  ? 0xffffffffa0205540
[  430.191915][T17284]  ? synchronize_rcu+0x45/0x320
[  430.191945][T17284]  ? 0xffffffffa0205540
[  430.191961][T17284]  ? 0xffffffffa0205540
[  430.191977][T17284]  ? bpf_dispatcher_change_prog+0x6ec/0x7f0
[  430.192012][T17284]  ? 0xffffffffa02019d0
[  430.192109][T17284]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  430.192141][T17284]  bpf_prog_test_run_xdp+0x4f5/0x910
[  430.192183][T17284]  ? __rcu_read_unlock+0x4f/0x70
[  430.192272][T17284]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  430.192311][T17284]  bpf_prog_test_run+0x22a/0x390
[  430.192332][T17284]  __sys_bpf+0x3dc/0x790
[  430.192385][T17284]  __x64_sys_bpf+0x41/0x50
[  430.192469][T17284]  x64_sys_call+0x2478/0x2fb0
[  430.192494][T17284]  do_syscall_64+0xd2/0x200
[  430.192511][T17284]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  430.192685][T17284]  ? clear_bhb_loop+0x40/0x90
[  430.192707][T17284]  ? clear_bhb_loop+0x40/0x90
[  430.192731][T17284]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.192756][T17284] RIP: 0033:0x7f9350bce929
[  430.192845][T17284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  430.192867][T17284] RSP: 002b:00007f934f237038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  430.192890][T17284] RAX: ffffffffffffffda RBX: 00007f9350df5fa0 RCX: 00007f9350bce929
[  430.192906][T17284] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  430.192921][T17284] RBP: 00007f934f237090 R08: 0000000000000000 R09: 0000000000000000
[  430.192936][T17284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  430.192979][T17284] R13: 0000000000000000 R14: 00007f9350df5fa0 R15: 00007ffe7893f248
[  430.193001][T17284]  </TASK>
[  430.506990][T17284] 9pnet_fd: Insufficient options for proto=fd
[  430.516133][   T29] kauditd_printk_skb: 112 callbacks suppressed
[  430.516148][   T29] audit: type=1400 audit(1750740704.768:22924): avc:  denied  { read } for  pid=17283 comm="syz.6.4788" dev="sockfs" ino=59870 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  430.544552][   T29] audit: type=1400 audit(1750740704.778:22925): avc:  denied  { setopt } for  pid=17283 comm="syz.6.4788" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  430.564783][T17290] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  430.676189][T17267] syz.1.4781 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  430.690439][T17267] CPU: 0 UID: 0 PID: 17267 Comm: syz.1.4781 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  430.690506][T17267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  430.690522][T17267] Call Trace:
[  430.690581][T17267]  <TASK>
[  430.690592][T17267]  __dump_stack+0x1d/0x30
[  430.690621][T17267]  dump_stack_lvl+0xe8/0x140
[  430.690716][T17267]  dump_stack+0x15/0x1b
[  430.690738][T17267]  dump_header+0x81/0x220
[  430.690789][T17267]  oom_kill_process+0x334/0x3f0
[  430.690831][T17267]  out_of_memory+0x979/0xb80
[  430.690950][T17267]  try_charge_memcg+0x5e6/0x9e0
[  430.690981][T17267]  obj_cgroup_charge_pages+0xa6/0x150
[  430.691033][T17267]  __memcg_kmem_charge_page+0x9f/0x170
[  430.691075][T17267]  __alloc_frozen_pages_noprof+0x188/0x360
[  430.691116][T17267]  alloc_pages_mpol+0xb3/0x250
[  430.691172][T17267]  alloc_pages_noprof+0x90/0x130
[  430.691203][T17267]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  430.691268][T17267]  __kvmalloc_node_noprof+0x30f/0x4e0
[  430.691300][T17267]  ? ip_set_alloc+0x1f/0x30
[  430.691400][T17267]  ? ip_set_alloc+0x1f/0x30
[  430.691503][T17267]  ? __kmalloc_cache_noprof+0x189/0x320
[  430.691596][T17267]  ip_set_alloc+0x1f/0x30
[  430.691624][T17267]  hash_netiface_create+0x282/0x740
[  430.691718][T17267]  ? __pfx_hash_netiface_create+0x10/0x10
[  430.691756][T17267]  ip_set_create+0x3c9/0x960
[  430.691846][T17267]  ? __nla_parse+0x40/0x60
[  430.691871][T17267]  nfnetlink_rcv_msg+0x4c3/0x590
[  430.691925][T17267]  ? selinux_capable+0x1f9/0x270
[  430.691976][T17267]  netlink_rcv_skb+0x120/0x220
[  430.692008][T17267]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  430.692046][T17267]  nfnetlink_rcv+0x16b/0x1690
[  430.692144][T17267]  ? __kfree_skb+0x109/0x150
[  430.692254][T17267]  ? nlmon_xmit+0x4f/0x60
[  430.692281][T17267]  ? consume_skb+0x49/0x150
[  430.692364][T17267]  ? nlmon_xmit+0x4f/0x60
[  430.692392][T17267]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  430.692440][T17267]  ? __dev_queue_xmit+0x11c0/0x1fb0
[  430.692477][T17267]  ? __dev_queue_xmit+0x182/0x1fb0
[  430.692520][T17267]  ? kernelmode_fixup_or_oops+0x59/0xb0
[  430.692638][T17267]  ? ref_tracker_free+0x37d/0x3e0
[  430.692679][T17267]  ? __netlink_deliver_tap+0x4dc/0x500
[  430.692806][T17267]  netlink_unicast+0x59e/0x670
[  430.692850][T17267]  netlink_sendmsg+0x58b/0x6b0
[  430.692878][T17267]  ? __pfx_netlink_sendmsg+0x10/0x10
[  430.692905][T17267]  __sock_sendmsg+0x142/0x180
[  430.693065][T17267]  ____sys_sendmsg+0x31e/0x4e0
[  430.693111][T17267]  ___sys_sendmsg+0x17b/0x1d0
[  430.693181][T17267]  __x64_sys_sendmsg+0xd4/0x160
[  430.693265][T17267]  x64_sys_call+0x2999/0x2fb0
[  430.693294][T17267]  do_syscall_64+0xd2/0x200
[  430.693409][T17267]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  430.693443][T17267]  ? clear_bhb_loop+0x40/0x90
[  430.693467][T17267]  ? clear_bhb_loop+0x40/0x90
[  430.693513][T17267]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.693542][T17267] RIP: 0033:0x7febc5e1e929
[  430.693563][T17267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  430.693588][T17267] RSP: 002b:00007febc4487038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  430.693614][T17267] RAX: ffffffffffffffda RBX: 00007febc6045fa0 RCX: 00007febc5e1e929
[  430.693631][T17267] RDX: 0000000000000810 RSI: 0000200000000040 RDI: 0000000000000009
[  430.693690][T17267] RBP: 00007febc5ea0b39 R08: 0000000000000000 R09: 0000000000000000
[  430.693705][T17267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  430.693720][T17267] R13: 0000000000000000 R14: 00007febc6045fa0 R15: 00007ffee9a1b898
[  430.693776][T17267]  </TASK>
[  430.693784][T17267] memory: usage 307200kB, limit 307200kB, failcnt 1292
[  431.067038][T17267] memory+swap: usage 307388kB, limit 9007199254740988kB, failcnt 0
[  431.075889][T17267] kmem: usage 307132kB, limit 9007199254740988kB, failcnt 0
[  431.084335][T17267] Memory cgroup stats for /syz1:
[  431.084870][T17267] cache 0
[  431.092829][T17267] rss 0
[  431.095743][T17267] shmem 0
[  431.098913][T17267] mapped_file 0
[  431.102480][T17267] dirty 0
[  431.105760][T17267] writeback 0
[  431.109204][T17267] workingset_refault_anon 2172
[  431.113984][T17267] workingset_refault_file 2435
[  431.118811][T17267] swap 192512
[  431.122291][T17267] swapcached 12288
[  431.127844][T17267] pgpgin 295808
[  431.131554][T17267] pgpgout 295791
[  431.135738][T17267] pgfault 379549
[  431.139933][T17267] pgmajfault 629
[  431.148305][T17267] inactive_anon 12288
[  431.153575][T17267] active_anon 0
[  431.157219][T17267] inactive_file 57344
[  431.161301][T17267] active_file 0
[  431.164768][T17267] unevictable 0
[  431.168309][T17267] hierarchical_memory_limit 314572800
[  431.173709][T17267] hierarchical_memsw_limit 9223372036854771712
[  431.179896][T17267] total_cache 0
[  431.183372][T17267] total_rss 0
[  431.186685][T17267] total_shmem 0
[  431.190195][T17267] total_mapped_file 0
[  431.194281][T17267] total_dirty 0
[  431.197753][T17267] total_writeback 0
[  431.201814][T17267] total_workingset_refault_anon 2172
[  431.207207][T17267] total_workingset_refault_file 2435
[  431.212572][T17267] total_swap 192512
[  431.216501][T17267] total_swapcached 12288
[  431.221032][T17267] total_pgpgin 295808
[  431.225362][T17267] total_pgpgout 295791
[  431.229512][T17267] total_pgfault 379549
[  431.233686][T17267] total_pgmajfault 629
[  431.238069][T17267] total_inactive_anon 12288
[  431.243339][T17267] total_active_anon 0
[  431.247370][T17267] total_inactive_file 57344
[  431.251919][T17267] total_active_file 0
[  431.256434][T17267] total_unevictable 0
[  431.260450][T17267] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.4781,pid=17266,uid=0
[  431.276364][T17267] Memory cgroup out of memory: Killed process 17266 (syz.1.4781) total-vm:95800kB, anon-rss:1016kB, file-rss:22440kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  431.734065][T17335] loop6: detected capacity change from 0 to 1024
[  431.742730][   T29] audit: type=1400 audit(1750740706.008:22926): avc:  denied  { create } for  pid=17337 comm="syz.5.4804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  431.772660][T17335] EXT4-fs (loop6): can't mount with journal_async_commit, fs mounted w/o journal
[  431.772707][   T29] audit: type=1400 audit(1750740706.038:22927): avc:  denied  { wake_alarm } for  pid=17337 comm="syz.5.4804" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  431.836579][   T29] audit: type=1326 audit(1750740706.098:22928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17345 comm="syz.6.4807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  431.836670][T17338] FAULT_INJECTION: forcing a failure.
[  431.836670][T17338] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  431.836704][T17338] CPU: 1 UID: 0 PID: 17338 Comm: syz.5.4804 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  431.836733][T17338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  431.836748][T17338] Call Trace:
[  431.836755][T17338]  <TASK>
[  431.836765][T17338]  __dump_stack+0x1d/0x30
[  431.836794][T17338]  dump_stack_lvl+0xe8/0x140
[  431.836843][T17338]  dump_stack+0x15/0x1b
[  431.836867][T17338]  should_fail_ex+0x265/0x280
[  431.836910][T17338]  should_fail+0xb/0x20
[  431.836949][T17338]  should_fail_usercopy+0x1a/0x20
[  431.837045][T17338]  _copy_from_user+0x1c/0xb0
[  431.837075][T17338]  __se_sys_openat2+0xcb/0x1f0
[  431.837166][T17338]  __x64_sys_openat2+0x55/0x70
[  431.837209][T17338]  x64_sys_call+0x21e0/0x2fb0
[  431.837257][T17338]  do_syscall_64+0xd2/0x200
[  431.837281][T17338]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  431.837323][T17338]  ? clear_bhb_loop+0x40/0x90
[  431.837353][T17338]  ? clear_bhb_loop+0x40/0x90
[  431.837421][T17338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.837492][T17338] RIP: 0033:0x7ffaf7e4e929
[  431.837514][T17338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  431.837540][T17338] RSP: 002b:00007ffaf64b7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b5
[  431.837567][T17338] RAX: ffffffffffffffda RBX: 00007ffaf8075fa0 RCX: 00007ffaf7e4e929
[  431.837585][T17338] RDX: 0000200000000040 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  431.837659][T17338] RBP: 00007ffaf64b7090 R08: 0000000000000000 R09: 0000000000000000
[  431.837676][T17338] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000001
[  431.837693][T17338] R13: 0000000000000000 R14: 00007ffaf8075fa0 R15: 00007ffe38c702e8
[  431.837720][T17338]  </TASK>
[  432.062345][   T29] audit: type=1400 audit(1750740706.108:22929): avc:  denied  { write } for  pid=17337 comm="syz.5.4804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  432.082350][   T29] audit: type=1326 audit(1750740706.118:22930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17345 comm="syz.6.4807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  432.107058][   T29] audit: type=1326 audit(1750740706.118:22931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17345 comm="syz.6.4807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  432.132097][   T29] audit: type=1326 audit(1750740706.118:22932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17345 comm="syz.6.4807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  432.155975][   T29] audit: type=1326 audit(1750740706.118:22933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17345 comm="syz.6.4807" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  432.202063][T17350] __vm_enough_memory: pid: 17350, comm: syz.5.4808, bytes: 21195735080960 not enough memory for the allocation
[  432.264607][T17350] loop5: detected capacity change from 0 to 512
[  432.291321][T17350] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  432.341603][T17350] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c0a8, mo2=0002]
[  432.354046][T17350] System zones: 1-12
[  432.370238][T17350] EXT4-fs error (device loop5): ext4_xattr_inode_iget:437: inode #11: comm syz.5.4808: missing EA_INODE flag
[  432.384961][T17350] EXT4-fs (loop5): Remounting filesystem read-only
[  432.394071][T17350] EXT4-fs (loop5): 1 orphan inode deleted
[  432.419915][T17354] netlink: 'syz.3.4809': attribute type 3 has an invalid length.
[  432.427723][T17350] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  432.446282][T17354] __nla_validate_parse: 23 callbacks suppressed
[  432.446317][T17354] netlink: 152 bytes leftover after parsing attributes in process `syz.3.4809'.
[  432.471904][T17354] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  432.537575][T11537] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  432.619750][T17366] loop6: detected capacity change from 0 to 512
[  432.625581][T17377] syzkaller1: entered promiscuous mode
[  432.632293][T17377] syzkaller1: entered allmulticast mode
[  432.836582][T17401] __vm_enough_memory: pid: 17401, comm: syz.0.4828, bytes: 21196126691328 not enough memory for the allocation
[  432.864116][T17398] syzkaller1: entered promiscuous mode
[  432.869897][T17398] syzkaller1: entered allmulticast mode
[  433.393597][T17433] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4838'.
[  433.777282][T17440] syzkaller1: entered promiscuous mode
[  433.782991][T17440] syzkaller1: entered allmulticast mode
[  434.201077][T17453] netlink: 'syz.6.4845': attribute type 3 has an invalid length.
[  434.211305][T17453] netlink: 152 bytes leftover after parsing attributes in process `syz.6.4845'.
[  434.232852][T17453] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  434.372010][T17457] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[  435.161888][T17466] netlink: 128 bytes leftover after parsing attributes in process `syz.5.4851'.
[  435.287580][T17471] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4853'.
[  435.296907][T17471] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4853'.
[  435.335459][T17468] syzkaller1: entered promiscuous mode
[  435.341223][T17468] syzkaller1: entered allmulticast mode
[  435.378873][T17471] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4853'.
[  435.441567][T17482] __vm_enough_memory: pid: 17482, comm: syz.6.4855, bytes: 21195373707264 not enough memory for the allocation
[  435.466333][T17471] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4853'.
[  435.475399][T17471] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4853'.
[  435.542938][T17471] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4853'.
[  435.568160][   T29] kauditd_printk_skb: 187 callbacks suppressed
[  435.568177][   T29] audit: type=1326 audit(1750740709.828:23121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17481 comm="syz.6.4855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  435.599089][   T29] audit: type=1326 audit(1750740709.828:23122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17481 comm="syz.6.4855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  435.623271][   T29] audit: type=1326 audit(1750740709.828:23123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17481 comm="syz.6.4855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  435.753234][T17482] loop6: detected capacity change from 0 to 512
[  435.830296][T17482] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  435.865230][   T29] audit: type=1326 audit(1750740709.918:23124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17481 comm="syz.6.4855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  435.889685][   T29] audit: type=1326 audit(1750740709.918:23125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17481 comm="syz.6.4855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  435.913684][   T29] audit: type=1326 audit(1750740709.928:23126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17481 comm="syz.6.4855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  435.938461][   T29] audit: type=1326 audit(1750740709.928:23127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17481 comm="syz.6.4855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  435.962953][   T29] audit: type=1326 audit(1750740709.928:23128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17481 comm="syz.6.4855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  435.987297][   T29] audit: type=1326 audit(1750740709.928:23129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17481 comm="syz.6.4855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  436.011796][   T29] audit: type=1326 audit(1750740709.928:23130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17481 comm="syz.6.4855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9350bce929 code=0x7ffc0000
[  436.073139][T17482] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c0a8, mo2=0002]
[  436.083373][T17482] System zones: 1-12
[  436.095796][T17482] EXT4-fs error (device loop6): ext4_xattr_inode_iget:437: inode #11: comm syz.6.4855: missing EA_INODE flag
[  436.115434][T17482] EXT4-fs (loop6): Remounting filesystem read-only
[  436.129822][T17482] EXT4-fs (loop6): 1 orphan inode deleted
[  436.144230][T17482] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  436.207394][T16546] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  436.835372][T17540] syzkaller1: entered promiscuous mode
[  436.842058][T17540] syzkaller1: entered allmulticast mode
[  436.919920][T17544] __vm_enough_memory: pid: 17544, comm: syz.5.4872, bytes: 21195735080960 not enough memory for the allocation
[  437.001730][T17544] loop5: detected capacity change from 0 to 512
[  437.017751][T17544] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  437.033672][T17544] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c0a8, mo2=0002]
[  437.042949][T17544] System zones: 1-12
[  437.049448][T17544] EXT4-fs error (device loop5): ext4_xattr_inode_iget:437: inode #11: comm syz.5.4872: missing EA_INODE flag
[  437.063679][T17544] EXT4-fs (loop5): Remounting filesystem read-only
[  437.072080][T17544] EXT4-fs (loop5): 1 orphan inode deleted
[  437.080568][T17544] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  437.127033][T11537] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  437.255075][T17565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  437.264637][T17565] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  437.290398][T17567] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  437.420036][T17573] loop6: detected capacity change from 0 to 512
[  437.451994][T17573] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  437.469506][T17573] ext4 filesystem being mounted at /62/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  437.495083][T17571] netlink: 'syz.3.4880': attribute type 3 has an invalid length.
[  437.504237][T17571] __nla_validate_parse: 3 callbacks suppressed
[  437.504272][T17571] netlink: 152 bytes leftover after parsing attributes in process `syz.3.4880'.
[  437.531783][T17571] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  437.551469][T16546] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  437.668365][T17582] loop6: detected capacity change from 0 to 256
[  437.934638][T17594] loop6: detected capacity change from 0 to 512
[  437.960262][T17594] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  437.974297][T17594] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  438.399259][T17616] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4893'.
[  438.770520][T16546] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  438.844336][T17631] netlink: 'syz.0.4900': attribute type 3 has an invalid length.
[  438.852461][T17631] netlink: 152 bytes leftover after parsing attributes in process `syz.0.4900'.
[  438.870426][T17631] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  438.870942][T17635] loop6: detected capacity change from 0 to 512
[  438.917738][T17635] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  438.933034][T17635] ext4 filesystem being mounted at /66/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  439.449272][T17659] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4911'.
[  439.463316][T17661] loop5: detected capacity change from 0 to 512
[  439.480752][T17661] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  439.508071][T17661] ext4 filesystem being mounted at /411/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  439.557653][T17663] syzkaller1: entered promiscuous mode
[  439.563327][T17663] syzkaller1: entered allmulticast mode
[  439.660172][T16546] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  439.693768][T17677] netlink: 40 bytes leftover after parsing attributes in process `syz.6.4915'.
[  439.706135][T17677] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17677 comm=syz.6.4915
[  439.852780][T17678] team0 (unregistering): Port device C removed
[  439.879714][T17678] team0 (unregistering): Port device team_slave_1 removed
[  439.889391][T17682] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4917'.
[  439.982210][T17687] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4919'.
[  440.323772][T11537] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  440.393435][T17697] netlink: 44 bytes leftover after parsing attributes in process `syz.5.4923'.
[  440.455714][T17709] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  440.467723][T17709] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[  440.477317][T17709] bpf: Bad value for 'gid'
[  440.788237][T17733] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[  441.708478][   T29] kauditd_printk_skb: 173 callbacks suppressed
[  441.708542][   T29] audit: type=1326 audit(1750740715.978:23304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17717 comm="syz.0.4929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e3660e929 code=0x7fc00000
[  441.747959][T17735] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[  441.883226][ T9257] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=9257 comm=kworker/0:6
[  442.799468][T17742] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4938'.
[  442.817920][   T29] audit: type=1400 audit(1750740717.058:23305): avc:  denied  { create } for  pid=17741 comm="syz.1.4938" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  442.848721][ T9258] kernel read not supported for file bpf_link (pid: 9258 comm: kworker/0:7)
[  442.866972][ T3408] IPVS: starting estimator thread 0...
[  442.876069][T17744] loop5: detected capacity change from 0 to 256
[  442.896676][   T29] audit: type=1400 audit(1750740717.108:23306): avc:  denied  { create } for  pid=17741 comm="syz.1.4938" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=netlink_rdma_socket permissive=1
[  442.947854][   T29] audit: type=1400 audit(1750740717.208:23307): avc:  denied  { write } for  pid=17741 comm="syz.1.4938" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=netlink_rdma_socket permissive=1
[  442.979231][T17743] IPVS: using max 1728 ests per chain, 86400 per kthread
[  443.037032][T17742] infiniband syz1: set down
[  443.042029][T17742] infiniband syz1: added veth0_to_team
[  443.064721][T17742] RDS/IB: syz1: added
[  443.077111][T17742] smc: adding ib device syz1 with port count 1
[  443.090385][T17742] smc:    ib device syz1 port 1 has pnetid 
[  443.235749][T17770] loop6: detected capacity change from 0 to 2048
[  443.299223][T17770] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  443.551166][T17791] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22
[  443.559566][T17791] netdevsim netdevsim6: Direct firmware load for . failed with error -22
[  443.574303][   T29] audit: type=1400 audit(1750740717.838:23308): avc:  denied  { create } for  pid=17769 comm="syz.6.4949" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  443.596055][   T29] audit: type=1400 audit(1750740717.838:23309): avc:  denied  { ioctl } for  pid=17769 comm="syz.6.4949" path="socket:[61477]" dev="sockfs" ino=61477 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  443.912829][   T29] audit: type=1326 audit(1750740718.168:23310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17764 comm="syz.0.4947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e3660e929 code=0x7fc00000
[  444.165960][T17797] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0
[  444.182549][T17797] netlink: 124 bytes leftover after parsing attributes in process `syz.1.4957'.
[  444.235940][   T29] audit: type=1400 audit(1750740718.428:23311): avc:  denied  { bind } for  pid=17796 comm="syz.1.4957" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  444.256288][   T29] audit: type=1400 audit(1750740718.428:23312): avc:  denied  { read } for  pid=17796 comm="syz.1.4957" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  444.276019][   T29] audit: type=1400 audit(1750740718.448:23313): avc:  denied  { mount } for  pid=17796 comm="syz.1.4957" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  444.323145][T16546] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  444.434661][T17812] syzkaller1: entered promiscuous mode
[  444.440282][T17812] syzkaller1: entered allmulticast mode
[  444.482269][T17819] netlink: 'syz.6.4966': attribute type 1 has an invalid length.
[  444.508031][T17819] loop6: detected capacity change from 0 to 2048
[  444.520393][T17806] netlink: 'syz.1.4962': attribute type 3 has an invalid length.
[  444.528878][T17806] netlink: 152 bytes leftover after parsing attributes in process `syz.1.4962'.
[  444.539528][T17806] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  444.548163][T17819] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  444.629184][T17835] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4969'.
[  444.638300][T17835] netlink: 43 bytes leftover after parsing attributes in process `syz.0.4969'.
[  444.647328][T17835] netlink: 'syz.0.4969': attribute type 5 has an invalid length.
[  444.655162][T17835] netlink: 43 bytes leftover after parsing attributes in process `syz.0.4969'.
[  444.673175][T16546] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  444.730566][T17839] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4971'.
[  444.793169][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  444.800092][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  444.807200][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  444.814060][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  444.820710][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  444.827298][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  444.840822][    C0] IPv4: Oversized IP packet from 172.20.20.170
[  444.856916][    C0] IPv4: Oversized IP packet from 172.20.20.170
[  444.865884][    C0] IPv4: Oversized IP packet from 172.20.20.170
[  445.038547][T17861] syzkaller1: entered promiscuous mode
[  445.044105][T17861] syzkaller1: entered allmulticast mode
[  445.286497][T17877] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4986'.
[  445.295688][T17877] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4986'.
[  445.342881][T17877] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4986'.
[  445.461923][T17868] netlink: 'syz.6.4981': attribute type 3 has an invalid length.
[  445.526024][T17905] __vm_enough_memory: pid: 17905, comm: syz.0.4995, bytes: 21196126691328 not enough memory for the allocation
[  445.717288][T17911] loop5: detected capacity change from 0 to 512
[  445.966914][T17941] FAULT_INJECTION: forcing a failure.
[  445.966914][T17941] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  445.980086][T17941] CPU: 1 UID: 0 PID: 17941 Comm: syz.3.5006 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  445.980127][T17941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  445.980144][T17941] Call Trace:
[  445.980153][T17941]  <TASK>
[  445.980163][T17941]  __dump_stack+0x1d/0x30
[  445.980190][T17941]  dump_stack_lvl+0xe8/0x140
[  445.980215][T17941]  dump_stack+0x15/0x1b
[  445.980310][T17941]  should_fail_ex+0x265/0x280
[  445.980363][T17941]  should_fail+0xb/0x20
[  445.980445][T17941]  should_fail_usercopy+0x1a/0x20
[  445.980622][T17941]  _copy_from_iter+0xcf/0xe40
[  445.980684][T17941]  ? __build_skb_around+0x1a0/0x200
[  445.980713][T17941]  ? __alloc_skb+0x223/0x320
[  445.980746][T17941]  pfkey_sendmsg+0x126/0x900
[  445.980834][T17941]  ? avc_has_perm+0xd3/0x150
[  445.980868][T17941]  ? selinux_socket_sendmsg+0x175/0x1b0
[  445.981047][T17941]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  445.981150][T17941]  __sock_sendmsg+0x142/0x180
[  445.981236][T17941]  ____sys_sendmsg+0x345/0x4e0
[  445.981318][T17941]  ___sys_sendmsg+0x17b/0x1d0
[  445.981398][T17941]  __sys_sendmmsg+0x178/0x300
[  445.981439][T17941]  __x64_sys_sendmmsg+0x57/0x70
[  445.981464][T17941]  x64_sys_call+0x2f2f/0x2fb0
[  445.981489][T17941]  do_syscall_64+0xd2/0x200
[  445.981507][T17941]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  445.981583][T17941]  ? clear_bhb_loop+0x40/0x90
[  445.981679][T17941]  ? clear_bhb_loop+0x40/0x90
[  445.981707][T17941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  445.981735][T17941] RIP: 0033:0x7eff9182e929
[  445.981816][T17941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  445.981834][T17941] RSP: 002b:00007eff8fe97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  445.981859][T17941] RAX: ffffffffffffffda RBX: 00007eff91a55fa0 RCX: 00007eff9182e929
[  445.981924][T17941] RDX: 00000000000002c8 RSI: 00002000000000c0 RDI: 000000000000000a
[  445.981937][T17941] RBP: 00007eff8fe97090 R08: 0000000000000000 R09: 0000000000000000
[  445.981948][T17941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  445.981960][T17941] R13: 0000000000000000 R14: 00007eff91a55fa0 R15: 00007ffc50dae188
[  445.982025][T17941]  </TASK>
[  446.504011][T17961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  446.514413][T17961] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  446.569250][T17953] netlink: 'syz.5.5010': attribute type 3 has an invalid length.
[  446.584679][T17968] __vm_enough_memory: pid: 17968, comm: syz.1.5016, bytes: 21196345962496 not enough memory for the allocation
[  446.735084][   T29] kauditd_printk_skb: 220 callbacks suppressed
[  446.735103][   T29] audit: type=1326 audit(1750740720.998:23534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17966 comm="syz.1.5016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  446.768663][   T29] audit: type=1326 audit(1750740721.018:23535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17966 comm="syz.1.5016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  446.792741][   T29] audit: type=1326 audit(1750740721.018:23536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17966 comm="syz.1.5016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  446.816865][   T29] audit: type=1326 audit(1750740721.038:23537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17966 comm="syz.1.5016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  446.840580][   T29] audit: type=1326 audit(1750740721.038:23538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17966 comm="syz.1.5016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  446.864244][   T29] audit: type=1326 audit(1750740721.058:23539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17966 comm="syz.1.5016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  446.888032][   T29] audit: type=1326 audit(1750740721.088:23540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17966 comm="syz.1.5016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  446.912008][   T29] audit: type=1326 audit(1750740721.098:23541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17966 comm="syz.1.5016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  446.935909][   T29] audit: type=1326 audit(1750740721.108:23542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17966 comm="syz.1.5016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  446.959559][   T29] audit: type=1326 audit(1750740721.108:23543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17985 comm="syz.5.5021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf7e4e929 code=0x7ffc0000
[  447.050615][T17986] loop5: detected capacity change from 0 to 512
[  447.125899][T18012] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[  447.198617][T18012] bpf: Bad value for 'gid'
[  447.459206][T18045] loop6: detected capacity change from 0 to 128
[  447.543837][T18026] netlink: 'syz.1.5030': attribute type 3 has an invalid length.
[  447.825665][T18056] __nla_validate_parse: 47 callbacks suppressed
[  447.825686][T18056] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5038'.
[  447.907676][T18058] loop5: detected capacity change from 0 to 512
[  447.926231][ T6224] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.942316][T18058] EXT4-fs: Ignoring removed i_version option
[  447.950706][T18058] EXT4-fs: Ignoring removed mblk_io_submit option
[  447.967360][T18058] journal_path: Lookup failure for './file2'
[  447.975970][T18058] EXT4-fs: error: could not find journal device path
[  448.008542][ T6224] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.071688][ T6224] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.121269][ T6224] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.152059][T18058] loop5: detected capacity change from 0 to 512
[  448.220369][T18058] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  448.302972][ T6224] bridge_slave_1: left allmulticast mode
[  448.309451][ T6224] bridge_slave_1: left promiscuous mode
[  448.316905][ T6224] bridge0: port 2(bridge_slave_1) entered disabled state
[  448.339525][ T6224] bridge_slave_0: left allmulticast mode
[  448.346146][ T6224] bridge_slave_0: left promiscuous mode
[  448.352471][ T6224] bridge0: port 1(bridge_slave_0) entered disabled state
[  448.371243][T18058] EXT4-fs (loop5): 1 truncate cleaned up
[  448.420848][T18058] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  448.460642][T18058] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  448.488826][ T6224] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  448.503316][ T6224] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  448.521067][ T6224] bond0 (unregistering): Released all slaves
[  448.539220][T18078] netlink: 'syz.3.5046': attribute type 3 has an invalid length.
[  448.547069][T18078] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5046'.
[  448.564444][ T6224] IPVS: stopping master sync thread 17290 ...
[  448.709559][T18065] chnl_net:caif_netlink_parms(): no params data found
[  448.747176][T18096] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5050'.
[  448.756301][T18096] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5050'.
[  448.805373][ T6224] hsr_slave_0: left promiscuous mode
[  448.821483][ T6224] hsr_slave_1: left promiscuous mode
[  448.833662][T18096] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5050'.
[  448.848382][ T6224] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  448.856343][ T6224] batman_adv: batadv0: Removing interface: batadv_slave_0
[  448.865328][ T6224] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  448.873263][ T6224] batman_adv: batadv0: Removing interface: batadv_slave_1
[  448.886789][T18096] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5050'.
[  448.896994][T18096] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5050'.
[  448.910370][ T6224] veth1_macvtap: left promiscuous mode
[  448.916003][ T6224] veth0_macvtap: left promiscuous mode
[  448.922967][T18096] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5050'.
[  448.932471][ T6224] veth1_vlan: left promiscuous mode
[  448.937863][ T6224] veth0_vlan: left promiscuous mode
[  449.116563][ T6224] team0 (unregistering): Port device team_slave_1 removed
[  449.164973][ T6224] team0 (unregistering): Port device C removed
[  449.195229][T18096] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5050'.
[  449.204699][T18096] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5050'.
[  449.292314][T18065] bridge0: port 1(bridge_slave_0) entered blocking state
[  449.299795][T18065] bridge0: port 1(bridge_slave_0) entered disabled state
[  449.311653][T18065] bridge_slave_0: entered allmulticast mode
[  449.415874][T18065] bridge_slave_0: entered promiscuous mode
[  449.443200][T18065] bridge0: port 2(bridge_slave_1) entered blocking state
[  449.450503][T18065] bridge0: port 2(bridge_slave_1) entered disabled state
[  449.460977][T18065] bridge_slave_1: entered allmulticast mode
[  449.468272][T18065] bridge_slave_1: entered promiscuous mode
[  449.517041][T18124] netlink: 'syz.3.5054': attribute type 3 has an invalid length.
[  450.248613][T18153] loop5: detected capacity change from 0 to 2048
[  450.267517][T18153] EXT4-fs: Ignoring removed nomblk_io_submit option
[  450.289782][T18153] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  450.323136][T18153] EXT4-fs error (device loop5): ext4_read_inline_dir:1502: inode #12: block 5: comm syz.5.5065: path /438/file1/file0: bad entry in directory: directory entry overrun - offset=24, inode=13, rec_len=7952, size=80 fake=0
[  450.370049][T18153] EXT4-fs (loop5): Remounting filesystem read-only
[  450.407246][T11537] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  450.475361][T18065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  450.510799][T18065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  450.585953][T18065] team0: Port device team_slave_0 added
[  450.635146][T18065] team0: Port device team_slave_1 added
[  450.665807][T18065] batman_adv: batadv0: Adding interface: batadv_slave_0
[  450.672855][T18065] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  450.699123][T18065] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  450.800840][T18167] loop5: detected capacity change from 0 to 256
[  450.807658][T18065] batman_adv: batadv0: Adding interface: batadv_slave_1
[  450.814772][T18065] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  450.841445][T18065] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  451.013846][T18065] hsr_slave_0: entered promiscuous mode
[  451.020148][T18065] hsr_slave_1: entered promiscuous mode
[  451.026528][T18065] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  451.034474][T18065] Cannot create hsr debugfs directory
[  451.126917][T18065] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  451.136586][T18065] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  451.146105][T18065] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  451.156205][T18065] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  451.198359][T18065] 8021q: adding VLAN 0 to HW filter on device bond0
[  451.217139][T18065] 8021q: adding VLAN 0 to HW filter on device team0
[  451.227170][ T6224] bridge0: port 1(bridge_slave_0) entered blocking state
[  451.234296][ T6224] bridge0: port 1(bridge_slave_0) entered forwarding state
[  451.247328][ T6224] bridge0: port 2(bridge_slave_1) entered blocking state
[  451.254464][ T6224] bridge0: port 2(bridge_slave_1) entered forwarding state
[  451.327493][T18065] 8021q: adding VLAN 0 to HW filter on device batadv0
[  451.451703][T18065] veth0_vlan: entered promiscuous mode
[  451.460720][T18065] veth1_vlan: entered promiscuous mode
[  451.481379][T18065] veth0_macvtap: entered promiscuous mode
[  451.490259][T18065] veth1_macvtap: entered promiscuous mode
[  451.503186][T18065] batman_adv: batadv0: Interface activated: batadv_slave_0
[  451.517726][T18065] batman_adv: batadv0: Interface activated: batadv_slave_1
[  451.527286][T18065] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  451.536494][T18065] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  451.545241][T18065] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  451.555067][T18065] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  451.746585][T18228] loop7: detected capacity change from 0 to 512
[  451.761469][T18228] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  451.774876][T18228] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  451.861270][T18065] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  451.887861][   T29] kauditd_printk_skb: 186 callbacks suppressed
[  451.887880][   T29] audit: type=1326 audit(1750740726.138:23730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18175 comm="syz.5.5073" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf7e4e929 code=0x7fc00000
[  451.891365][T18221] chnl_net:caif_netlink_parms(): no params data found
[  451.927155][   T29] audit: type=1326 audit(1750740726.188:23731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18181 comm="syz.1.5075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc5e1e929 code=0x7fc00000
[  451.994108][   T29] audit: type=1400 audit(1750740726.228:23732): avc:  denied  { block_suspend } for  pid=18236 comm="syz.5.5080" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  452.059284][T18250] loop5: detected capacity change from 0 to 1024
[  452.089435][T18221] bridge0: port 1(bridge_slave_0) entered blocking state
[  452.096752][T18221] bridge0: port 1(bridge_slave_0) entered disabled state
[  452.105686][T18250] EXT4-fs (loop5): can't mount with journal_async_commit, fs mounted w/o journal
[  452.115848][T18221] bridge_slave_0: entered allmulticast mode
[  452.131889][T18221] bridge_slave_0: entered promiscuous mode
[  452.146316][T18221] bridge0: port 2(bridge_slave_1) entered blocking state
[  452.153569][T18221] bridge0: port 2(bridge_slave_1) entered disabled state
[  452.161857][T18221] bridge_slave_1: entered allmulticast mode
[  452.169633][T18221] bridge_slave_1: entered promiscuous mode
[  452.195429][T18221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  452.211950][T18221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  452.231570][T18263] loop5: detected capacity change from 0 to 512
[  452.252905][T18221] team0: Port device team_slave_0 added
[  452.253369][T18263] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  452.260491][T18221] team0: Port device team_slave_1 added
[  452.274486][T18263] ext4 filesystem being mounted at /443/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  452.309022][T18221] batman_adv: batadv0: Adding interface: batadv_slave_0
[  452.316364][T18221] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  452.342545][T18221] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  452.350956][T11537] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  452.366268][T18221] batman_adv: batadv0: Adding interface: batadv_slave_1
[  452.373351][T18221] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  452.399646][T18221] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  452.425716][T18267] syzkaller1: entered promiscuous mode
[  452.431349][T18267] syzkaller1: entered allmulticast mode
[  452.475826][T18221] hsr_slave_0: entered promiscuous mode
[  452.487029][T18221] hsr_slave_1: entered promiscuous mode
[  452.493634][T18221] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  452.501429][T18221] Cannot create hsr debugfs directory
[  452.588510][T18221] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  452.629793][T18221] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  452.699729][T18221] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  452.750165][T18221] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  452.842496][T18221] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  452.881248][T18221] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  452.903412][   T29] audit: type=1400 audit(1750740727.168:23733): avc:  denied  { read write } for  pid=18287 comm="syz.3.5090" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  452.925734][T13271] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  452.926949][   T29] audit: type=1400 audit(1750740727.168:23734): avc:  denied  { open } for  pid=18287 comm="syz.3.5090" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  452.938016][T13271] CPU: 1 UID: 0 PID: 13271 Comm: syz-executor Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  452.938056][T13271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  452.938076][T13271] Call Trace:
[  452.938087][T13271]  <TASK>
[  452.938100][T13271]  __dump_stack+0x1d/0x30
[  452.938127][T13271]  dump_stack_lvl+0xe8/0x140
[  452.938152][T13271]  dump_stack+0x15/0x1b
[  452.938304][T13271]  dump_header+0x81/0x220
[  452.938368][T13271]  oom_kill_process+0x334/0x3f0
[  452.938412][T13271]  out_of_memory+0x979/0xb80
[  452.938506][T13271]  try_charge_memcg+0x5e6/0x9e0
[  452.938609][T13271]  charge_memcg+0x51/0xc0
[  452.938760][T13271]  __mem_cgroup_charge+0x28/0xb0
[  452.938819][T13271]  filemap_add_folio+0x4e/0x1b0
[  452.938895][T13271]  __filemap_get_folio+0x31e/0x6b0
[  452.938942][T13271]  filemap_fault+0x41d/0xb40
[  452.939061][T13271]  __do_fault+0xb9/0x200
[  452.939147][T13271]  handle_mm_fault+0xf78/0x2be0
[  452.939178][T13271]  ? mas_walk+0xf2/0x120
[  452.939228][T13271]  do_user_addr_fault+0x636/0x1090
[  452.939276][T13271]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  452.939331][T13271]  exc_page_fault+0x62/0xa0
[  452.939435][T13271]  asm_exc_page_fault+0x26/0x30
[  452.939465][T13271] RIP: 0033:0x7febc5cf5974
[  452.939489][T13271] Code: 85 ed 09 00 00 48 b8 db 34 b6 d7 82 de 1b 43 48 f7 a4 24 98 00 00 00 48 8b 05 28 fe e7 00 48 69 8c 24 90 00 00 00 e8 03 00 00 <8b> 78 08 48 8b 44 24 18 48 c1 ea 12 4c 8b 0d 39 fd e7 00 48 01 d1
[  452.939516][T13271] RSP: 002b:00007ffee9a1bc20 EFLAGS: 00010206
[  452.939584][T13271] RAX: 0000001b31220000 RBX: 000000000000037c RCX: 000000000006e5a0
[  452.939603][T13271] RDX: 000000000da35c4c RSI: 00007ffee9a1bcb0 RDI: 0000000000000001
[  452.939621][T13271] RBP: 00007ffee9a1bc5c R08: 0000000034067bc9 R09: 7fffffffffffffff
[  452.939639][T13271] R10: 3fffffffffffffff R11: 0000000000000202 R12: 0000000000001388
[  452.939657][T13271] R13: 00000000000927c0 R14: 000000000006e603 R15: 00007ffee9a1bcb0
[  452.939682][T13271]  </TASK>
[  452.939691][T13271] memory: usage 307200kB, limit 307200kB, failcnt 1587
[  452.964833][T18221] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  452.975231][T13271] memory+swap: usage 307400kB, limit 9007199254740988kB, failcnt 0
[  452.990378][   T29] audit: type=1400 audit(1750740727.248:23735): avc:  denied  { ioctl } for  pid=18287 comm="syz.3.5090" path="/dev/ppp" dev="devtmpfs" ino=140 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  452.992299][T13271] kmem: usage 307144kB, limit 9007199254740988kB, failcnt 0
[  453.215199][T13271] Memory cgroup stats for /syz1:
[  453.215755][T13271] cache 0
[  453.218470][T18221] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  453.220749][T13271] rss 0
[  453.233194][T13271] shmem 0
[  453.236131][T13271] mapped_file 0
[  453.239726][T13271] dirty 0
[  453.242678][T13271] writeback 0
[  453.245961][T13271] workingset_refault_anon 2267
[  453.250764][T13271] workingset_refault_file 2579
[  453.255553][T13271] swap 204800
[  453.258907][T13271] swapcached 0
[  453.262353][T13271] pgpgin 314314
[  453.265846][T13271] pgpgout 314300
[  453.269460][T13271] pgfault 407301
[  453.273010][T13271] pgmajfault 664
[  453.276579][T13271] inactive_anon 0
[  453.280257][T13271] active_anon 0
[  453.283725][T13271] inactive_file 0
[  453.287368][T13271] active_file 57344
[  453.291213][T13271] unevictable 0
[  453.294745][T13271] hierarchical_memory_limit 314572800
[  453.300338][T13271] hierarchical_memsw_limit 9223372036854771712
[  453.306494][T13271] total_cache 0
[  453.310027][T13271] total_rss 0
[  453.313312][T13271] total_shmem 0
[  453.316834][T13271] total_mapped_file 0
[  453.320845][T13271] total_dirty 0
[  453.324336][T13271] total_writeback 0
[  453.328299][T13271] total_workingset_refault_anon 2267
[  453.333585][T13271] total_workingset_refault_file 2579
[  453.338906][T13271] total_swap 204800
[  453.342737][T13271] total_swapcached 0
[  453.346676][T13271] total_pgpgin 314314
[  453.350674][T13271] total_pgpgout 314300
[  453.354742][T13271] total_pgfault 407301
[  453.358846][T13271] total_pgmajfault 664
[  453.363111][T13271] total_inactive_anon 0
[  453.367268][T13271] total_active_anon 0
[  453.371278][T13271] total_inactive_file 0
[  453.375749][T13271] total_active_file 57344
[  453.380185][T13271] total_unevictable 0
[  453.384239][T13271] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.5081,pid=18238,uid=0
[  453.399015][T13271] Memory cgroup out of memory: Killed process 18238 (syz.1.5081) total-vm:93752kB, anon-rss:888kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  453.423092][T18289] tipc: Started in network mode
[  453.428505][T18289] tipc: Node identity 4, cluster identity 4711
[  453.434727][T18289] tipc: Node number set to 4
[  453.464402][T18292] sit0: left promiscuous mode
[  453.550785][T18292] net_ratelimit: 28 callbacks suppressed
[  453.550799][T18292] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  453.572328][T18284] netlink: 'syz.5.5088': attribute type 3 has an invalid length.
[  453.580313][T18284] __nla_validate_parse: 31 callbacks suppressed
[  453.580330][T18284] netlink: 152 bytes leftover after parsing attributes in process `syz.5.5088'.
[  453.600101][T18284] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  453.659926][T18302] FAULT_INJECTION: forcing a failure.
[  453.659926][T18302] name failslab, interval 1, probability 0, space 0, times 0
[  453.674098][T18302] CPU: 0 UID: 0 PID: 18302 Comm: syz.7.5092 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  453.674135][T18302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  453.674152][T18302] Call Trace:
[  453.674159][T18302]  <TASK>
[  453.674168][T18302]  __dump_stack+0x1d/0x30
[  453.674231][T18302]  dump_stack_lvl+0xe8/0x140
[  453.674254][T18302]  dump_stack+0x15/0x1b
[  453.674302][T18302]  should_fail_ex+0x265/0x280
[  453.674337][T18302]  should_failslab+0x8c/0xb0
[  453.674367][T18302]  kmem_cache_alloc_node_noprof+0x57/0x320
[  453.674431][T18302]  ? __alloc_skb+0x101/0x320
[  453.674507][T18302]  __alloc_skb+0x101/0x320
[  453.674536][T18302]  netlink_alloc_large_skb+0xba/0xf0
[  453.674612][T18302]  netlink_sendmsg+0x3cf/0x6b0
[  453.674717][T18302]  ? __pfx_netlink_sendmsg+0x10/0x10
[  453.674737][T18302]  __sock_sendmsg+0x142/0x180
[  453.674763][T18302]  ____sys_sendmsg+0x31e/0x4e0
[  453.674857][T18302]  ___sys_sendmsg+0x17b/0x1d0
[  453.674909][T18302]  __x64_sys_sendmsg+0xd4/0x160
[  453.674957][T18302]  x64_sys_call+0x2999/0x2fb0
[  453.674984][T18302]  do_syscall_64+0xd2/0x200
[  453.675079][T18302]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  453.675143][T18302]  ? clear_bhb_loop+0x40/0x90
[  453.675165][T18302]  ? clear_bhb_loop+0x40/0x90
[  453.675186][T18302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.675210][T18302] RIP: 0033:0x7fa4ad4ae929
[  453.675226][T18302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  453.675286][T18302] RSP: 002b:00007fa4abb17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  453.675385][T18302] RAX: ffffffffffffffda RBX: 00007fa4ad6d5fa0 RCX: 00007fa4ad4ae929
[  453.675399][T18302] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000007
[  453.675464][T18302] RBP: 00007fa4abb17090 R08: 0000000000000000 R09: 0000000000000000
[  453.675478][T18302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  453.675500][T18302] R13: 0000000000000000 R14: 00007fa4ad6d5fa0 R15: 00007ffea1bb1258
[  453.675520][T18302]  </TASK>
[  454.003048][T18221] 8021q: adding VLAN 0 to HW filter on device bond0
[  454.025722][T18221] 8021q: adding VLAN 0 to HW filter on device team0
[  454.042286][T18320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5098'.
[  454.047586][T18322] loop5: detected capacity change from 0 to 512
[  454.052918][T18320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5098'.
[  454.085498][T18320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5098'.
[  454.104020][ T6238] bridge0: port 1(bridge_slave_0) entered blocking state
[  454.105188][T18320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5098'.
[  454.111312][ T6238] bridge0: port 1(bridge_slave_0) entered forwarding state
[  454.127681][T18320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5098'.
[  454.131280][ T6238] bridge0: port 2(bridge_slave_1) entered blocking state
[  454.137392][T18320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5098'.
[  454.143714][ T6238] bridge0: port 2(bridge_slave_1) entered forwarding state
[  454.178935][T18322] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  454.220646][T18322] ext4 filesystem being mounted at /448/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  454.242269][T18320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5098'.
[  454.251796][T18320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5098'.
[  454.266553][T18320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5098'.
[  454.315070][T18221] 8021q: adding VLAN 0 to HW filter on device batadv0
[  454.329573][T12038] IPVS: starting estimator thread 0...
[  454.345674][   T29] audit: type=1326 audit(1750740728.598:23736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18342 comm="syz.3.5101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  454.384574][   T29] audit: type=1326 audit(1750740728.608:23737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18342 comm="syz.3.5101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  454.408611][   T29] audit: type=1326 audit(1750740728.608:23738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18342 comm="syz.3.5101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  454.433023][   T29] audit: type=1326 audit(1750740728.608:23739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18342 comm="syz.3.5101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  454.457947][T18345] IPVS: using max 2304 ests per chain, 115200 per kthread
[  454.510303][T18350] C: renamed from team_slave_0 (while UP)
[  454.531369][T18350] netlink: 'syz.7.5102': attribute type 3 has an invalid length.
[  454.559156][T18350] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  454.583662][T18221] veth0_vlan: entered promiscuous mode
[  454.595214][T18221] veth1_vlan: entered promiscuous mode
[  454.619266][T18221] veth0_macvtap: entered promiscuous mode
[  454.627127][T18221] veth1_macvtap: entered promiscuous mode
[  454.651147][T18221] batman_adv: batadv0: Interface activated: batadv_slave_0
[  454.661198][T18221] batman_adv: batadv0: Interface activated: batadv_slave_1
[  454.679532][T18221] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  454.689049][T18221] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  454.698285][T18221] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  454.707025][T18221] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  454.843647][T11537] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  455.014095][T18375] FAULT_INJECTION: forcing a failure.
[  455.014095][T18375] name failslab, interval 1, probability 0, space 0, times 0
[  455.027083][T18375] CPU: 0 UID: 0 PID: 18375 Comm: syz.0.5109 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  455.027117][T18375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  455.027204][T18375] Call Trace:
[  455.027213][T18375]  <TASK>
[  455.027222][T18375]  __dump_stack+0x1d/0x30
[  455.027249][T18375]  dump_stack_lvl+0xe8/0x140
[  455.027272][T18375]  dump_stack+0x15/0x1b
[  455.027293][T18375]  should_fail_ex+0x265/0x280
[  455.027331][T18375]  should_failslab+0x8c/0xb0
[  455.027380][T18375]  kmem_cache_alloc_noprof+0x50/0x310
[  455.027412][T18375]  ? do_set_mempolicy+0x17c/0x3e0
[  455.027449][T18375]  do_set_mempolicy+0x17c/0x3e0
[  455.027489][T18375]  __x64_sys_set_mempolicy+0x139/0x170
[  455.027526][T18375]  x64_sys_call+0x273c/0x2fb0
[  455.027553][T18375]  do_syscall_64+0xd2/0x200
[  455.027585][T18375]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  455.027616][T18375]  ? clear_bhb_loop+0x40/0x90
[  455.027642][T18375]  ? clear_bhb_loop+0x40/0x90
[  455.027668][T18375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.027774][T18375] RIP: 0033:0x7f834b3fe929
[  455.027793][T18375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  455.027816][T18375] RSP: 002b:00007f8349a67038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ee
[  455.027838][T18375] RAX: ffffffffffffffda RBX: 00007f834b625fa0 RCX: 00007f834b3fe929
[  455.027854][T18375] RDX: 0000000000000005 RSI: 0000200000000040 RDI: 0000000000008006
[  455.027938][T18375] RBP: 00007f8349a67090 R08: 0000000000000000 R09: 0000000000000000
[  455.027950][T18375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  455.027961][T18375] R13: 0000000000000000 R14: 00007f834b625fa0 R15: 00007ffe3d56ed68
[  455.027979][T18375]  </TASK>
[  455.329062][T18392] loop5: detected capacity change from 0 to 256
[  455.353210][T18392] msdos: Bad value for 'tz'
[  455.427277][T18393] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18393 comm=syz.5.5114
[  455.599543][T18406] netlink: 'syz.1.5116': attribute type 3 has an invalid length.
[  455.610553][T18406] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  455.836442][T18415] netlink: 'syz.0.5123': attribute type 1 has an invalid length.
[  455.934780][T18417] FAULT_INJECTION: forcing a failure.
[  455.934780][T18417] name failslab, interval 1, probability 0, space 0, times 0
[  455.947574][T18417] CPU: 0 UID: 0 PID: 18417 Comm: syz.1.5124 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  455.947603][T18417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  455.947615][T18417] Call Trace:
[  455.947622][T18417]  <TASK>
[  455.947630][T18417]  __dump_stack+0x1d/0x30
[  455.947717][T18417]  dump_stack_lvl+0xe8/0x140
[  455.947738][T18417]  dump_stack+0x15/0x1b
[  455.947753][T18417]  should_fail_ex+0x265/0x280
[  455.947798][T18417]  should_failslab+0x8c/0xb0
[  455.947837][T18417]  kmem_cache_alloc_node_noprof+0x57/0x320
[  455.947864][T18417]  ? __alloc_skb+0x101/0x320
[  455.947963][T18417]  __alloc_skb+0x101/0x320
[  455.947986][T18417]  ? audit_log_start+0x365/0x6c0
[  455.948015][T18417]  audit_log_start+0x380/0x6c0
[  455.948136][T18417]  audit_seccomp+0x48/0x100
[  455.948160][T18417]  ? __seccomp_filter+0x68c/0x10d0
[  455.948181][T18417]  __seccomp_filter+0x69d/0x10d0
[  455.948202][T18417]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  455.948267][T18417]  ? vfs_write+0x75e/0x8e0
[  455.948302][T18417]  ? __rcu_read_unlock+0x4f/0x70
[  455.948321][T18417]  ? __fget_files+0x184/0x1c0
[  455.948341][T18417]  __secure_computing+0x82/0x150
[  455.948427][T18417]  syscall_trace_enter+0xcf/0x1e0
[  455.948511][T18417]  do_syscall_64+0xac/0x200
[  455.948527][T18417]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  455.948552][T18417]  ? clear_bhb_loop+0x40/0x90
[  455.948642][T18417]  ? clear_bhb_loop+0x40/0x90
[  455.948662][T18417]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.948681][T18417] RIP: 0033:0x7febc5e1e929
[  455.948696][T18417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  455.948737][T18417] RSP: 002b:00007febc4487038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bf
[  455.948760][T18417] RAX: ffffffffffffffda RBX: 00007febc6045fa0 RCX: 00007febc5e1e929
[  455.948772][T18417] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  455.948783][T18417] RBP: 00007febc4487090 R08: 0000000000000000 R09: 0000000000000000
[  455.948794][T18417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  455.948805][T18417] R13: 0000000000000000 R14: 00007febc6045fa0 R15: 00007ffee9a1b898
[  455.948821][T18417]  </TASK>
[  456.237065][T18440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  456.245893][T18440] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  456.421455][T18442] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[  456.909074][   T29] kauditd_printk_skb: 49 callbacks suppressed
[  456.909088][   T29] audit: type=1326 audit(1750740731.178:23787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18445 comm="syz.1.5134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  457.114654][   T29] audit: type=1326 audit(1750740731.208:23788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18445 comm="syz.1.5134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  457.138711][   T29] audit: type=1326 audit(1750740731.208:23789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18445 comm="syz.1.5134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  457.163315][   T29] audit: type=1326 audit(1750740731.208:23790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18445 comm="syz.1.5134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  457.186894][   T29] audit: type=1326 audit(1750740731.208:23791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18445 comm="syz.1.5134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  457.210637][   T29] audit: type=1326 audit(1750740731.208:23792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18445 comm="syz.1.5134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7febc5e1d290 code=0x7ffc0000
[  457.234239][   T29] audit: type=1326 audit(1750740731.208:23793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18445 comm="syz.1.5134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  457.257929][   T29] audit: type=1326 audit(1750740731.208:23794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18445 comm="syz.1.5134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  457.281615][   T29] audit: type=1326 audit(1750740731.208:23795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18445 comm="syz.1.5134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  457.305279][   T29] audit: type=1326 audit(1750740731.208:23796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18445 comm="syz.1.5134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc5e1e929 code=0x7ffc0000
[  458.393178][T18482] loop5: detected capacity change from 0 to 1024
[  458.443930][T18482] EXT4-fs (loop5): can't mount with journal_async_commit, fs mounted w/o journal
[  458.585186][T18496] loop5: detected capacity change from 0 to 512
[  458.629533][T18496] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  458.658546][T18496] ext4 filesystem being mounted at /457/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  458.675739][T18502] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check.
[  458.700230][T18512] __nla_validate_parse: 21 callbacks suppressed
[  458.700245][T18512] netlink: 88 bytes leftover after parsing attributes in process `syz.7.5154'.
[  458.715799][T18512] netlink: 88 bytes leftover after parsing attributes in process `syz.7.5154'.
[  458.774735][T11537] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  458.853449][T18529] loop5: detected capacity change from 0 to 164
[  458.860139][T18529] iso9660: Bad value for 'block'
[  458.867636][T18529] lo speed is unknown, defaulting to 1000
[  458.873526][T18529] lo speed is unknown, defaulting to 1000
[  458.879599][T18529] lo speed is unknown, defaulting to 1000
[  458.886611][T18529] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  458.899268][T18522] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  458.914559][T18529] lo speed is unknown, defaulting to 1000
[  458.922753][T18522] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  458.934303][T18529] lo speed is unknown, defaulting to 1000
[  458.940650][T18529] lo speed is unknown, defaulting to 1000
[  458.947901][T18529] lo speed is unknown, defaulting to 1000
[  458.954130][T18529] lo speed is unknown, defaulting to 1000
[  458.960398][T18529] lo speed is unknown, defaulting to 1000
[  458.966491][T18529] lo speed is unknown, defaulting to 1000
[  458.972896][T18529] lo speed is unknown, defaulting to 1000
[  458.979593][T18529] lo speed is unknown, defaulting to 1000
[  458.987904][T18529] lo speed is unknown, defaulting to 1000
[  459.028535][T18536] loop5: detected capacity change from 0 to 1024
[  459.038214][T18536] EXT4-fs (loop5): can't mount with journal_async_commit, fs mounted w/o journal
[  459.783928][T18569] netlink: 'syz.5.5167': attribute type 3 has an invalid length.
[  459.792929][T18569] netlink: 152 bytes leftover after parsing attributes in process `syz.5.5167'.
[  459.809901][T18569] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  460.463384][T18588] netlink: 88 bytes leftover after parsing attributes in process `syz.1.5177'.
[  460.472625][T18588] netlink: 88 bytes leftover after parsing attributes in process `syz.1.5177'.
[  460.756866][T18587] lo speed is unknown, defaulting to 1000
[  461.195641][T18605] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5181'.
[  461.204653][T18605] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5181'.
[  461.215793][T18605] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5181'.
[  461.238698][T18605] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5181'.
[  461.247653][T18605] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5181'.
[  461.390021][T18617] Driver unsupported XDP return value 0 on prog  (id 3428) dev N/A, expect packet loss!
[  461.510103][T18624] loop7: detected capacity change from 0 to 512
[  461.551010][T18624] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  461.559328][T18624] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  461.615424][T18624] System zones: 0-1, 15-15, 18-18, 34-34
[  461.739682][T18624] EXT4-fs (loop7): orphan cleanup on readonly fs
[  461.760660][T18624] EXT4-fs warning (device loop7): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  461.775688][T18624] EXT4-fs (loop7): Cannot turn on quotas: error -22
[  461.806869][T18624] EXT4-fs error (device loop7): ext4_orphan_get:1419: comm syz.7.5185: bad orphan inode 16
[  461.819730][T18624] ext4_test_bit(bit=15, block=18) = 1
[  461.825262][T18624] is_bad_inode(inode)=0
[  461.829555][T18624] NEXT_ORPHAN(inode)=0
[  461.833670][T18624] max_ino=32
[  461.836913][T18624] i_nlink=2
[  461.845496][T18624] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  461.946925][T18065] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  462.078605][T18659] netlink: 'syz.0.5194': attribute type 1 has an invalid length.
[  462.798289][   T29] kauditd_printk_skb: 302 callbacks suppressed
[  462.798303][   T29] audit: type=1326 audit(1750740737.068:24098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18644 comm="syz.7.5191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4ad4ae929 code=0x7fc00000
[  462.833675][   T29] audit: type=1326 audit(1750740737.098:24099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18682 comm="syz.3.5200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  462.870002][   T29] audit: type=1326 audit(1750740737.128:24100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18682 comm="syz.3.5200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  462.895281][   T29] audit: type=1326 audit(1750740737.128:24101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18682 comm="syz.3.5200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  462.919045][   T29] audit: type=1326 audit(1750740737.128:24102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18682 comm="syz.3.5200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  462.942784][   T29] audit: type=1326 audit(1750740737.128:24103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18682 comm="syz.3.5200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  462.966455][   T29] audit: type=1326 audit(1750740737.128:24104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18682 comm="syz.3.5200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  462.990201][   T29] audit: type=1326 audit(1750740737.128:24105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18682 comm="syz.3.5200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  463.013734][   T29] audit: type=1326 audit(1750740737.128:24106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18682 comm="syz.3.5200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  463.038097][   T29] audit: type=1326 audit(1750740737.128:24107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18682 comm="syz.3.5200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  463.070069][T18686] netlink: 'syz.7.5201': attribute type 1 has an invalid length.
[  463.189349][T18697] netlink: 'syz.3.5200': attribute type 3 has an invalid length.
[  463.206048][T18697] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  463.341766][T18691] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=49936 sclass=netlink_route_socket pid=18691 comm=syz.5.5205
[  463.899395][T18700] loop7: detected capacity change from 0 to 256
[  464.060795][T18719] __nla_validate_parse: 15 callbacks suppressed
[  464.060812][T18719] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5214'.
[  464.129246][T18720] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  464.165913][T18720] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  464.356879][T18721] lo speed is unknown, defaulting to 1000
[  464.753994][T18736] netlink: 'syz.7.5217': attribute type 3 has an invalid length.
[  464.761926][T18736] netlink: 152 bytes leftover after parsing attributes in process `syz.7.5217'.
[  464.812909][T18736] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  465.161744][T18766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.170636][T18766] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.290577][T18777] syzkaller1: entered promiscuous mode
[  465.296453][T18777] syzkaller1: entered allmulticast mode
[  465.365578][T18778] netlink: 'syz.3.5231': attribute type 3 has an invalid length.
[  465.375039][T18778] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5231'.
[  465.393501][T18778] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  465.546785][T18782] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5236'.
[  466.058396][   T23] Process accounting resumed
[  466.129686][T18803] netlink: 'syz.1.5244': attribute type 1 has an invalid length.
[  466.316462][T18810] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5246'.
[  466.446364][T18820] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  466.470556][T18820] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  467.192604][T18841] netlink: 'syz.1.5257': attribute type 1 has an invalid length.
[  467.451219][T18845] netlink: 'syz.1.5259': attribute type 39 has an invalid length.
[  467.451269][T18848] netlink: 'syz.1.5259': attribute type 39 has an invalid length.
[  467.530231][T18857] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[  467.890667][   T29] kauditd_printk_skb: 168 callbacks suppressed
[  467.890684][   T29] audit: type=1400 audit(1750740742.158:24276): avc:  denied  { unlink } for  pid=11765 comm="syz-executor" name="file0" dev="tmpfs" ino=2364 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  469.012511][T18863] loop5: detected capacity change from 0 to 1024
[  469.019443][T18863] EXT4-fs: Ignoring removed i_version option
[  469.095748][T18863] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  469.132662][T18863] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.5264: Invalid block bitmap block 0 in block_group 0
[  469.147493][T18863] Quota error (device loop5): write_blk: dquota write failed
[  469.154953][T18863] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  469.165016][T18863] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.5264: Failed to acquire dquot type 0
[  469.177059][T18863] EXT4-fs error (device loop5): ext4_free_blocks:6587: comm syz.5.5264: Freeing blocks not in datazone - block = 0, count = 4096
[  469.191672][T18863] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.5264: Invalid inode bitmap blk 0 in block_group 0
[  469.204589][T18863] EXT4-fs error (device loop5) in ext4_free_inode:361: Corrupt filesystem
[  469.213813][T18863] EXT4-fs (loop5): 1 orphan inode deleted
[  469.220706][T18863] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  469.899356][ T6234] Quota error (device loop5): do_check_range: Getting block 0 out of range 1-8
[  469.908740][ T6234] EXT4-fs error (device loop5): ext4_release_dquot:6969: comm kworker/u8:20: Failed to release dquot type 0
[  470.012548][T11537] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  470.084988][   T29] audit: type=1326 audit(1750740744.348:24277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18876 comm="syz.3.5271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9182e929 code=0x7fc00000
[  470.255630][   T29] audit: type=1326 audit(1750740744.478:24278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18896 comm="syz.0.5276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f834b3fe929 code=0x7ffc0000
[  470.279988][   T29] audit: type=1326 audit(1750740744.478:24279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18896 comm="syz.0.5276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f834b3fe929 code=0x7ffc0000
[  470.303597][   T29] audit: type=1326 audit(1750740744.488:24280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18896 comm="syz.0.5276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f834b3fe929 code=0x7ffc0000
[  470.328048][   T29] audit: type=1326 audit(1750740744.488:24281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18896 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f834b3fe929 code=0x7ffc0000
[  470.351258][   T29] audit: type=1326 audit(1750740744.488:24282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18896 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f834b3fe929 code=0x7ffc0000
[  470.550048][T18920] FAULT_INJECTION: forcing a failure.
[  470.550048][T18920] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  470.564074][T18920] CPU: 1 UID: 0 PID: 18920 Comm: syz.3.5285 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  470.564132][T18920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  470.564151][T18920] Call Trace:
[  470.564161][T18920]  <TASK>
[  470.564173][T18920]  __dump_stack+0x1d/0x30
[  470.564204][T18920]  dump_stack_lvl+0xe8/0x140
[  470.564310][T18920]  dump_stack+0x15/0x1b
[  470.564335][T18920]  should_fail_ex+0x265/0x280
[  470.564448][T18920]  should_fail+0xb/0x20
[  470.564593][T18920]  should_fail_usercopy+0x1a/0x20
[  470.564638][T18920]  _copy_from_user+0x1c/0xb0
[  470.564665][T18920]  memdup_user_nul+0x5f/0xe0
[  470.564692][T18920]  sel_commit_bools_write+0xd2/0x270
[  470.564734][T18920]  vfs_writev+0x406/0x8b0
[  470.564775][T18920]  ? __pfx_sel_commit_bools_write+0x10/0x10
[  470.564893][T18920]  ? mutex_lock+0xd/0x30
[  470.564956][T18920]  do_writev+0xe7/0x210
[  470.564992][T18920]  __x64_sys_writev+0x45/0x50
[  470.565017][T18920]  x64_sys_call+0x2006/0x2fb0
[  470.565080][T18920]  do_syscall_64+0xd2/0x200
[  470.565106][T18920]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  470.565166][T18920]  ? clear_bhb_loop+0x40/0x90
[  470.565293][T18920]  ? clear_bhb_loop+0x40/0x90
[  470.565317][T18920]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.565347][T18920] RIP: 0033:0x7eff9182e929
[  470.565379][T18920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  470.565399][T18920] RSP: 002b:00007eff8fe97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  470.565419][T18920] RAX: ffffffffffffffda RBX: 00007eff91a55fa0 RCX: 00007eff9182e929
[  470.565433][T18920] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000004
[  470.565451][T18920] RBP: 00007eff8fe97090 R08: 0000000000000000 R09: 0000000000000000
[  470.565502][T18920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  470.565516][T18920] R13: 0000000000000000 R14: 00007eff91a55fa0 R15: 00007ffc50dae188
[  470.565537][T18920]  </TASK>
[  471.064672][T18922] netlink: 'syz.3.5286': attribute type 3 has an invalid length.
[  471.072680][T18922] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5286'.
[  471.178981][T18922] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  471.343860][T18938] netlink: 'syz.1.5289': attribute type 3 has an invalid length.
[  471.352767][T18938] netlink: 152 bytes leftover after parsing attributes in process `syz.1.5289'.
[  471.369804][T18938] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  471.637282][T18928] netlink: 'syz.5.5278': attribute type 3 has an invalid length.
[  471.646627][T18928] netlink: 152 bytes leftover after parsing attributes in process `syz.5.5278'.
[  471.700587][T18946] __vm_enough_memory: pid: 18946, comm: syz.7.5293, bytes: 21195535351808 not enough memory for the allocation
[  471.819852][T18928] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  472.013372][T18954] netlink: 'syz.0.5295': attribute type 1 has an invalid length.
[  472.064924][T18954] bond1: entered promiscuous mode
[  472.117538][T18957] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  472.157302][T18954] 8021q: adding VLAN 0 to HW filter on device bond1
[  472.167446][T18957] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  472.197953][T18959] netlink: 'syz.0.5295': attribute type 3 has an invalid length.
[  472.258428][T18946] loop7: detected capacity change from 0 to 512
[  472.314157][T18946] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  472.349959][T18958] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54056 sclass=netlink_route_socket pid=18958 comm=syz.0.5295
[  472.365787][T18965] netlink: 40 bytes leftover after parsing attributes in process `syz.5.5298'.
[  472.393312][T18946] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c0a8, mo2=0002]
[  472.403524][T18954] 8021q: adding VLAN 0 to HW filter on device bond1
[  472.422775][T18954] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  472.433359][T18954] bond1: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  472.445916][T18946] System zones: 1-12
[  472.459218][T18946] EXT4-fs error (device loop7): ext4_xattr_inode_iget:437: inode #11: comm syz.7.5293: missing EA_INODE flag
[  472.476162][T18946] EXT4-fs (loop7): Remounting filesystem read-only
[  472.491362][T18954] bond1: (slave ip6gre1): making interface the new active one
[  472.498942][T18954] ip6gre1: entered promiscuous mode
[  472.504662][T18946] EXT4-fs (loop7): 1 orphan inode deleted
[  472.517132][T18970] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5299'.
[  472.530269][T18954] bond1: (slave ip6gre1): Enslaving as an active interface with an up link
[  472.562546][T18946] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  472.693652][T18065] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  472.842663][T18977] FAULT_INJECTION: forcing a failure.
[  472.842663][T18977] name failslab, interval 1, probability 0, space 0, times 0
[  472.855919][T18977] CPU: 1 UID: 0 PID: 18977 Comm: syz.0.5302 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  472.856029][T18977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  472.856052][T18977] Call Trace:
[  472.856059][T18977]  <TASK>
[  472.856066][T18977]  __dump_stack+0x1d/0x30
[  472.856091][T18977]  dump_stack_lvl+0xe8/0x140
[  472.856215][T18977]  dump_stack+0x15/0x1b
[  472.856234][T18977]  should_fail_ex+0x265/0x280
[  472.856397][T18977]  should_failslab+0x8c/0xb0
[  472.856426][T18977]  __kmalloc_noprof+0xa5/0x3e0
[  472.856459][T18977]  ? sctp_auth_set_key+0x18a/0x4f0
[  472.856483][T18977]  sctp_auth_set_key+0x18a/0x4f0
[  472.856540][T18977]  sctp_setsockopt_auth_key+0x17b/0x3e0
[  472.856604][T18977]  sctp_setsockopt+0x4ba/0xe30
[  472.856638][T18977]  sock_common_setsockopt+0x66/0x80
[  472.856672][T18977]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  472.856729][T18977]  __sys_setsockopt+0x181/0x200
[  472.856761][T18977]  __x64_sys_setsockopt+0x64/0x80
[  472.856795][T18977]  x64_sys_call+0x2bd5/0x2fb0
[  472.856822][T18977]  do_syscall_64+0xd2/0x200
[  472.856861][T18977]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  472.856901][T18977]  ? clear_bhb_loop+0x40/0x90
[  472.856928][T18977]  ? clear_bhb_loop+0x40/0x90
[  472.856962][T18977]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.856989][T18977] RIP: 0033:0x7f834b3fe929
[  472.857009][T18977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  472.857033][T18977] RSP: 002b:00007f8349a67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  472.857064][T18977] RAX: ffffffffffffffda RBX: 00007f834b625fa0 RCX: 00007f834b3fe929
[  472.857081][T18977] RDX: 0000000000000017 RSI: 0000000000000084 RDI: 0000000000000003
[  472.857157][T18977] RBP: 00007f8349a67090 R08: 00000000000000ed R09: 0000000000000000
[  472.857174][T18977] R10: 0000200000000540 R11: 0000000000000246 R12: 0000000000000001
[  472.857190][T18977] R13: 0000000000000000 R14: 00007f834b625fa0 R15: 00007ffe3d56ed68
[  472.857215][T18977]  </TASK>
[  473.121716][T18984] netlink: 'syz.7.5301': attribute type 3 has an invalid length.
[  473.130646][T18984] netlink: 152 bytes leftover after parsing attributes in process `syz.7.5301'.
[  473.146653][T18984] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  473.471657][   T29] kauditd_printk_skb: 96 callbacks suppressed
[  473.471732][   T29] audit: type=1400 audit(1750740747.728:24379): avc:  denied  { create } for  pid=18994 comm="syz.0.5308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  473.497972][   T29] audit: type=1400 audit(1750740747.728:24380): avc:  denied  { bind } for  pid=18994 comm="syz.0.5308" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  473.863601][   T29] audit: type=1326 audit(1750740747.978:24381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19011 comm="syz.3.5314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  473.887655][   T29] audit: type=1326 audit(1750740747.978:24382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19011 comm="syz.3.5314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  473.911819][   T29] audit: type=1326 audit(1750740747.988:24383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19011 comm="syz.3.5314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  473.936732][   T29] audit: type=1326 audit(1750740747.988:24384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19011 comm="syz.3.5314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  473.960817][   T29] audit: type=1326 audit(1750740747.988:24385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19011 comm="syz.3.5314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  473.984891][   T29] audit: type=1326 audit(1750740747.988:24386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19011 comm="syz.3.5314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  474.009426][   T29] audit: type=1326 audit(1750740747.988:24387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19011 comm="syz.3.5314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  474.034024][   T29] audit: type=1326 audit(1750740747.988:24388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19011 comm="syz.3.5314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9182e929 code=0x7ffc0000
[  474.631399][T19019] netlink: 'syz.3.5314': attribute type 3 has an invalid length.
[  474.640250][T19019] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5314'.
[  474.659737][T19019] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  474.951318][T19032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  474.972054][T19032] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  475.032308][T19035] netlink: 'syz.5.5323': attribute type 1 has an invalid length.
[  475.095043][T19040] loop5: detected capacity change from 0 to 1024
[  475.109733][T19040] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  475.130208][T19040] ext4 filesystem being mounted at /486/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  475.152906][T19040] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  475.169856][T19040] EXT4-fs (loop5): Remounting filesystem read-only
[  475.234959][T11537] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  475.280164][T19052] loop5: detected capacity change from 0 to 512
[  475.287275][T19052] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  475.303966][T19052] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  475.321373][T19052] EXT4-fs (loop5): 1 truncate cleaned up
[  475.327627][T19052] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  475.355145][T11537] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  475.993536][T19059] netlink: 'syz.5.5330': attribute type 3 has an invalid length.
[  476.002207][T19059] netlink: 152 bytes leftover after parsing attributes in process `syz.5.5330'.
[  476.019053][T19059] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  476.315003][T19070] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5335'.
[  476.324393][T19070] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5335'.
[  476.389929][T19070] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5335'.
[  476.432438][T19078] netlink: 'syz.3.5337': attribute type 8 has an invalid length.
[  476.451394][T19080] loop7: detected capacity change from 0 to 512
[  476.469672][T19080] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  476.492782][T19070] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5335'.
[  476.501826][T19070] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5335'.
[  476.518072][T19080] ext4 filesystem being mounted at /51/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  476.540658][T19070] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5335'.
[  476.590397][T18065] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  476.626999][T19070] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5335'.
[  476.636009][T19070] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5335'.
[  476.654198][T19070] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5335'.
[  477.497529][T19096] lo speed is unknown, defaulting to 1000
[  477.566715][T19099] netlink: 'syz.7.5342': attribute type 3 has an invalid length.
[  477.574660][T19099] netlink: 152 bytes leftover after parsing attributes in process `syz.7.5342'.
[  477.610743][T19099] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  478.105727][T19131] netlink: 'syz.0.5348': attribute type 1 has an invalid length.
[  478.248601][ T6222] ==================================================================
[  478.256763][ T6222] BUG: KCSAN: data-race in ppp_asynctty_receive / tty_set_termios
[  478.265319][ T6222] 
[  478.265330][ T6222] write to 0xffff888134a0ed08 of 44 bytes by task 19144 on cpu 0:
[  478.265349][ T6222]  tty_set_termios+0xc0/0x8c0
[  478.265380][ T6222]  set_termios+0x496/0x4e0
[  478.265405][ T6222]  tty_mode_ioctl+0x379/0x5c0
[  478.265430][ T6222]  ppp_asynctty_ioctl+0x13f/0x2d0
[  478.265457][ T6222]  tty_ioctl+0x845/0xb80
[  478.265489][ T6222]  __se_sys_ioctl+0xcb/0x140
[  478.265521][ T6222]  __x64_sys_ioctl+0x43/0x50
[  478.265545][ T6222]  x64_sys_call+0x19a8/0x2fb0
[  478.265565][ T6222]  do_syscall_64+0xd2/0x200
[  478.265590][ T6222]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.265615][ T6222] 
[  478.265622][ T6222] read to 0xffff888134a0ed08 of 4 bytes by task 6222 on cpu 1:
[  478.265641][ T6222]  ppp_asynctty_receive+0x75c/0xd40
[  478.265668][ T6222]  tty_ldisc_receive_buf+0xbf/0xf0
[  478.265698][ T6222]  tty_port_default_receive_buf+0x59/0x90
[  478.265735][ T6222]  flush_to_ldisc+0x141/0x360
[  478.265768][ T6222]  process_scheduled_works+0x4ce/0x9d0
[  478.265797][ T6222]  worker_thread+0x582/0x770
[  478.265828][ T6222]  kthread+0x486/0x510
[  478.265848][ T6222]  ret_from_fork+0xda/0x150
[  478.265867][ T6222]  ret_from_fork_asm+0x1a/0x30
[  478.265892][ T6222] 
[  478.265896][ T6222] value changed: 0x00000500 -> 0x00038000
[  478.265909][ T6222] 
[  478.265912][ T6222] Reported by Kernel Concurrency Sanitizer on:
[  478.265923][ T6222] CPU: 1 UID: 0 PID: 6222 Comm: kworker/u8:10 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  478.265949][ T6222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  478.265962][ T6222] Workqueue: events_unbound flush_to_ldisc
[  478.265993][ T6222] ==================================================================
[  478.480575][   T29] kauditd_printk_skb: 180 callbacks suppressed
[  478.480594][   T29] audit: type=1326 audit(1750740752.748:24569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19135 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f834b3fe929 code=0x7ffc0000
[  478.513089][   T29] audit: type=1326 audit(1750740752.748:24570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19135 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f834b3fe929 code=0x7ffc0000
[  478.838893][T19143] netlink: 'syz.5.5352': attribute type 1 has an invalid length.