last executing test programs:

1m3.063247895s ago: executing program 3 (id=2217):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = gettid()
process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)

1m2.763641399s ago: executing program 3 (id=2222):
socket$kcm(0x10, 0x2, 0x0)
msgget$private(0x0, 0x790)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="0000000000010000660800400000000018000000000000000000e100000000009500000000000000360a0200000000007f0100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009526dc272eae0e6ec2611667f303af218d673840fa92b6360bf8e5db45c0ba0c6e334893745897c90476b1886d62477725d2effbed7026c2a47db15f6e8ab25a23b61ad7a3ec937c6576a5a778e8a1df457d247c5c153e7b3865a76e3d8bc26c8407c3da2ea5eb7a713115d3356e7a55f109e6a15c6864c48306cdabd9f7e399b5fd54fb67412e49b6fcd8b8165caa6ee49a84163d99afe0c871c9f65b14a1c435e40f11fa34e09a198ccb0e3c90f0a228950de3205bd0d62abd64ce7b3f157920f61fde458a9e9f5bfba465198a5333e3b85fc3358856828c184c7deae2c9404e7f2541b4e564c19fdaa6ad0a1868dbb54250597cb06cd1bf04e8571dec8319ecea40aa01e6614e57150e3df8788edd8db6bd084bd5fac6f76e"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x2, 0x0, 0x0, 0x7ffc0002}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
arch_prctl$ARCH_GET_CPUID(0x1011)
prctl$PR_SET_NAME(0xf, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="020a0000020000000000000100000000"], 0x10}}, 0x0)
close(r3)
rseq(&(0x7f0000000200), 0x20, 0x0, 0x0)
r4 = syz_clone(0x80200, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000840)=""/167, 0xa7}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/93, 0x5d}], 0x1, 0x0)
r5 = semget$private(0x0, 0x4000000009, 0x0)
semop(r5, &(0x7f0000000080)=[{0x0, 0xec7b, 0x1000}], 0x1)
semop(r5, &(0x7f0000000140)=[{0x0, 0xffff}], 0x1)
semtimedop(r5, &(0x7f0000000000)=[{0x4, 0x2}, {0x1, 0xfb7b, 0x1000}], 0x2, &(0x7f0000000040))
semtimedop(r5, &(0x7f0000000000)=[{0x0, 0x5, 0x800}, {0x0, 0x9, 0x1000}, {0x4, 0xc, 0x1000}, {0x2, 0xffff, 0x800}, {0x3, 0xe, 0x1800}], 0x5, &(0x7f0000000040)={0x77359400})
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448cb, 0x0)
ioctl$KDSETMODE(r0, 0x4b3a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
getpid()
openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
madvise(&(0x7f0000a5e000/0x1000)=nil, 0x1000, 0x17)

1m1.840486283s ago: executing program 3 (id=2235):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1, <r2=>0xffffffffffffffff}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc)
syz_emit_ethernet(0x86, &(0x7f0000000580)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa88a82d00810030000800470000700064000004029078000000e0e00000028307caffffffff863f000000020003f9020a9e78bce66ff2722102045ef9f8020012d33012a8eb4d6eb64a2f1dd57e83b79c0106d6fb02cd010e1444513063498e73da88cb58000011009078e000000200010001000000000000000051d603f77b3d436911661a94"], 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0xc, 0xb, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0500000004000000040000000500000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000006581c91d86992336eb0fff03fe6e0bfc3b3afece8d40360a07b915a698d1232910c3439666b7620d41012945a723a4000000000000000005f9d6cc521e33c224d5af9d41076dca2ecd94f49c3eaef2628ae63080e9cbdf81d93e45d9218a96ee113b92e9c57676c05ae763e4370a3abd8d8cfd0c76b3015778bc16d892ffd548cab44d3cc90a10afee84b312b772728968ee1bd3bf4af84dae6363e0c19ee7e32b1d238d0745674b2082c7e49b3d62ce80265f10be007af7f15fbe00"/218, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000ac0)=@newtaction={0x1bc, 0x30, 0x9, 0x1000000, 0x0, {}, [{0x1a8, 0x1, [@m_xt={0x1a4, 0x1e, 0x0, 0x0, {{0x7}, {0x118, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x74, 0x6, {0x3, 'raw\x00', 0x9, 0x2, "b003c6a965415f9a756145b1b3e24ee687b8ddfad34f912660858c8f595a2d804310ad44b2f98a82d5cadf9e06c355f936111941cd968e6276d8e4eb65ad8c2496bec72b73f2bd1a2aca"}}, @TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_INDEX={0x8, 0x3, 0xff}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}]}, {0x68, 0x6, "c345b468adc84d771f0575fd5b09bbedc2890d0de01eafb59c9bee52ea7077cb74885b6cb109f6de04e2c66ce611a23e7d901bc78e942f92b4bc94d8166d396e8f2f8f98d83415f956721740c4cba480c99eaaa98c6ce6989c796f5677f3378a2439637f"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0x1bc}, 0x1, 0x0, 0x0, 0xf0}, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0000000000000000000000008d000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r9=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r9, 0x1, 0x32, &(0x7f00000000c0), 0x4)
syz_open_procfs(0x0, &(0x7f0000000380)='net/psched\x00')
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/timers\x00', 0x0, 0x0)
close(r10)

1m1.795162257s ago: executing program 3 (id=2236):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
socket(0xa, 0x2, 0x0)
mremap(&(0x7f0000001000/0x8000)=nil, 0x8000, 0x3000, 0x3, &(0x7f0000ffd000/0x3000)=nil)
socket$packet(0x11, 0x3, 0x300)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

1m1.480586863s ago: executing program 3 (id=2239):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r1, &(0x7f0000000340)={0x23, 0x0, 0x0, 0x2}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, r2}, 0x38)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000019200)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3, 0x0, 0x2}, 0x18)
ioctl$SIOCPNENABLEPIPE(r1, 0x89ed, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000040))
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000001000010700020100000000000a00"], 0x1c}}, 0x0)

1m0.095999955s ago: executing program 3 (id=2254):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
set_mempolicy(0x1, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000020850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r2 = syz_io_uring_setup(0x1370, &(0x7f00000000c0)={0x0, 0x49fa, 0x10, 0x0, 0x50}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000280))
io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000140)=[0xffffffffffffffff], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x108, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)

1m0.095708015s ago: executing program 32 (id=2254):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
set_mempolicy(0x1, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000020850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r2 = syz_io_uring_setup(0x1370, &(0x7f00000000c0)={0x0, 0x49fa, 0x10, 0x0, 0x50}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000280))
io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000140)=[0xffffffffffffffff], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x108, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)

53.537564325s ago: executing program 5 (id=2408):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2)
readv(r0, 0x0, 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

53.47586643s ago: executing program 5 (id=2409):
socket$kcm(0x10, 0x2, 0x0)
msgget$private(0x0, 0x790)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="0000000000010000660800400000000018000000000000000000e100000000009500000000000000360a0200000000007f0100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009526dc272eae0e6ec2611667f303af218d673840fa92b6360bf8e5db45c0ba0c6e334893745897c90476b1886d62477725d2effbed7026c2a47db15f6e8ab25a23b61ad7a3ec937c6576a5a778e8a1df457d247c5c153e7b3865a76e3d8bc26c8407c3da2ea5eb7a713115d3356e7a55f109e6a15c6864c48306cdabd9f7e399b5fd54fb67412e49b6fcd8b8165caa6ee49a84163d99afe0c871c9f65b14a1c435e40f11fa34e09a198ccb0e3c90f0a228950de3205bd0d62abd64ce7b3f157920f61fde458a9e9f5bfba465198a5333e3b85fc3358856828c184c7deae2c9404e7f2541b4e564c19fdaa6ad0a1868dbb54250597cb06cd1bf04e8571dec8319ecea40aa01e6614e57150e3df8788edd8db6bd084bd5fac6f76e"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x2, 0x0, 0x0, 0x7ffc0002}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
arch_prctl$ARCH_GET_CPUID(0x1011)
prctl$PR_SET_NAME(0xf, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="020a0000020000000000000100000000"], 0x10}}, 0x0)
close(r3)
rseq(&(0x7f0000000200), 0x20, 0x0, 0x0)
r4 = syz_clone(0x80200, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000840)=""/167, 0xa7}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/93, 0x5d}], 0x1, 0x0)
r5 = semget$private(0x0, 0x4000000009, 0x0)
semop(r5, &(0x7f0000000080)=[{0x0, 0xec7b, 0x1000}], 0x1)
semop(r5, &(0x7f0000000140)=[{0x0, 0xffff}], 0x1)
semtimedop(r5, &(0x7f0000000000)=[{0x4, 0x2}, {0x1, 0xfb7b, 0x1000}], 0x2, &(0x7f0000000040))
semtimedop(r5, &(0x7f0000000000)=[{0x0, 0x5, 0x800}, {0x0, 0x9, 0x1000}, {0x4, 0xc, 0x1000}, {0x2, 0xffff, 0x800}, {0x3, 0xe, 0x1800}], 0x5, &(0x7f0000000040)={0x77359400})
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448cb, 0x0)
ioctl$KDSETMODE(r0, 0x4b3a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)

52.395991567s ago: executing program 5 (id=2429):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x8, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@delchain={0x2c, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xe}, {0xffff, 0x3}, {0xffff, 0x1}}, [@TCA_CHAIN={0x8, 0xb, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)

51.048677186s ago: executing program 5 (id=2456):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7}, 0x48)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000e00)=ANY=[@ANYBLOB="000000004c900200060000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000000000000200"/192])
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

50.900738008s ago: executing program 5 (id=2461):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xe}, {0xffff, 0x3}, {0xffff, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)

50.419711617s ago: executing program 5 (id=2476):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = syz_io_uring_setup(0x593, &(0x7f0000000400)={0x0, 0xc458, 0x800, 0x2, 0x3a1}, &(0x7f0000000300)=<r2=>0x0, &(0x7f0000000a40)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xff8, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000b00)=@IORING_OP_UNLINKAT={0x24, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200, 0x1})
io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r4 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r4, 0x0, 0x0)
r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r6 = dup(r5)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x38, 0x10, 0x401, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x60845}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8, 0x1, @udp=r8}]}}}]}, 0x38}}, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r10}, 0x18)
ioctl$PTP_EXTTS_REQUEST2(r6, 0x43403d05, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
r11 = dup(0xffffffffffffffff)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r11, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)=ANY=[@ANYBLOB="38000000030801040000000000000000030000aa8700024000160000060002408035000006000240001600000900010073797a3100000000a7"], 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x800)
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r11, 0x12, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x19, 0x0, 0x0, 0x0, 0x8}, 0x94)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000810)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007800c00018008000140e00000020c00028008000140"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)

50.419323987s ago: executing program 33 (id=2476):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = syz_io_uring_setup(0x593, &(0x7f0000000400)={0x0, 0xc458, 0x800, 0x2, 0x3a1}, &(0x7f0000000300)=<r2=>0x0, &(0x7f0000000a40)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xff8, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000b00)=@IORING_OP_UNLINKAT={0x24, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200, 0x1})
io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r4 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r4, 0x0, 0x0)
r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r6 = dup(r5)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x38, 0x10, 0x401, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x60845}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8, 0x1, @udp=r8}]}}}]}, 0x38}}, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r10}, 0x18)
ioctl$PTP_EXTTS_REQUEST2(r6, 0x43403d05, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
r11 = dup(0xffffffffffffffff)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r11, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)=ANY=[@ANYBLOB="38000000030801040000000000000000030000aa8700024000160000060002408035000006000240001600000900010073797a3100000000a7"], 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x800)
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r11, 0x12, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x19, 0x0, 0x0, 0x0, 0x8}, 0x94)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000810)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007800c00018008000140e00000020c00028008000140"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)

33.047443561s ago: executing program 1 (id=2890):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000084"], 0x0, 0x26}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r0, 0x0, 0x0}, 0x10)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x8, 0x0, 0x5, 0x2, &(0x7f0000000180), 0x101, 0x0, 0x0, {0x2}})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2}, &(0x7f0000000080), &(0x7f0000000180)=r3}, 0x20)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3200000000b4000000060a010400000000000000000100000008000b40000000008c000480340001800b000100657874686472000024000280080001400000000e080003400000000008000440000000220500020007000000540001800c000100626974776973650044000280080003400000000208000140f0ff001408000240000000121c000580150001008b6074f501258cfeb4b4dac46617946e690000000c000480060001008a9500000900010073797a30"], 0x128}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='BM\xb86\x00')
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000193c0)={0x11, 0x13, &(0x7f0000019300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000206a932500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000100000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000000)='sys_enter\x00', r6, 0x0, 0x91}, 0x18)
setresuid(0x0, 0xee00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000040)='numa_maps\x00')
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
preadv(r7, &(0x7f0000000000)=[{&(0x7f0000001200)=""/4112, 0x1010}], 0x1, 0x36, 0x0)
r8 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r8, 0x5393, &(0x7f0000000000))

32.675706261s ago: executing program 1 (id=2900):
prlimit64(0x0, 0xe, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x23, 0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x105d0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x9, 0x0, 0x7, 0x5, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x61)
socket$l2tp6(0xa, 0x2, 0x73)
socket$packet(0x11, 0x2, 0x300)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = gettid()
epoll_create(0x400)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
r3 = eventfd(0x0)
kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, r3, 0x0)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000180)={0x38, 0x1412, 0x1, 0x70bd2b, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x8010)

32.625462435s ago: executing program 1 (id=2902):
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000400)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000024000280040001"], 0x50}}, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000001000000ff0f000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r5}, &(0x7f0000000240), &(0x7f00000003c0)}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r6, 0x0, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000440)={@random="871000bb00", @multicast, @val={@void, {0x8100, 0x0, 0x1, 0x4}}, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x2, 0x7, 0x24, 0x65, 0x0, 0x9, 0x21, 0x0, @broadcast, @local}, {{0x4e22, 0x4e20, 0x4, 0x1, 0xb, 0x0, 0x0, 0x6, 0x1, "196b36", 0x2, "3571a4"}}}}}}, 0x0)

32.562242191s ago: executing program 1 (id=2905):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000004d000006000000181100", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0], 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x4}, 0x18)
r2 = openat$selinux_status(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = dup(r2)
r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
dup2(r3, r4)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x100, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mknodat$null(0xffffffffffffff9c, 0x0, 0xb0a54e68b1cd2fdb, 0x103)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
close(0xffffffffffffffff)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580), 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0) (fail_nth: 4)
r6 = openat(0xffffffffffffffff, &(0x7f0000004400)='./bus\x00', 0x8c0c81, 0x0)
write(r6, &(0x7f0000004200), 0x0)
sendfile(r6, r5, 0x0, 0x3ffff)
r7 = socket(0x1d, 0x2, 0x6)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r7, 0x6a, 0x2, 0x0, 0x0)
sendfile(r6, r5, 0x0, 0x7ffff000)
syz_clone(0x80200, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./cgroup.net/devices.allow\x00', 0x0, 0x200002, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0)

32.159809573s ago: executing program 1 (id=2911):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4b, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="1900000004000000080000"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8946, &(0x7f0000000400)='{\x05T\x82\x89\x98Yi:')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', r2, 0x0, 0x8000000000000}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, 0x0}, 0x0)
syz_usb_connect$hid(0x2, 0x36, 0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="bc0100001900010000000000fddbdf25e0000001000000000000000000000000ac1414bb0000000000000000000000000000000bffff00000a0080003c000000", @ANYRES32=0x0, @ANYRES32, @ANYRES64], 0x1bc}}, 0x8000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f00000000c0)={0x101, 0x0, 0x730, 0xbdff, 0x9, "feeeff000000001b"})
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0xff2e)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
syz_open_pts(0xffffffffffffffff, 0x8182)
socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x18, 0xb, &(0x7f00000009c0)=ANY=[@ANYRESHEX=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6}, 0x18)
accept4$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @host}, 0x10, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES8, @ANYBLOB="0000000000000000b7020000010000008500000086000000"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kmem_cache_free\x00', r7}, 0x10)
syz_emit_ethernet(0x6e, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c200000300000000000086dd6000010900383a00fe880000000000000000000000000101ff02000000000000000000000000000102009078000005dc608cb02b00092f0000000000000000000000000000000001fe8000000000000000000000000000aa2f0027a168000000"], 0x0)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r8, 0x29, 0x4b, &(0x7f0000000040), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1, 0x0, 0xf}, 0x18)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES64=r0, @ANYRESOCT=r1, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}, 0x1, 0x0, 0x0, 0x8040004}, 0x0)

31.823767101s ago: executing program 1 (id=2925):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='kfree\x00', r0}, 0x18)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r2, 0x2284, &(0x7f0000000080))
r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$BTRFS_IOC_RESIZE(r3, 0x50009403, &(0x7f00000000c0)={{r1}, {@void, @max}})

31.823505481s ago: executing program 34 (id=2925):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='kfree\x00', r0}, 0x18)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r2, 0x2284, &(0x7f0000000080))
r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$BTRFS_IOC_RESIZE(r3, 0x50009403, &(0x7f00000000c0)={{r1}, {@void, @max}})

3.102880737s ago: executing program 2 (id=3450):
pipe(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000080)={<r2=>0x0, @loopback, @empty}, &(0x7f0000000140)=0xc)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6a, '\x00', r2, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x94)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x80801c, &(0x7f0000000580), 0x1, 0x503, &(0x7f0000000880)="$eJzs3c9vI1cdAPDvOL+cNG3S0gMgoEspLGi1TuJto6oHWE4IoUqIHkHahsQbRbHjKHZKE/aQ/g9IVOIER/4Azj1x54LgxmU5IPEjAm1W4mA040nWm7U3ZpPYUfz5SKN5b2bs73trzXv21xu/AEbWjYg4iIjJiPgwIuby40m+xd32ll736PDB6tHhg9UkWq0P/plk59Nj0fGY1Ev5cxYj4kffi/hp8mzcxt7+5kq1WtlpV6cXmrXthcbe/u2N2sp6Zb2yVS4vLy0vvnvnnfKF9fWN2mRe+vLDPxx86+dps2bzI539uEjtrk+cxEmNR8QPLiPYEIzl/ZkcdkN4IYWIeC0i3szu/7kYy15NAOA6a7XmojXXWQcArrtClgNLCqU8FzAbhUKp1M7hvR4zhWq90bx1v767tdbOlc3HROH+RrWymOcK52MiSetLWflJvXyqficiXo2IX0xNZ/XSar26Nsw3PgAwwl46Nf//Z6o9/wMA11xx2A0AAAbO/A8Ao8f8DwCjx/wPAKPnyfx/d6jtAAAGx+d/ABg95n8AGCk/fP/9dGsd5b9/vfbR3u5m/aPba5XGZqm2u1pare9sl9br9fXsN3tqZz1ftV7fXno7dj+e//Z2o7nQ2Nu/V6vvbjXvZb/rfa8yMZBeAQDP8+obn/05iYiD96azLTrWcjBXw/VWGHYDgKEZG3YDgKGx2heMrnN8xpcegGuiyxK9TylGxPTpg61Wq3V5TQIu2c0vyP/DqOrI//tfwDBi5P9hdMn/w+hqtZJ+1/yPfi8EAK42OX6gx/f/r+X73+ZfDvxk7fQVn15mqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBqO17/t5SvBT4bhUKpFPFyRMzHRHJ/o1pZjIhXIuJPUxNTaX1pyG0GAM6r8LckX//r5txbs6fPTiaPp7J9RPzsVx/88uOVZnPnj+nxf50cb36aHy8Po/0AwFmO5+ls3/FB/tHhg9XjbZDt+ft3I6LYjn90OBlHJ/HHYzzbF2MiImb+neT1tqQjd3EeB59ExOe79T+J2SwH0l759HT8NPbLA41feCp+ITvX3qf/Fp+7gLbAqPksHX/udrv/CnEj23e//4vZCHV++fiXPtXqUTYGPol/PP6N9Rj/bvQb4+3ff79dmn723CcRXxyPOI591DH+HMdPesR/q8/4f/nSV97sda7164ib0T1+Z6yFZm17obG3f3ujtrJeWa9slcvLS8uL7955p7yQ5agXes8G/3jv1itZocslaf9nesQvntH/r/fZ/9/898Mff7XHuTT+N7/WLX4hXn9O/HRO/Eaf8VdmflfsdS6Nv9aj/2e9/rf6jP/wr/vPLBsOAAxPY29/c6VarewMsnD8RmKgQRX6K0zlL85Vac9ThSvbsM2V6ncGFWsy/q9HtVovFKvXiHERWTfgKji56SPi8bAbAwAAAAAAAAAAAAAAdHWpf6iUtAvD7iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADX1/8CAAD//8jOyzo=")
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r4, 0x0)
getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000300)=0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1b, 0x20000189, &(0x7f0000000240)=ANY=[], 0x0, 0xb8, 0x0, 0x0, 0x0, 0x62, '\x00', r5, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r6}, 0x10)
getrandom(&(0x7f0000000040)=""/133, 0xfffffffffffffdde, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10)
write(r1, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000007c0)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x5]}, 0x8, 0x800)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x10, 0xe, &(0x7f0000000b00)=ANY=[@ANYBLOB="b702000000000042bfa30000000000001602000000feffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000260404000100ff0f1704000001130a00b7040000050000006a0af2fe00000000850000005b000000b700000000000000950000000000000063e165cd844a954b26c933db8e175e097efb3f55bb2007ee51050512b5b42128aa090a79507df79f2d8129cf487130d5f24bf901115e17392ac66ad029d1c08a2c6146101e04aeacea799a22a2fa798b5adc436b27d53337e5003e4be7f8000000000000dbc2777df150b70639e25b7496cb8dcdd77b85b94109a314fd0840028f2ed1a4535550614e09d6378198a60978670838337af2abd55a87ac0394b2f82ffab7d153d62058d0a413b2173619ccf55520f22c9cb6712f3024b7041b1df65b3e1b9b31f154e89d485b1f7fc09a30f115646d14ce53d13d0cca00a1efc54fa737c28b994a8512c816fdcceaede3faedc51d29a47ffeffffff00f4c7a53ac271d6d6f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804dc5fa778100000000000000488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a7c2211fe4fd21a18986252a70f8f92eb6f0e8c7db35036865445971ff4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f8d791fa99dac06b57479321a0574fb304bc2a168aa43328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20faf791ec85821d0c48fb657c29b302b0d2277b44af326f36f3e2c25a61ec45c3af97a8f17da954a9b34f79908755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d4100d8bda74d66f47cc180f82c5f573c6d294d1665016ac59de637b30824d822133a7ac7fe13cab6692422a46e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da3239acad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c5f1e24d9f679e4fbe948dfb4cc4a389c69608241730459f0123fd383d5612ff0230dc6eb55e9d46de56ef907b059b905c0289afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5826236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d949a3564cb778f54334354ec2697a03aff14a9aa4bd908a99494a65044dd539f5096412b926b2e095b84000243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c3630eeaebde922320178b00cc6ed7966130b547dbf8b497af0a77fbcf2cd1d0000000000000001c80000000000000000000000091bee53595a779d243ac8cea769b10424d28804c026ab7f4a0281921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee8f8a836804ed3a1079b0282a12043408cd600087dc0dd22b634350761b9867682e11d94fff91af19f2f8df175d60a2892e456f5f4042bd13da2022f23daec61854f640f703db027665006e74f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfac92e6de9200000000a1f6c5572a9ee7f7c8a5098600000000009ec7eee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009d9c209644bb1cb603cd60a9e241435fe82d5a96b09c68c73de2f04f15d0053875732f2258aea65559eb00e76e9d092a2a60ca770663da451080cc36000906d5a9fad98c308e89bd5ffb6151d79c1cee1cdfba05e3633becd937d7a15762e5f5a3a0bc33fdbe28a0800000000000000c92fe7f791e8f6029309508e5bf024ed8f8a005f2bbf96c89739f5d81e750d50515a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd43758624600e78f4458542b14f29611f95d4a2aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6820b6ec96280000320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000000000000000000091e12aacf2ed9ee91cc82777c6a0da37e0219260f2944eb77cb7a20ab7ebcc2fbe2a986be27eacc454147267b05cba055cda2a57efefcb9a8761bc052bbb7f4167245753d31e7c1120a886bdf372ce255ca3c2aa8b0ebe42924db5d6d81e9b1514172e2f3fb1b46a1f7561b65c265b742d792d4f572d860718b5d9e94631657021612f6c974d10769e47575509bfe2d6ffa6cae835b0f492d32d12116c95e0b3b31713c20beae2dd340d7b67c3bed62b682a12363608d736289610fa01000000010000000d6f033f8438b57cedf532ee34e42b4041a682f54dc7b57200762d45724151014b733d497190f9ab3d5bab1f0635025ba9baa3a09b886e08c6bbd6e158f8e1c4ead2dc5bb4e2976a8383d8e415149455dc78439ae1b026ef03dfaa1f197a3b8ee7fcd1e39f5600a5c978584f97df1aed893821775c9b762f5acd2bf9a0eb18215ff90fe336bd75d3e8f704662d4084fa582afdd73d23546ae0abb118bdde3f4d08661e7937b8631e7439bf23618d3f7ab482dde3249f42e660496098f30e38e152ead80d7291b54da4a3b08b8fd7ddaa830ec5933a0a674334b8d4269e425b9fa0255f3ba988cfd9ae6ed8154b633a0f108f3245d3a0212586e6c5762db4076d9ee42836d3000000000033baf08867c22a29335ab8976219d500c855a5642fd6539bac21f429e40740cd4c5ba3cb49da499c1a2c6bfb6b0e2e8d168bcb79f8054de46aeaf1d44c1f0958f24a93b88ac8d146afb94977527721e16dcfe4e014ee5a503cfe6ea2ed7fad0e83056941507016489f38643c128f5f37b453d811b185551bbd08336abed54a0e2419b1a0e53214dd296d152cf82f42472bf1fd52a22efdd111977d3cf6f20e942df77792fda2c99bee3175defd519b4fae37fc1fe86ed99335ef2ed821c64af516ac03585ec43071f5cc6030cf855b7e5d725aa8e9b7bf6d7b27a4e4e2fb2ed2501e5ce4435f8cbc0ad746c1b60d60f23d892939c96f750cd71824142404c26992c49c916b82bbc81c8d93c537c3c38cd58d0b4a64ddf9c55a7506c8cce89ff51c8ad5e63d1e2d1fd945635c130b4ad0dbcead5ec8cb3be6a0a82cef44e31148d94bd7"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x3}, 0x8}, 0x94)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r7, &(0x7f0000000080)=ANY=[@ANYRES64=r7], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r7, 0x0)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$TIOCL_GETKMSGREDIRECT(r8, 0x541c, &(0x7f0000000000))
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})

3.032418313s ago: executing program 0 (id=3452):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b10000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000b00)='kmem_cache_free\x00', r0, 0x0, 0x1034}, 0x18)
syz_emit_ethernet(0x4a, &(0x7f0000000180)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x1, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0)

2.990628796s ago: executing program 0 (id=3454):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=<r2=>r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000a40)='./file0\x00', 0x18000, &(0x7f0000000f00)=ANY=[@ANYRES32=r2, @ANYRESDEC, @ANYRES16=r3, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRESDEC=r0], 0x7, 0x2f4, &(0x7f0000000c00)="$eJzs3E1PE10UwPHTF0pbAmXx5DGamN7oRjcTqK6VxkBibCJBanxJTAaYatOxJZ0GU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMLXQAKaVF+P8SMoe590zvbQdy7qQzG/fePi3kLC2nVyQYVRIQEdkUGZageALuNujEEWn2Si4P/Ph8/s79B7fSmcz4lFIT6ekrKaXUUPLDsxcxt9tqv6wPP9r4nvq2/v/62Y3f00/ylspbqliqKF3NlL5W9BnTUHN5q6ApNWkaumWofNEyyvX2Ur09Z5bm56tKL84NxufLhmUpvVhVBaOqKiVVKVdV6LGeLypN09RgXLCf7NLUlJ5uJzMpMtv58eAolMtpPSQisZaW7FJPBgQAAHpqZ/0fFNXJ+n/5wlpl4O7KkFv/r0b86v+rX+rH2lb/R0XEt/73Xt+3/tcPVv+3VkSnS/v1P46NZKRlV6AR1hrLaT3u/v06Xj9cHnEC6n8AAAAAAAAAAAAAAAAAAAAAAP4Fm7adsG074W29n34RiYqI97tPakhErvdgyOigQ3z+OAEaN+6Fh0TMNwvZhWx963ZYExFTDBmRhPyqnQ8hu64We3ceqZph+WguuvmLC9mQ05LOSd7JH5VEX/18asq37YmbmfFRVbc9v0/izfkpSch//vkp3/yIXLrYlK9JQj7NSklMmXPG0ch/OarUjduZHfkxpx8AAAAAACeBprb4rt8176EhLe0BCTevz7euD7hCjfX1iO/6PCznwj2dOgAAAAAAp4ZVfV7QTdMo7xHEZP8+7QfhIzqyN8O/zfK+y3B0M90j8F58W1PU3dnxtyVwgLdllyAo7WQla7NRh52Fd9lotz4yOdb9T9AJzrx7/7NzB7y2Et1npu0Hob1PgL6u/QMCAAAA0DWNot/bM9bbAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcAp14+lovZ4jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcFz8CQAA///MRgNp")
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f00000009c0), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000000a00))
syz_genetlink_get_family_id$nfc(&(0x7f0000000bc0), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
unshare(0x64000600)
socket$key(0xf, 0x3, 0x2)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', r10, 0x0, 0xfffffffffffffffd}, 0x18)

2.235151315s ago: executing program 2 (id=3461):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x14, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf570}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000980), r0)
sendmsg$NFC_CMD_LLC_SDREQ(r0, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000740)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fcdbdf2513000000040013800800010046"], 0x20}, 0x1, 0x0, 0x0, 0x48090}, 0x4000080)
r2 = socket(0x840000000002, 0x3, 0xff)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = socket$tipc(0x1e, 0x2, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(r3, 0x10f, 0x80, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10)
sendmmsg$inet(r2, &(0x7f0000000240)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a90500040000746400009e150451160200000064c6", 0x15}, {&(0x7f0000000000)="17460081ba60ccbb9d000000000000", 0xf}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000780)="5825be06000000000000007ca2746314d1787b351f0dda2d3d656bc3a2a75e0d", 0x20}], 0x1}}], 0x2, 0x4004040)

2.143708472s ago: executing program 2 (id=3462):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000080000000000000000000850000007d00000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = perf_event_open(&(0x7f0000000fc0)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x100000, 0x0, 0x2000005, 0x4, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000180)='cpu>=0||6')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r5, <r6=>0xffffffffffffffff}, 0x4)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240), 0xfffffffffffffffc, 0x6aed616d, r6}, 0x38)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x2a, &(0x7f0000000100)=r7, 0x4)
sendmsg$unix(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="c3", 0x1}], 0x1, 0x0, 0x0, 0x40000}, 0x20004011)
recvmsg$unix(r3, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r9, 0x0, 0x2000000000}, 0x18)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000040)={'lo\x00', <r11=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000046c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x8000000, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x2, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x40000000, 0x1000, 0x2, 0x0, 0x0, 0x8000002, 0x0, 0x7e150a0b, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x100000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x10000, 0x5d2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x1007, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x3, 0x0, 0x1, 0x8, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, 0x9, 0x0, 0x0, 0x7, 0xfbfffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x4fd, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x7e98263b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd2d1, 0x0, 0x0, 0xb2e, 0xc0c, 0xfffffffe, 0x0, 0x0, 0x0, 0xff, 0x1000, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x6, 0xc3f3, 0x1, 0x0, 0x800, 0x9, 0x800, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0xfffffffe, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0xfffffffd, 0x0, 0x0, 0xd819ac9, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x10, 0x20, 0x4, 0x400000b2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x8, 0x100, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x1, 0x4, 0xfffffffe, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x20000040, 0xffffffff, 0x400, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0xaaf0]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x3, 0x0, 0x0, 0x0, 0xc0000001}, {0x3, 0x0, 0xb, 0x0, 0x0, 0xffffffff}, 0x7, 0x10, 0x2000000}}]}}]}, 0x45c}}, 0x0)
sendmsg$inet(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)}], 0x1}, 0x2404c140)
write$cgroup_subtree(r4, &(0x7f0000000280)={[{0x2b, 'pids'}]}, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_move_numa\x00', r0, 0x0, 0x1800000000000000}, 0x18)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000a88000/0x2000)=nil, 0x3)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0)

1.835796817s ago: executing program 6 (id=3467):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000072000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r1)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x24, r2, 0x2cb3b0415539fbbb, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @void, @void}}, [@NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x2}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0xffffff81}]}, 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x0)

1.321386817s ago: executing program 0 (id=3469):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
unshare(0x64000600)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'vxcan0\x00'})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000002c0)='rpm_return_int\x00', r2}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000040), 0xf, 0xc340)
socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x8a}]}, &(0x7f00000005c0)='GPL\x00', 0x5}, 0x94)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$HIDIOCGUCODE(0xffffffffffffffff, 0xc018480d, &(0x7f00000003c0)={0x1, 0x200, 0xcf65, 0x401, 0x5})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000380)='memory.stat\x00', 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
sendfile(r5, r4, 0x0, 0x13)

1.321026697s ago: executing program 7 (id=3470):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYRES8=r2, @ANYRESOCT=r1, @ANYRES32=r1], 0x2c}, 0x1, 0x0, 0x0, 0x4000804}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
mq_open(&(0x7f0000000080)='\x00', 0x800, 0x104, &(0x7f0000000140)={0x2, 0x8, 0xfff, 0x40ab})
inotify_init()
writev(0xffffffffffffffff, &(0x7f0000012f40)=[{&(0x7f0000011940)="8f", 0x1}], 0x1)

1.320018246s ago: executing program 6 (id=3471):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==")
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[], 0x3c}}, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f0000000000)='\x06\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}I\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x00<r\xe9\x9cD\x90\xce\xe1\xc5\x85=\\!\xbbQ\xde\xc3\xe3\x7f\xcf\x1f\x17G\xa6\x13\xae\x92 \x1c\xbf\xfa\xe8e\x8cD\"\xa3w')

1.249020662s ago: executing program 7 (id=3473):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/14, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x18)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

1.248082113s ago: executing program 2 (id=3474):
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000400)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f"], 0x50}}, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000001000000ff0f000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r6}, &(0x7f0000000240), &(0x7f00000003c0)}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r7, r4, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000440)={@random="871000bb00", @multicast, @val={@void, {0x8100, 0x0, 0x1, 0x4}}, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x2, 0x7, 0x24, 0x65, 0x0, 0x9, 0x21, 0x0, @broadcast, @local}, {{0x4e22, 0x4e20, 0x4, 0x1, 0xb, 0x0, 0x0, 0x6, 0x1, "196b36", 0x2, "3571a4"}}}}}}, 0x0)

1.244004503s ago: executing program 6 (id=3476):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x14, r3, 0x6a98047402e98331, 0x70bd2a}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x4886)

1.15478514s ago: executing program 6 (id=3477):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r0)
sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x24, r1, 0x2cb3b0415539fbbb, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @void, @void}}, [@NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x2}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0xffffff81}]}, 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x0)

1.1489875s ago: executing program 7 (id=3478):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
msgctl$IPC_SET(0xffffffffffffffff, 0x1, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e6400"], 0x3c}}, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x4, {0x0, 0x0, 0x0, 0x0, 0x500, 0x8000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="46060900000000802800128009000100766c616e00000000180002800c0002001f0000001f000000060001000100000008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r7], 0x58}, 0x1, 0x0, 0x0, 0x600}, 0x0)

1.115348723s ago: executing program 2 (id=3479):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r1, r2, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r1, &(0x7f00000007c0)}, 0x20)

1.088255325s ago: executing program 0 (id=3480):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xb, &(0x7f0000001240)=ANY=[@ANYRES32, @ANYRES16, @ANYRESOCT], 0x0, 0x200000, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x9, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000010110000", @ANYRES32=<r2=>r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
syz_emit_ethernet(0xaa, &(0x7f00000008c0)=ANY=[@ANYBLOB="2899915786e8077c71e6dffd3b14d3fe9cc7bc1f494f5d65eb5b17c22438cb370ebd31d0549028397c07beefde17ae764ca1e2624eb020a8d262d9dce5f2a429ee74f683c3a9c604742712ac240f239d71861a961d2cc234ad7cbe5014bca8aa541fb9ae4f4abc9bc50d9b8e216bb0f327cf580c3f628e4cd741ee33fd94e7241e8cfaf9a84a56961558124ab1284847df09a335c377bd11f6ebf7704c846d79ff82f49294a57659bf81ba39a21b125c79474b338158", @ANYBLOB="2dee3ac227fb741d015afbb956bd05e69ff5b165a3593f38c134c9f4675606c78b8dd8e597063214556d8e290c03000000acae13df842a0b8e412709d75f9ca05c4f7c587045fcf840bceb5a492fd0c5718ef0f402294f7bcc329f85866cd78ff0c5563448de640220178ebdcdf6785398cf109856afa4da9dfa13c7af5e71127ae3d8ca8d6060ecc51df1ad54b75c638be2b676da3b00b8946d0a576a25a21a9dbe3159744dfb", @ANYRESHEX=r1, @ANYRES32=r1, @ANYRES64=r2, @ANYRES8=r0], 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
r5 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x8000021e}, &(0x7f00000001c0)=<r6=>0x0, &(0x7f0000000040)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1})
io_uring_enter(r5, 0x47fa, 0x0, 0x0, 0x0, 0x0)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r8}, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x1, r3, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1})
acct(0x0)
socket(0x10, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r10}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93, 0xfc}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0xfffffffc}, {0x1, 0x0, 0x0, 0x4000000, 0x7, 0x80000}, {0x8, 0x5, 0x0, 0xfffffffc, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x5}, {}, {0x0, 0x10}, {0x0, 0x4, 0x0, 0x8000000, 0x0, 0xfffffffe}, {0x0, 0xffffffff, 0x0, 0x0, 0xfffffffd}, {0x2, 0x0, 0x400000, 0x0, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x20}, {0xfffffffd}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {0x0, 0x2000}, {}, {0x0, 0x7, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffd}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xffffffff}, {}, {}, {}, {0xffffffff, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x1, 0x3}, {0x80}, {0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x15, 0x0, 0x48510}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xd, 0xffffffff}, {}, {}, {0x0, 0xfffefffd}, {0x0, 0x0, 0x0, 0x1}, {}, {0x5}, {}, {0x0, 0x0, 0x0, 0x3ff, 0x40000000}, {0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x400000}, {0x4, 0x0, 0x200}, {}, {}, {0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfb4}, {}, {0x0, 0x101, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x4, 0x9}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2}, {}, {}, {}, {0x800000, 0x0, 0x0, 0x0, 0x0, 0x56}, {0x0, 0x0, 0x0, 0x69}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffefffff}, {}, {0x0, 0x0, 0x6, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0xfffffffd}, {0x6}, {0x7f}, {}, {}, {0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x2, 0x0, 0x20000000}, {0x0, 0x0, 0x0, 0x0, 0x101}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x292}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x0, 0x1}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x10000000, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x2e9c, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {0xfffffffe, 0x0, 0x0, 0x0, 0x8000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x8000, 0x0, 0x0, 0x8}, {0x0, 0x0, 0x10000, 0x0, 0xfffffffc}, {0x0, 0x80000000, 0x0, 0x7dff800}], [{}, {}, {}, {}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x4}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x1}, {}, {}, {}, {0x0, 0x1}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {0x3}, {0x0, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x1}, {}, {0x5}, {}, {0x3}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {0x3}, {0x0, 0x1}, {}, {}, {}, {0x2}, {}, {0x0, 0x1}, {0x4}, {0x3}, {}, {}, {0x0, 0x1}, {0x2}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
syz_emit_ethernet(0xffffffffffffff0c, 0x0, 0x0)

1.039856019s ago: executing program 2 (id=3481):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=<r2=>r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000a40)='./file0\x00', 0x18000, &(0x7f0000000f00)=ANY=[@ANYRES32=r2, @ANYRESDEC, @ANYRES16=r3, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRESDEC=r0], 0x7, 0x2f4, &(0x7f0000000c00)="$eJzs3E1PE10UwPHTF0pbAmXx5DGamN7oRjcTqK6VxkBibCJBanxJTAaYatOxJZ0GU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMLXQAKaVF+P8SMoe590zvbQdy7qQzG/fePi3kLC2nVyQYVRIQEdkUGZageALuNujEEWn2Si4P/Ph8/s79B7fSmcz4lFIT6ekrKaXUUPLDsxcxt9tqv6wPP9r4nvq2/v/62Y3f00/ylspbqliqKF3NlL5W9BnTUHN5q6ApNWkaumWofNEyyvX2Ur09Z5bm56tKL84NxufLhmUpvVhVBaOqKiVVKVdV6LGeLypN09RgXLCf7NLUlJ5uJzMpMtv58eAolMtpPSQisZaW7FJPBgQAAHpqZ/0fFNXJ+n/5wlpl4O7KkFv/r0b86v+rX+rH2lb/R0XEt/73Xt+3/tcPVv+3VkSnS/v1P46NZKRlV6AR1hrLaT3u/v06Xj9cHnEC6n8AAAAAAAAAAAAAAAAAAAAAAP4Fm7adsG074W29n34RiYqI97tPakhErvdgyOigQ3z+OAEaN+6Fh0TMNwvZhWx963ZYExFTDBmRhPyqnQ8hu64We3ceqZph+WguuvmLC9mQ05LOSd7JH5VEX/18asq37YmbmfFRVbc9v0/izfkpSch//vkp3/yIXLrYlK9JQj7NSklMmXPG0ch/OarUjduZHfkxpx8AAAAAACeBprb4rt8176EhLe0BCTevz7euD7hCjfX1iO/6PCznwj2dOgAAAAAAp4ZVfV7QTdMo7xHEZP8+7QfhIzqyN8O/zfK+y3B0M90j8F58W1PU3dnxtyVwgLdllyAo7WQla7NRh52Fd9lotz4yOdb9T9AJzrx7/7NzB7y2Et1npu0Hob1PgL6u/QMCAAAA0DWNot/bM9bbAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcAp14+lovZ4jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcFz8CQAA///MRgNp")
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f00000009c0), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000000a00))
syz_genetlink_get_family_id$nfc(&(0x7f0000000bc0), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
unshare(0x64000600)
socket$key(0xf, 0x3, 0x2)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', r10, 0x0, 0xfffffffffffffffd}, 0x18)

984.302833ms ago: executing program 6 (id=3482):
socket$kcm(0x10, 0x2, 0x0)
msgget$private(0x0, 0x790)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="0000000000010000660800400000000018000000000000000000e100000000009500000000000000360a0200000000007f0100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009526dc272eae0e6ec2611667f303af218d673840fa92b6360bf8e5db45c0ba0c6e334893745897c90476b1886d62477725d2effbed7026c2a47db15f6e8ab25a23b61ad7a3ec937c6576a5a778e8a1df457d247c5c153e7b3865a76e3d8bc26c8407c3da2ea5eb7a713115d3356e7a55f109e6a15c6864c48306cdabd9f7e399b5fd54fb67412e49b6fcd8b8165caa6ee49a84163d99afe0c871c9f65b14a1c435e40f11fa34e09a198ccb0e3c90f0a228950de3205bd0d62abd64ce7b3f157920f61fde458a9e9f5bfba465198a5333e3b85fc3358856828c184c7deae2c9404e7f2541b4e564c19fdaa6ad0a1868dbb54250597cb06cd1bf04e8571dec8319ecea40aa01e6614e57150e3df8788edd8db6bd084bd5fac6f76e"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x2, 0x0, 0x0, 0x7ffc0002}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
arch_prctl$ARCH_GET_CPUID(0x1011)
prctl$PR_SET_NAME(0xf, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="020a0000020000000000000100000000"], 0x10}}, 0x0)
close(r3)
rseq(&(0x7f0000000200), 0x20, 0x0, 0x0)
r4 = syz_clone(0x80200, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000840)=""/167, 0xa7}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/93, 0x5d}], 0x1, 0x0)
r5 = semget$private(0x0, 0x4000000009, 0x0)
semop(r5, &(0x7f0000000080)=[{0x0, 0xec7b, 0x1000}], 0x1)
semtimedop(r5, &(0x7f0000000000)=[{0x4, 0x2}, {0x1, 0xfb7b, 0x1000}], 0x2, &(0x7f0000000040))
semtimedop(r5, &(0x7f0000000000)=[{0x0, 0x5, 0x800}, {0x0, 0x9, 0x1000}, {0x4, 0xc, 0x1000}, {0x2, 0xffff, 0x800}, {0x3, 0xe, 0x1800}], 0x5, &(0x7f0000000040)={0x77359400})
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448cb, 0x0)
ioctl$KDSETMODE(r0, 0x4b3a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
getpid()

688.862706ms ago: executing program 7 (id=3483):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4b, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="1900000004000000080000"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', r1, 0x0, 0x8000000000000}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, 0x0}, 0x0)
syz_usb_connect$hid(0x2, 0x36, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x8000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f00000000c0)={0x101, 0x0, 0x730, 0xbdff, 0x9, "feeeff000000001b"})
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0xff2e)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
syz_open_pts(0xffffffffffffffff, 0x8182)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x18)
accept4$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @host}, 0x10, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES8, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10)
syz_emit_ethernet(0x6e, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c200000300000000000086dd6000010900383a00fe880000000000000000000000000101ff02000000000000000000000000000102009078000005dc608cb02b00092f0000000000000000000000000000000001fe8000000000000000000000000000aa2f0027a168000000"], 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r5, 0x29, 0x4b, &(0x7f0000000040), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r0, 0x0, 0xf}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES64, @ANYRESOCT=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYBLOB="08001b"], 0x30}, 0x1, 0x0, 0x0, 0x8040004}, 0x0)

416.010388ms ago: executing program 4 (id=3484):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000072000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r1)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x24, r2, 0x2cb3b0415539fbbb, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @void, @void}}, [@NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x2}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0xffffff81}]}, 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x0)

400.006659ms ago: executing program 4 (id=3485):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="00000000000057b6b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
r1 = memfd_create(&(0x7f0000000bc0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85Q\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~Mx\x02\x00(v\xe6`\x026\xfcgC\xb5\xf0\x13.zb\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x80\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F91 ^x\x85\x80[\xa3B\n#!\xc2R\xdd\xf4)\xba\x1e\xfb6U\xabc\xda\x9a)\xc3\x9a\x06\xc5\xccP)\xdf.\xa7-\x84\xdf8\xbf\xfc1^}B\xee\xccR/z\x1e\xe8\x1e\x99\x99\n\xf4u\xd4\xbd^L\xb2j\xda\xff\x1d\x10\xc8\xad\xbd_OI\xb1\xe8y\x003\a\x06\x92\x8e\n\x8b\xf3\xd4G\x85\xbd\x1a\x81+3\x99jq\xd1\xacK^\xef\xb6!8\xcd?\x1e\\\x16W2\xbd4$zn\xa9\x7f\x9dE\xaf\x0f\xdb\xe0\xfa\x10\xc3\xb2\xf8\x80\x8c\xec$\xda\xc0\x94y1\t\xc5`\xda\xca\xd1\xab:\x18\x10\x9b\xd0w', 0x0)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r2)
write$binfmt_misc(r1, &(0x7f0000000180)="e502", 0x2)
execveat(r1, 0x0, 0x0, 0x0, 0x1000)

355.146002ms ago: executing program 4 (id=3486):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b10000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000b00)='kmem_cache_free\x00', r0, 0x0, 0x1034}, 0x18)
syz_emit_ethernet(0x4a, &(0x7f0000000180)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x1, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0)

304.551406ms ago: executing program 4 (id=3487):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x8, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xe}, {0xffff, 0x3}, {0xffff, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)

196.060725ms ago: executing program 0 (id=3488):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x18, r3, 0x6a98047402e98331, 0x70bd2a, 0x0, {}, [@HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x50}, 0x4886)

149.312638ms ago: executing program 7 (id=3489):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/14, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x18)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

135.748929ms ago: executing program 0 (id=3490):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4b, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="1900000004000000080000"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8946, &(0x7f0000000400)='{\x05T\x82\x89\x98Yi:')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', r2, 0x0, 0x8000000000000}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, 0x0}, 0x0)
syz_usb_connect$hid(0x2, 0x36, 0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="bc0100001900010000000000fddbdf25e0000001000000000000000000000000ac1414bb0000000000000000000000000000000bffff00000a0080003c000000", @ANYRES32=0x0, @ANYRES32, @ANYRES64], 0x1bc}}, 0x8000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f00000000c0)={0x101, 0x0, 0x730, 0xbdff, 0x9, "feeeff000000001b"})
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0xff2e)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
syz_open_pts(0xffffffffffffffff, 0x8182)
socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x18, 0xb, &(0x7f00000009c0)=ANY=[@ANYRESHEX=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6}, 0x18)
accept4$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @host}, 0x10, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000200000000", @ANYRES8, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kmem_cache_free\x00', r7}, 0x10)
syz_emit_ethernet(0x6e, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c200000300000000000086dd6000010900383a00fe880000000000000000000000000101ff02000000000000000000000000000102009078000005dc608cb02b00092f0000000000000000000000000000000001fe8000000000000000000000000000aa2f0027a168000000"], 0x0)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r8, 0x29, 0x4b, &(0x7f0000000040), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1, 0x0, 0xf}, 0x18)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES64=r0, @ANYRESOCT=r1, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}, 0x1, 0x0, 0x0, 0x8040004}, 0x0)

101.862772ms ago: executing program 4 (id=3491):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r1, r2, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r1, &(0x7f00000007c0)}, 0x20)

49.247016ms ago: executing program 4 (id=3492):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
unshare(0x64000600)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'vxcan0\x00'})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000002c0)='rpm_return_int\x00', r2}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000040), 0xf, 0xc340)
socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x8a}]}, &(0x7f00000005c0)='GPL\x00', 0x5}, 0x94)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$HIDIOCGUCODE(0xffffffffffffffff, 0xc018480d, &(0x7f00000003c0)={0x1, 0x200, 0xcf65, 0x401, 0x5})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000380)='memory.stat\x00', 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x6)
sendfile(r5, r4, 0x0, 0x13)

48.186616ms ago: executing program 7 (id=3493):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000001040)='/sys/kernel/warn_count', 0x18040, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x21, 0x1, 0xffffffff, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
prctl$PR_SET_NAME(0xf, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000d80)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x4, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x4080)

0s ago: executing program 6 (id=3494):
r0 = getpid()
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r2, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r0}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000180)=0x14)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = socket$kcm(0x29, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)='r', 0x200420}], 0x1}, 0x48000)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22004004, &(0x7f0000000140)={[{@jqfmt_vfsold}, {@errors_remount}, {@noload}, {@nombcache}, {@usrjquota}, {@grpjquota, 0x2e}]}, 0x81, 0x46c, &(0x7f00000004c0)="$eJzs3MtvG8UfAPDvrpP09ctD/ZVHH1BDQUQUkiYU6IELCKRekJDgAMeQhqrUbVETJFpVtCBUjoi/ADgi8RdwggsCTiCucEdIFeqFwgEtWnu3dWIndZwYN/jzkdae2YdnZmcnnp3xJoCBVc1fkogsIn6OiPFGdPkO1cbbjeuX5v+8fmk+iSx7+fekvt8f1y/Nl7uWx+0qIpNpRPpBEvvbpLt44eLpuVpt4XwRn14689b04oWLj586M3dy4eTC2dljx44+MfP0U7NPbko5R/O87nv33IG9x1/7+MX5LF7/7os8v/8rtjeXo2Fiw2lWo7r8XNaN1F8f3vCn31lGm8LJUB8zwrpUIiKvruF6+x+PStyqvPF44f2+Zg7oqSzLsm0taytl4EoG/Icl0e8cAP1RftHn97/l8i92P/ru2rONG6C83DeKpbFlKNL8bXvjjn20R+lXI+LVK399ki/RdhwCAGBzfZX3fx5r1/8bS+5u2m+smBuaiIjDEbE7Iv4fEXsi4q6IyPe9JyLuXWf61RXx1v7Pjzu6KliH8v7fM8Xc1vL+X1ruMlEpYqP18g8nb5yqLRwpzslkDG/L4zNrpPH18z99tNq25v5fvuTpl33BIh+/Da0YoDsxtzS3kTI3u/ZexL6hduVPbs4EJBGxNyL2dfH5+Tk79ejnB/Lw2K7W7QduW/41bMI8U/ZZxCON+r8SK8pfShoprTY/Ob09agtHpsurotX3P1x9qTk+3BS+ff33Vl7/O9te/0X5y2ZQztcurj+Nq798uOo9TbfX/0jySj08Uqx7Z25p6fxMxEixYtn62VvHlvFy/7z8k4falX8s2R3x96fFcfuLa/W+iLg/Ig4WeX8gIh6MiENrlP/b5x56c+0z1N/6P7FW/UdMJM3z9V0EKqe/+XK19Dur/6P10GSxppO/f51mcCPnDgAAALaKtP4b+CSduhlO06mpxm/498TOtHZucelwNd4+e6LxW/mJGE7Lka7xpvHQmWJsuIzProiXY15ZtqMen5o/V+vVnDrQmV2rtP/cr5V+5w7ouXXNo7U+0QZsYZ7XhMGl/cPg0v5hcGn/MLjatf/LETeaoj19CAPoH9//MLi0fxhc2j8MLu0fBlLrI/HlSF83T/rfCuw+vqHDByhQ6dEnR/M/7ehBINK+n7ruA+mdkI2DRWBbRHR61OWe1unK6wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDr+ycAAP//ENre5A==")
r4 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r4, 0x107, 0x17, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x50)
sendmsg$kcm(r3, &(0x7f0000001cc0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000005c0)="96", 0x1}], 0x1}, 0x1)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0xf)
perf_event_open(&(0x7f0000000280)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x8404, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={&(0x7f0000000080)}, 0x400, 0x1, 0x0, 0x3, 0x0, 0x8, 0x0, 0x0, 0x40, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x9)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000010000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto, @func_proto={0x0, 0x0, 0x0, 0xd, 0xa}, @restrict={0xb, 0x0, 0x0, 0xb, 0x5}]}}, 0x0, 0x3e, 0x0, 0x1}, 0x28)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f00000007c0)={0x2, {0x2, 0x101, 0x0, 0x101}})

kernel console output (not intermixed with test programs):

  getname_flags+0x80/0x3b0
[  162.205830][T10451]  __x64_sys_symlinkat+0x40/0x70
[  162.205932][T10451]  x64_sys_call+0x293d/0x2ff0
[  162.205958][T10451]  do_syscall_64+0xd2/0x200
[  162.205994][T10451]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  162.206015][T10451]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  162.206078][T10451]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.206104][T10451] RIP: 0033:0x7f9714aaebe9
[  162.206122][T10451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.206143][T10451] RSP: 002b:00007f9713517038 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[  162.206166][T10451] RAX: ffffffffffffffda RBX: 00007f9714cd5fa0 RCX: 00007f9714aaebe9
[  162.206180][T10451] RDX: 0000200000000000 RSI: ffffffffffffff9c RDI: 0000000000000000
[  162.206193][T10451] RBP: 00007f9713517090 R08: 0000000000000000 R09: 0000000000000000
[  162.206261][T10451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.206275][T10451] R13: 00007f9714cd6038 R14: 00007f9714cd5fa0 R15: 00007ffd78e08fc8
[  162.206299][T10451]  </TASK>
[  162.207301][T10418] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  162.400518][T10418] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.418234][T10418] loop1: detected capacity change from 0 to 512
[  162.438395][T10418] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  162.460859][T10418] EXT4-fs (loop1): mount failed
[  162.531584][T10474] syzkaller1: entered promiscuous mode
[  162.537201][T10474] syzkaller1: entered allmulticast mode
[  162.746195][T10487] lo speed is unknown, defaulting to 1000
[  162.796123][T10487] lo speed is unknown, defaulting to 1000
[  162.866999][T10494] 8021q: adding VLAN 0 to HW filter on device bond12
[  162.954782][T10505] lo speed is unknown, defaulting to 1000
[  163.003857][T10505] lo speed is unknown, defaulting to 1000
[  163.009983][T10488] lo speed is unknown, defaulting to 1000
[  163.084399][T10488] lo speed is unknown, defaulting to 1000
[  163.100106][ T3436] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.170642][ T3436] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.222173][T10427] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.251988][ T3436] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.276808][T10488] chnl_net:caif_netlink_parms(): no params data found
[  163.329200][T10427] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.394334][ T3436] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.410882][T10552] sch_tbf: burst 3298 is lower than device lo mtu (32783) !
[  163.424082][T10542] lo speed is unknown, defaulting to 1000
[  163.425031][T10488] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.437056][T10488] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.454755][T10488] bridge_slave_0: entered allmulticast mode
[  163.461429][T10488] bridge_slave_0: entered promiscuous mode
[  163.470972][T10427] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.484166][T10542] lo speed is unknown, defaulting to 1000
[  163.490490][T10488] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.497888][T10488] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.505619][T10488] bridge_slave_1: entered allmulticast mode
[  163.512364][T10488] bridge_slave_1: entered promiscuous mode
[  163.571965][T10488] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  163.603484][T10488] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  163.612702][   T51] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  163.630112][   T51] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  163.646077][T10488] team0: Port device team_slave_0 added
[  163.667337][ T3436] batadv2: left allmulticast mode
[  163.672404][ T3436] batadv2: left promiscuous mode
[  163.677578][ T3436] bridge0: port 5(batadv2) entered disabled state
[  163.691544][ T3436] batadv1: left allmulticast mode
[  163.696735][ T3436] batadv1: left promiscuous mode
[  163.701877][ T3436] bridge0: port 4(batadv1) entered disabled state
[  163.710871][ T3436] batadv0: left allmulticast mode
[  163.715994][ T3436] batadv0: left promiscuous mode
[  163.721052][ T3436] bridge0: port 3(batadv0) entered disabled state
[  163.732212][ T3436] bridge_slave_1: left allmulticast mode
[  163.737939][ T3436] bridge_slave_1: left promiscuous mode
[  163.743571][ T3436] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.765596][ T3436] bridge_slave_0: left allmulticast mode
[  163.771279][ T3436] bridge_slave_0: left promiscuous mode
[  163.776998][ T3436] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.886740][ T3436] bond1 (unregistering): (slave bridge1): Releasing backup interface
[  163.955861][ T3436] bond2 (unregistering): (slave bridge2): Releasing backup interface
[  164.055700][ T3436] bond3 (unregistering): (slave bridge4): Releasing backup interface
[  164.135797][ T3436] bond5 (unregistering): (slave bridge6): Releasing backup interface
[  164.456742][ T3436] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  164.467579][ T3436] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  164.477152][ T3436] bond0 (unregistering): Released all slaves
[  164.486274][ T3436] bond1 (unregistering): Released all slaves
[  164.492634][T10587] FAULT_INJECTION: forcing a failure.
[  164.492634][T10587] name failslab, interval 1, probability 0, space 0, times 0
[  164.496576][ T3436] bond2 (unregistering): Released all slaves
[  164.505386][T10587] CPU: 1 UID: 0 PID: 10587 Comm: syz.0.2724 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  164.505428][T10587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  164.505450][T10587] Call Trace:
[  164.505460][T10587]  <TASK>
[  164.505470][T10587]  __dump_stack+0x1d/0x30
[  164.505553][T10587]  dump_stack_lvl+0xe8/0x140
[  164.505582][T10587]  dump_stack+0x15/0x1b
[  164.505606][T10587]  should_fail_ex+0x265/0x280
[  164.505654][T10587]  should_failslab+0x8c/0xb0
[  164.505690][T10587]  kmem_cache_alloc_noprof+0x50/0x310
[  164.505763][T10587]  ? getname_flags+0x80/0x3b0
[  164.505801][T10587]  ? fput+0x8f/0xc0
[  164.505986][T10587]  getname_flags+0x80/0x3b0
[  164.506024][T10587]  __x64_sys_unlinkat+0x70/0xb0
[  164.506056][T10587]  x64_sys_call+0x2ede/0x2ff0
[  164.506085][T10587]  do_syscall_64+0xd2/0x200
[  164.506178][T10587]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  164.506212][T10587]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  164.506242][T10587]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.506283][T10587] RIP: 0033:0x7ffa93a0ebe9
[  164.506304][T10587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.506329][T10587] RSP: 002b:00007ffa92477038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[  164.506353][T10587] RAX: ffffffffffffffda RBX: 00007ffa93c35fa0 RCX: 00007ffa93a0ebe9
[  164.506370][T10587] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffff9c
[  164.506445][T10587] RBP: 00007ffa92477090 R08: 0000000000000000 R09: 0000000000000000
[  164.506530][T10587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  164.506547][T10587] R13: 00007ffa93c36038 R14: 00007ffa93c35fa0 R15: 00007ffe62362ad8
[  164.506596][T10587]  </TASK>
[  164.691268][ T3436] bond3 (unregistering): Released all slaves
[  164.700811][ T3436] bond4 (unregistering): Released all slaves
[  164.709712][ T3436] bond5 (unregistering): Released all slaves
[  164.718723][ T3436] bond6 (unregistering): Released all slaves
[  164.727279][ T3436] bond7 (unregistering): Released all slaves
[  164.736142][ T3436] bond8 (unregistering): Released all slaves
[  164.744554][ T3436] bond9 (unregistering): Released all slaves
[  164.752842][ T3436] bond10 (unregistering): Released all slaves
[  164.761727][ T3436] bond11 (unregistering): Released all slaves
[  164.771780][ T3436] bond12 (unregistering): Released all slaves
[  164.780465][ T3436] bond13 (unregistering): Released all slaves
[  164.789240][ T3436] bond14 (unregistering): Released all slaves
[  164.799373][ T3436] bond15 (unregistering): Released all slaves
[  164.807998][T10488] team0: Port device team_slave_1 added
[  164.818087][   T31] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  164.829256][   T31] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  164.888806][ T3436] tipc: Disabling bearer <udp:syz2>
[  164.894117][ T3436] tipc: Left network mode
[  164.899675][T10488] batman_adv: batadv0: Adding interface: batadv_slave_0
[  164.906696][T10488] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.932625][T10488] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  164.944098][T10488] batman_adv: batadv0: Adding interface: batadv_slave_1
[  164.951153][T10488] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.977217][T10488] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  165.014824][T10599] __nla_validate_parse: 13 callbacks suppressed
[  165.014841][T10599] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2730'.
[  165.053127][T10599] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2730'.
[  165.086783][   T29] kauditd_printk_skb: 164 callbacks suppressed
[  165.086798][   T29] audit: type=1326 audit(1754544850.693:4470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10606 comm="syz.0.2734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa93a0ebe9 code=0x7ffc0000
[  165.116682][   T29] audit: type=1326 audit(1754544850.703:4471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10606 comm="syz.0.2734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffa93a0ebe9 code=0x7ffc0000
[  165.140282][   T29] audit: type=1326 audit(1754544850.703:4472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10606 comm="syz.0.2734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa93a0ebe9 code=0x7ffc0000
[  165.164018][   T29] audit: type=1326 audit(1754544850.703:4473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10606 comm="syz.0.2734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffa93a0ebe9 code=0x7ffc0000
[  165.187634][   T29] audit: type=1326 audit(1754544850.703:4474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10606 comm="syz.0.2734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa93a0ebe9 code=0x7ffc0000
[  165.211388][   T29] audit: type=1326 audit(1754544850.703:4475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10606 comm="syz.0.2734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7ffa93a0ebe9 code=0x7ffc0000
[  165.219399][T10612] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2736'.
[  165.235238][   T29] audit: type=1326 audit(1754544850.703:4476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10606 comm="syz.0.2734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa93a0ebe9 code=0x7ffc0000
[  165.267507][   T29] audit: type=1326 audit(1754544850.703:4477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10606 comm="syz.0.2734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7ffa93a0ebe9 code=0x7ffc0000
[  165.291112][   T29] audit: type=1326 audit(1754544850.703:4478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10606 comm="syz.0.2734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa93a0ebe9 code=0x7ffc0000
[  165.297460][T10614] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2736'.
[  165.330365][ T3436] hsr_slave_0: left promiscuous mode
[  165.337120][ T3436] hsr_slave_1: left promiscuous mode
[  165.350610][ T3436] veth1_macvtap: left promiscuous mode
[  165.356442][ T3436] veth0_macvtap: left promiscuous mode
[  165.361993][ T3436] veth1_vlan: left promiscuous mode
[  165.367470][ T3436] veth0_vlan: left promiscuous mode
[  165.469852][   T29] audit: type=1400 audit(1754544851.083:4479): avc:  denied  { read write } for  pid=10619 comm="syz.4.2740" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  165.522396][ T3436] team0 (unregistering): Port device team_slave_1 removed
[  165.532677][ T3436] team0 (unregistering): Port device team_slave_0 removed
[  165.575707][   T31] smc: removing ib device s
z1
[  165.619744][T10612] 8021q: adding VLAN 0 to HW filter on device bond11
[  165.647259][T10488] hsr_slave_0: entered promiscuous mode
[  165.653408][T10488] hsr_slave_1: entered promiscuous mode
[  165.877151][T10633] netlink: 260 bytes leftover after parsing attributes in process `syz.2.2741'.
[  166.552951][    T9] lo speed is unknown, defaulting to 1000
[  166.558853][    T9] infiniband syz0: ib_query_port failed (-19)
[  166.788313][T10650] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2748'.
[  166.850523][T10650] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2748'.
[  166.913017][T10658] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2751'.
[  166.922890][T10658] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2751'.
[  167.418601][T10679] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2761'.
[  167.432863][T10679] 8021q: adding VLAN 0 to HW filter on device bond12
[  167.527833][T10488] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  167.528844][T10688] serio: Serial port ptm0
[  167.552098][T10488] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  167.567432][T10488] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  167.580474][T10488] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  167.589809][ T3436] ------------[ cut here ]------------
[  167.595391][ T3436] WARNING: CPU: 0 PID: 3436 at net/xfrm/xfrm_state.c:3308 xfrm_state_fini+0x1a3/0x1f0
[  167.604998][ T3436] Modules linked in:
[  167.608966][ T3436] CPU: 0 UID: 0 PID: 3436 Comm: kworker/u8:7 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  167.621327][ T3436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  167.631529][ T3436] Workqueue: netns cleanup_net
[  167.636373][ T3436] RIP: 0010:xfrm_state_fini+0x1a3/0x1f0
[  167.642019][ T3436] Code: a2 fc 90 0f 0b 90 e9 d9 fe ff ff e8 67 8e a2 fc 90 0f 0b 90 4c 89 f7 e8 bb 4b bd fc 4d 8b 3e e9 06 ff ff ff e8 4e 8e a2 fc 90 <0f> 0b 90 4c 89 f7 e8 a2 4b bd fc 4d 8b 3e e9 24 ff ff ff e8 35 8e
[  167.662208][ T3436] RSP: 0018:ffffc9000187fc60 EFLAGS: 00010293
[  167.668314][ T3436] RAX: ffffffff84b56b72 RBX: ffff888118140000 RCX: ffff88811960d280
[  167.676352][ T3436] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88810e212780
[  167.684338][ T3436] RBP: 0000000000000040 R08: 0001888118140e27 R09: 0000000000000000
[  167.692356][ T3436] R10: ffff88810e212800 R11: 000188810e2127ff R12: ffffffff86c8a480
[  167.700456][ T3436] R13: ffff888118140028 R14: ffff888118140e20 R15: ffff88810e212780
[  167.708529][ T3436] FS:  0000000000000000(0000) GS:ffff8882aee47000(0000) knlGS:0000000000000000
[  167.717584][ T3436] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  167.724272][ T3436] CR2: 00007ffc8bce5008 CR3: 00000001034fe000 CR4: 00000000003506f0
[  167.732494][ T3436] Call Trace:
[  167.735980][ T3436]  <TASK>
[  167.738924][ T3436]  xfrm_net_exit+0x2d/0x60
[  167.743348][ T3436]  ops_undo_list+0x27b/0x410
[  167.748033][ T3436]  cleanup_net+0x2de/0x4d0
[  167.752526][ T3436]  process_scheduled_works+0x4ce/0x9d0
[  167.758094][ T3436]  worker_thread+0x582/0x770
[  167.762765][ T3436]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[  167.768607][ T3436]  kthread+0x486/0x510
[  167.772680][ T3436]  ? finish_task_switch+0xad/0x2b0
[  167.777821][ T3436]  ? __pfx_worker_thread+0x10/0x10
[  167.782994][ T3436]  ? __pfx_kthread+0x10/0x10
[  167.787790][ T3436]  ret_from_fork+0xda/0x150
[  167.792373][ T3436]  ? __pfx_kthread+0x10/0x10
[  167.797021][ T3436]  ret_from_fork_asm+0x1a/0x30
[  167.801907][ T3436]  </TASK>
[  167.804956][ T3436] ---[ end trace 0000000000000000 ]---
[  167.821070][T10701] 8021q: adding VLAN 0 to HW filter on device bond8
[  167.871285][T10488] 8021q: adding VLAN 0 to HW filter on device bond0
[  167.882914][T10488] 8021q: adding VLAN 0 to HW filter on device team0
[  167.941635][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.948822][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  167.957968][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  167.965039][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  168.089130][T10488] 8021q: adding VLAN 0 to HW filter on device batadv0
[  168.196677][T10488] veth0_vlan: entered promiscuous mode
[  168.205724][T10488] veth1_vlan: entered promiscuous mode
[  168.229152][T10488] veth0_macvtap: entered promiscuous mode
[  168.243887][T10488] veth1_macvtap: entered promiscuous mode
[  168.267816][T10488] batman_adv: batadv0: Interface activated: batadv_slave_0
[  168.286552][T10488] batman_adv: batadv0: Interface activated: batadv_slave_1
[  168.298120][ T7895] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  168.324855][ T7895] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  168.344089][T10768] 8021q: adding VLAN 0 to HW filter on device bond9
[  168.353477][ T7895] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  168.365005][   T37] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  168.619488][T10796] loop1: detected capacity change from 0 to 1024
[  168.643631][T10796] EXT4-fs: Ignoring removed orlov option
[  168.649504][T10796] EXT4-fs: Ignoring removed nomblk_io_submit option
[  168.687802][T10807] block device autoloading is deprecated and will be removed.
[  168.704950][T10796] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  168.826810][T10488] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.866614][T10825] FAULT_INJECTION: forcing a failure.
[  168.866614][T10825] name failslab, interval 1, probability 0, space 0, times 0
[  168.879364][T10825] CPU: 1 UID: 0 PID: 10825 Comm: syz.1.2814 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  168.879476][T10825] Tainted: [W]=WARN
[  168.879483][T10825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  168.879497][T10825] Call Trace:
[  168.879504][T10825]  <TASK>
[  168.879514][T10825]  __dump_stack+0x1d/0x30
[  168.879555][T10825]  dump_stack_lvl+0xe8/0x140
[  168.879577][T10825]  dump_stack+0x15/0x1b
[  168.879593][T10825]  should_fail_ex+0x265/0x280
[  168.879628][T10825]  should_failslab+0x8c/0xb0
[  168.879661][T10825]  __kmalloc_cache_node_noprof+0x54/0x320
[  168.879701][T10825]  ? __get_vm_area_node+0x106/0x1d0
[  168.879742][T10825]  __get_vm_area_node+0x106/0x1d0
[  168.879853][T10825]  __vmalloc_node_range_noprof+0x273/0xe00
[  168.879886][T10825]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[  168.879929][T10825]  ? avc_has_perm_noaudit+0x1b1/0x200
[  168.879954][T10825]  ? cred_has_capability+0x210/0x280
[  168.880063][T10825]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[  168.880106][T10825]  __vmalloc_noprof+0x83/0xc0
[  168.880139][T10825]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[  168.880170][T10825]  bpf_prog_alloc_no_stats+0x47/0x3a0
[  168.880261][T10825]  ? bpf_prog_alloc+0x2a/0x150
[  168.880294][T10825]  bpf_prog_alloc+0x3c/0x150
[  168.880359][T10825]  bpf_prog_load+0x514/0x1070
[  168.880446][T10825]  ? security_bpf+0x2b/0x90
[  168.880484][T10825]  __sys_bpf+0x462/0x7b0
[  168.880524][T10825]  __x64_sys_bpf+0x41/0x50
[  168.880577][T10825]  x64_sys_call+0x2aea/0x2ff0
[  168.880602][T10825]  do_syscall_64+0xd2/0x200
[  168.880631][T10825]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  168.880659][T10825]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  168.880734][T10825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.880755][T10825] RIP: 0033:0x7f67641febe9
[  168.880773][T10825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.880795][T10825] RSP: 002b:00007f6762c67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  168.880818][T10825] RAX: ffffffffffffffda RBX: 00007f6764425fa0 RCX: 00007f67641febe9
[  168.880892][T10825] RDX: 0000000000000094 RSI: 0000200000000380 RDI: 0000000000000005
[  168.880907][T10825] RBP: 00007f6762c67090 R08: 0000000000000000 R09: 0000000000000000
[  168.880920][T10825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  168.880931][T10825] R13: 00007f6764426038 R14: 00007f6764425fa0 R15: 00007ffc7be3bff8
[  168.880955][T10825]  </TASK>
[  168.880964][T10825] syz.1.2814: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0
[  169.142996][T10825] CPU: 1 UID: 0 PID: 10825 Comm: syz.1.2814 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  169.143078][T10825] Tainted: [W]=WARN
[  169.143086][T10825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  169.143099][T10825] Call Trace:
[  169.143105][T10825]  <TASK>
[  169.143113][T10825]  __dump_stack+0x1d/0x30
[  169.143132][T10825]  dump_stack_lvl+0xe8/0x140
[  169.143150][T10825]  dump_stack+0x15/0x1b
[  169.143241][T10825]  warn_alloc+0x12b/0x1a0
[  169.143280][T10825]  __vmalloc_node_range_noprof+0x297/0xe00
[  169.143326][T10825]  ? avc_has_perm_noaudit+0x1b1/0x200
[  169.143381][T10825]  ? cred_has_capability+0x210/0x280
[  169.143427][T10825]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[  169.143455][T10825]  __vmalloc_noprof+0x83/0xc0
[  169.143552][T10825]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[  169.143579][T10825]  bpf_prog_alloc_no_stats+0x47/0x3a0
[  169.143630][T10825]  ? bpf_prog_alloc+0x2a/0x150
[  169.143665][T10825]  bpf_prog_alloc+0x3c/0x150
[  169.143776][T10825]  bpf_prog_load+0x514/0x1070
[  169.143909][T10825]  ? security_bpf+0x2b/0x90
[  169.143948][T10825]  __sys_bpf+0x462/0x7b0
[  169.143987][T10825]  __x64_sys_bpf+0x41/0x50
[  169.144037][T10825]  x64_sys_call+0x2aea/0x2ff0
[  169.144227][T10825]  do_syscall_64+0xd2/0x200
[  169.144309][T10825]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  169.144339][T10825]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  169.144360][T10825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.144491][T10825] RIP: 0033:0x7f67641febe9
[  169.144508][T10825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.144532][T10825] RSP: 002b:00007f6762c67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  169.144554][T10825] RAX: ffffffffffffffda RBX: 00007f6764425fa0 RCX: 00007f67641febe9
[  169.144570][T10825] RDX: 0000000000000094 RSI: 0000200000000380 RDI: 0000000000000005
[  169.144586][T10825] RBP: 00007f6762c67090 R08: 0000000000000000 R09: 0000000000000000
[  169.144602][T10825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.144618][T10825] R13: 00007f6764426038 R14: 00007f6764425fa0 R15: 00007ffc7be3bff8
[  169.144699][T10825]  </TASK>
[  169.362896][T10825] Mem-Info:
[  169.366222][T10825] active_anon:8631 inactive_anon:1 isolated_anon:0
[  169.366222][T10825]  active_file:22346 inactive_file:2618 isolated_file:0
[  169.366222][T10825]  unevictable:0 dirty:409 writeback:0
[  169.366222][T10825]  slab_reclaimable:3406 slab_unreclaimable:17221
[  169.366222][T10825]  mapped:33546 shmem:4546 pagetables:1383
[  169.366222][T10825]  sec_pagetables:0 bounce:0
[  169.366222][T10825]  kernel_misc_reclaimable:0
[  169.366222][T10825]  free:1884057 free_pcp:6443 free_cma:0
[  169.411363][T10825] Node 0 active_anon:37888kB inactive_anon:4kB active_file:89384kB inactive_file:10472kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:137664kB dirty:1636kB writeback:0kB shmem:21664kB kernel_stack:4064kB pagetables:5532kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  169.438820][T10825] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  169.467724][T10825] lowmem_reserve[]: 0 2883 7862 7862
[  169.473163][T10825] Node 0 DMA32 free:2949228kB boost:0kB min:4132kB low:7064kB high:9996kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2952860kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:3532kB free_cma:0kB
[  169.503838][T10825] lowmem_reserve[]: 0 0 4978 4978
[  169.509192][T10825] Node 0 Normal free:4563636kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:43572kB inactive_anon:4kB active_file:89384kB inactive_file:10472kB unevictable:0kB writepending:1636kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:20852kB local_pcp:9960kB free_cma:0kB
[  169.529019][T10835] serio: Serial port ptm0
[  169.541227][T10825] lowmem_reserve[]: 0 0 0 0
[  169.550457][T10825] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  169.563278][T10825] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 3*16kB (M) 3*32kB (M) 3*64kB (M) 4*128kB (M) 3*256kB (M) 3*512kB (M) 3*1024kB (M) 3*2048kB (M) 717*4096kB (M) = 2949228kB
[  169.579391][T10825] Node 0 Normal: 245*4kB (UME) 43*8kB (U) 27*16kB (UM) 687*32kB (UM) 400*64kB (UM) 84*128kB (UME) 97*256kB (UM) 103*512kB (UME) 96*1024kB (UME) 47*2048kB (UM) 1032*4096kB (UM) = 4559292kB
[  169.598263][T10825] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  169.607635][T10825] 32524 total pagecache pages
[  169.612342][T10825] 6 pages in swap cache
[  169.616558][T10825] Free swap  = 124972kB
[  169.620725][T10825] Total swap = 124996kB
[  169.624921][T10825] 2097051 pages RAM
[  169.628743][T10825] 0 pages HighMem/MovableOnly
[  169.633505][T10825] 80436 pages reserved
[  169.892707][T10868] serio: Serial port ptm0
[  170.045466][T10877] Falling back ldisc for ttyS3.
[  170.114110][   T29] kauditd_printk_skb: 166 callbacks suppressed
[  170.114125][   T29] audit: type=1400 audit(1754544855.723:4644): avc:  denied  { load_policy } for  pid=10880 comm="syz.6.2838" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  170.146880][T10881] SELinux: ebitmap: truncated map
[  170.161440][T10881] SELinux: failed to load policy
[  170.197058][   T29] audit: type=1400 audit(1754544855.813:4645): avc:  denied  { create } for  pid=10897 comm="syz.6.2842" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  170.231725][   T29] audit: type=1400 audit(1754544855.813:4646): avc:  denied  { write } for  pid=10897 comm="syz.6.2842" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  170.252035][   T29] audit: type=1400 audit(1754544855.813:4647): avc:  denied  { nlmsg_write } for  pid=10897 comm="syz.6.2842" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  170.284643][   T29] audit: type=1400 audit(1754544855.903:4648): avc:  denied  { create } for  pid=10902 comm="syz.1.2843" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  170.310023][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.316169][   T29] audit: type=1400 audit(1754544855.903:4649): avc:  denied  { name_bind } for  pid=10904 comm="syz.4.2845" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  170.342200][   T29] audit: type=1400 audit(1754544855.903:4650): avc:  denied  { node_bind } for  pid=10904 comm="syz.4.2845" saddr=127.0.0.1 src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  170.364481][   T29] audit: type=1400 audit(1754544855.923:4651): avc:  denied  { setopt } for  pid=10902 comm="syz.1.2843" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  170.384577][   T29] audit: type=1400 audit(1754544855.923:4652): avc:  denied  { bind } for  pid=10902 comm="syz.1.2843" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  170.407165][   T29] audit: type=1400 audit(1754544855.933:4653): avc:  denied  { write } for  pid=10904 comm="syz.4.2845" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  170.443953][T10909] serio: Serial port ptm0
[  170.476622][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.517029][T10918] __nla_validate_parse: 7 callbacks suppressed
[  170.517046][T10918] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2847'.
[  170.547665][T10920] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2850'.
[  170.565482][T10920] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2850'.
[  170.578791][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.593379][T10876] chnl_net:caif_netlink_parms(): no params data found
[  170.630193][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.669298][T10876] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.676612][T10876] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.684138][T10876] bridge_slave_0: entered allmulticast mode
[  170.694328][T10876] bridge_slave_0: entered promiscuous mode
[  170.701603][T10876] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.708925][T10876] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.722847][T10876] bridge_slave_1: entered allmulticast mode
[  170.729552][T10876] bridge_slave_1: entered promiscuous mode
[  170.754427][T10876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  170.774316][T10876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  170.806170][T10935] Falling back ldisc for ttyS3.
[  170.817365][T10876] team0: Port device team_slave_0 added
[  170.835308][T10876] team0: Port device team_slave_1 added
[  171.106650][   T12] bond0 (unregistering): Released all slaves
[  171.115695][   T12] bond1 (unregistering): Released all slaves
[  171.125113][   T12] bond2 (unregistering): Released all slaves
[  171.134446][   T12] bond3 (unregistering): Released all slaves
[  171.143715][   T12] bond4 (unregistering): Released all slaves
[  171.154480][   T12] bond5 (unregistering): Released all slaves
[  171.164003][   T12] bond6 (unregistering): Released all slaves
[  171.175591][   T12] bond7 (unregistering): Released all slaves
[  171.185753][   T12] bond8 (unregistering): Released all slaves
[  171.195083][   T12] bond9 (unregistering): Released all slaves
[  171.209198][T10876] batman_adv: batadv0: Adding interface: batadv_slave_0
[  171.216216][T10876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.242137][T10876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  171.260802][T10876] batman_adv: batadv0: Adding interface: batadv_slave_1
[  171.267801][T10876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.293714][T10876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  171.328298][   T12] tipc: Disabling bearer <udp:syz2>
[  171.333545][   T12] tipc: Left network mode
[  171.363310][T10876] hsr_slave_0: entered promiscuous mode
[  171.370761][T10876] hsr_slave_1: entered promiscuous mode
[  171.377198][T10876] debugfs: 'hsr0' already exists in 'hsr'
[  171.382928][T10876] Cannot create hsr debugfs directory
[  171.388503][T10954] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2863'.
[  171.400329][   T12] hsr_slave_0: left promiscuous mode
[  171.406532][T10958] FAULT_INJECTION: forcing a failure.
[  171.406532][T10958] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  171.419757][T10958] CPU: 0 UID: 0 PID: 10958 Comm: syz.0.2865 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  171.419798][T10958] Tainted: [W]=WARN
[  171.419806][T10958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  171.419822][T10958] Call Trace:
[  171.419829][T10958]  <TASK>
[  171.419837][T10958]  __dump_stack+0x1d/0x30
[  171.419862][T10958]  dump_stack_lvl+0xe8/0x140
[  171.419962][T10958]  dump_stack+0x15/0x1b
[  171.419981][T10958]  should_fail_ex+0x265/0x280
[  171.420086][T10958]  should_fail+0xb/0x20
[  171.420117][T10958]  should_fail_usercopy+0x1a/0x20
[  171.420142][T10958]  _copy_to_user+0x20/0xa0
[  171.420229][T10958]  simple_read_from_buffer+0xb5/0x130
[  171.420258][T10958]  proc_fail_nth_read+0x10e/0x150
[  171.420324][T10958]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  171.420357][T10958]  vfs_read+0x1a0/0x6f0
[  171.420434][T10958]  ? __rcu_read_unlock+0x4f/0x70
[  171.420471][T10958]  ? __fget_files+0x184/0x1c0
[  171.420507][T10958]  ksys_read+0xda/0x1a0
[  171.420566][T10958]  __x64_sys_read+0x40/0x50
[  171.420595][T10958]  x64_sys_call+0x27bc/0x2ff0
[  171.420622][T10958]  do_syscall_64+0xd2/0x200
[  171.420670][T10958]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  171.420707][T10958]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  171.420736][T10958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.420762][T10958] RIP: 0033:0x7ffa93a0d5fc
[  171.420778][T10958] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  171.420796][T10958] RSP: 002b:00007ffa92477030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  171.420815][T10958] RAX: ffffffffffffffda RBX: 00007ffa93c35fa0 RCX: 00007ffa93a0d5fc
[  171.420831][T10958] RDX: 000000000000000f RSI: 00007ffa924770a0 RDI: 0000000000000005
[  171.420847][T10958] RBP: 00007ffa92477090 R08: 0000000000000000 R09: 0000000000000000
[  171.420863][T10958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  171.420879][T10958] R13: 00007ffa93c36038 R14: 00007ffa93c35fa0 R15: 00007ffe62362ad8
[  171.420901][T10958]  </TASK>
[  171.421035][   T12] hsr_slave_1: left promiscuous mode
[  171.639539][   T12] veth1_macvtap: left promiscuous mode
[  171.645087][   T12] veth0_macvtap: left promiscuous mode
[  171.650604][   T12] veth1_vlan: left promiscuous mode
[  171.655869][   T12] veth0_vlan: left promiscuous mode
[  172.018495][T10992] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2878'.
[  172.047422][T10994] serio: Serial port ptm0
[  172.119567][T10998] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2048 sclass=netlink_route_socket pid=10998 comm=syz.4.2880
[  172.158620][T10876] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  172.167698][T10876] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  172.177265][T10876] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  172.190204][T10876] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  172.249211][T10876] 8021q: adding VLAN 0 to HW filter on device bond0
[  172.266411][T10876] 8021q: adding VLAN 0 to HW filter on device team0
[  172.276667][ T7895] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.283777][ T7895] bridge0: port 1(bridge_slave_0) entered forwarding state
[  172.300614][T10651] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.307779][T10651] bridge0: port 2(bridge_slave_1) entered forwarding state
[  172.402216][T10876] 8021q: adding VLAN 0 to HW filter on device batadv0
[  172.563672][T10876] veth0_vlan: entered promiscuous mode
[  172.574375][T10876] veth1_vlan: entered promiscuous mode
[  172.624248][T10876] veth0_macvtap: entered promiscuous mode
[  172.637723][T10876] veth1_macvtap: entered promiscuous mode
[  172.658694][T10876] batman_adv: batadv0: Interface activated: batadv_slave_0
[  172.680026][T10876] batman_adv: batadv0: Interface activated: batadv_slave_1
[  172.717556][T10651] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  172.746696][T10651] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  172.769571][T10651] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  172.780807][T11052] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  172.791733][T10651] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  172.833923][T11060] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2831'.
[  172.847322][T11060] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2831'.
[  172.856368][T11060] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2831'.
[  172.858870][T11064] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2902'.
[  172.941767][T11070] loop1: detected capacity change from 0 to 1024
[  172.968072][T11070] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.992087][T11070] FAULT_INJECTION: forcing a failure.
[  172.992087][T11070] name failslab, interval 1, probability 0, space 0, times 0
[  173.004921][T11070] CPU: 0 UID: 0 PID: 11070 Comm: syz.1.2905 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  173.004964][T11070] Tainted: [W]=WARN
[  173.004973][T11070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  173.004988][T11070] Call Trace:
[  173.004995][T11070]  <TASK>
[  173.005004][T11070]  __dump_stack+0x1d/0x30
[  173.005030][T11070]  dump_stack_lvl+0xe8/0x140
[  173.005075][T11070]  dump_stack+0x15/0x1b
[  173.005091][T11070]  should_fail_ex+0x265/0x280
[  173.005203][T11070]  should_failslab+0x8c/0xb0
[  173.005231][T11070]  kmem_cache_alloc_noprof+0x50/0x310
[  173.005263][T11070]  ? security_file_alloc+0x32/0x100
[  173.005301][T11070]  security_file_alloc+0x32/0x100
[  173.005367][T11070]  init_file+0x5c/0x1d0
[  173.005406][T11070]  alloc_empty_file+0x8b/0x200
[  173.005436][T11070]  path_openat+0x68/0x2170
[  173.005460][T11070]  ? _parse_integer_limit+0x170/0x190
[  173.005547][T11070]  ? kstrtoull+0x111/0x140
[  173.005586][T11070]  ? kstrtouint+0x76/0xc0
[  173.005639][T11070]  do_filp_open+0x109/0x230
[  173.005714][T11070]  do_sys_openat2+0xa6/0x110
[  173.005747][T11070]  __x64_sys_openat+0xf2/0x120
[  173.005785][T11070]  x64_sys_call+0x2e9c/0x2ff0
[  173.005822][T11070]  do_syscall_64+0xd2/0x200
[  173.005846][T11070]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  173.005871][T11070]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  173.005892][T11070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.005927][T11070] RIP: 0033:0x7f67641febe9
[  173.005945][T11070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.005968][T11070] RSP: 002b:00007f6762c67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  173.005991][T11070] RAX: ffffffffffffffda RBX: 00007f6764425fa0 RCX: 00007f67641febe9
[  173.006005][T11070] RDX: 0000000000004040 RSI: 0000200000000180 RDI: ffffffffffffff9c
[  173.006017][T11070] RBP: 00007f6762c67090 R08: 0000000000000000 R09: 0000000000000000
[  173.006028][T11070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.006064][T11070] R13: 00007f6764426038 R14: 00007f6764425fa0 R15: 00007ffc7be3bff8
[  173.006087][T11070]  </TASK>
[  173.278249][T10488] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  173.330164][T10488] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  173.441921][T11093] serio: Serial port ptm0
[  173.451153][T11095] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2915'.
[  173.483133][T11095] 8021q: adding VLAN 0 to HW filter on device bond1
[  173.559928][T11105] serio: Serial port ptm0
[  173.562389][T10488] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.589113][T11109] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  173.617097][T11116] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.646981][T11113] netlink: 'syz.6.2923': attribute type 9 has an invalid length.
[  173.684054][T11113] team_slave_0: entered promiscuous mode
[  173.689834][T11113] team_slave_1: entered promiscuous mode
[  173.706534][T11113] macvlan2: entered promiscuous mode
[  173.711895][T11113] team0: entered promiscuous mode
[  173.717315][T11113] macvlan2: entered allmulticast mode
[  173.722709][T11113] team0: entered allmulticast mode
[  173.727907][T11113] team_slave_0: entered allmulticast mode
[  173.733649][T11113] team_slave_1: entered allmulticast mode
[  173.763911][T11113] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  173.790188][T11116] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.827939][T11133] serio: Serial port ptm0
[  173.847107][ T3436] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.873068][T11136] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  173.882896][T11116] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.917131][ T3436] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.971167][T11116] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.998693][ T3436] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.046653][T11123] chnl_net:caif_netlink_parms(): no params data found
[  174.071421][T11154] FAULT_INJECTION: forcing a failure.
[  174.071421][T11154] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  174.084605][T11154] CPU: 0 UID: 0 PID: 11154 Comm: syz.6.2935 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  174.084650][T11154] Tainted: [W]=WARN
[  174.084659][T11154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  174.084676][T11154] Call Trace:
[  174.084685][T11154]  <TASK>
[  174.084743][T11154]  __dump_stack+0x1d/0x30
[  174.084764][T11154]  dump_stack_lvl+0xe8/0x140
[  174.084783][T11154]  dump_stack+0x15/0x1b
[  174.084799][T11154]  should_fail_ex+0x265/0x280
[  174.084839][T11154]  should_fail+0xb/0x20
[  174.084949][T11154]  should_fail_usercopy+0x1a/0x20
[  174.084974][T11154]  _copy_to_user+0x20/0xa0
[  174.085016][T11154]  simple_read_from_buffer+0xb5/0x130
[  174.085041][T11154]  proc_fail_nth_read+0x10e/0x150
[  174.085077][T11154]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  174.085115][T11154]  vfs_read+0x1a0/0x6f0
[  174.085141][T11154]  ? __rcu_read_unlock+0x4f/0x70
[  174.085209][T11154]  ? __fget_files+0x184/0x1c0
[  174.085236][T11154]  ksys_read+0xda/0x1a0
[  174.085264][T11154]  __x64_sys_read+0x40/0x50
[  174.085369][T11154]  x64_sys_call+0x27bc/0x2ff0
[  174.085395][T11154]  do_syscall_64+0xd2/0x200
[  174.085428][T11154]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  174.085513][T11154]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  174.085542][T11154]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.085570][T11154] RIP: 0033:0x7fd4a2e0d5fc
[  174.085589][T11154] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  174.085613][T11154] RSP: 002b:00007fd4a1877030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  174.085698][T11154] RAX: ffffffffffffffda RBX: 00007fd4a3035fa0 RCX: 00007fd4a2e0d5fc
[  174.085715][T11154] RDX: 000000000000000f RSI: 00007fd4a18770a0 RDI: 0000000000000003
[  174.085732][T11154] RBP: 00007fd4a1877090 R08: 0000000000000000 R09: 0000000000000000
[  174.085749][T11154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  174.085764][T11154] R13: 00007fd4a3036038 R14: 00007fd4a3035fa0 R15: 00007ffdaa242b98
[  174.085789][T11154]  </TASK>
[  174.315148][ T3436] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.329267][   T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  174.340406][   T12] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  174.386917][T11123] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.394030][T11123] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.414894][T11123] bridge_slave_0: entered allmulticast mode
[  174.424895][T11123] bridge_slave_0: entered promiscuous mode
[  174.431490][   T37] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  174.456578][T11123] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.463756][T11123] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.480720][T11123] bridge_slave_1: entered allmulticast mode
[  174.488359][T11123] bridge_slave_1: entered promiscuous mode
[  174.501365][   T37] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  174.539410][ T3436] bridge_slave_1: left allmulticast mode
[  174.545266][ T3436] bridge_slave_1: left promiscuous mode
[  174.551061][ T3436] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.554600][T11176] serio: Serial port ptm0
[  174.564128][ T3436] bridge_slave_0: left allmulticast mode
[  174.569970][ T3436] bridge_slave_0: left promiscuous mode
[  174.575860][ T3436] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.682408][T11190] FAULT_INJECTION: forcing a failure.
[  174.682408][T11190] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  174.695621][T11190] CPU: 1 UID: 0 PID: 11190 Comm: syz.4.2946 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  174.695681][T11190] Tainted: [W]=WARN
[  174.695699][T11190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  174.695711][T11190] Call Trace:
[  174.695716][T11190]  <TASK>
[  174.695723][T11190]  __dump_stack+0x1d/0x30
[  174.695811][T11190]  dump_stack_lvl+0xe8/0x140
[  174.695831][T11190]  dump_stack+0x15/0x1b
[  174.695846][T11190]  should_fail_ex+0x265/0x280
[  174.695920][T11190]  should_fail+0xb/0x20
[  174.695976][T11190]  should_fail_usercopy+0x1a/0x20
[  174.696009][T11190]  _copy_from_user+0x1c/0xb0
[  174.696037][T11190]  core_sys_select+0x34a/0x6e0
[  174.696138][T11190]  ? set_user_sigmask+0x84/0x190
[  174.696160][T11190]  __se_sys_pselect6+0x216/0x280
[  174.696182][T11190]  ? ksys_write+0x10d/0x1a0
[  174.696228][T11190]  __x64_sys_pselect6+0x78/0x90
[  174.696253][T11190]  x64_sys_call+0x28b9/0x2ff0
[  174.696274][T11190]  do_syscall_64+0xd2/0x200
[  174.696301][T11190]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  174.696354][T11190]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  174.696411][T11190]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.696484][T11190] RIP: 0033:0x7f9714aaebe9
[  174.696502][T11190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  174.696520][T11190] RSP: 002b:00007f9713517038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  174.696539][T11190] RAX: ffffffffffffffda RBX: 00007f9714cd5fa0 RCX: 00007f9714aaebe9
[  174.696552][T11190] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  174.696568][T11190] RBP: 00007f9713517090 R08: 0000000000000000 R09: 0000000000000000
[  174.696584][T11190] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  174.696624][T11190] R13: 00007f9714cd6038 R14: 00007f9714cd5fa0 R15: 00007ffd78e08fc8
[  174.696648][T11190]  </TASK>
[  174.928130][ T3436] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  174.938469][ T3436] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  174.947949][ T3436] bond0 (unregistering): Released all slaves
[  174.980449][T11123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  174.996056][T11123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  175.021293][T11198] vlan2: entered allmulticast mode
[  175.033332][T11189] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  175.042561][ T3436] hsr_slave_0: left promiscuous mode
[  175.048379][ T3436] hsr_slave_1: left promiscuous mode
[  175.054093][ T3436] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  175.061660][ T3436] batman_adv: batadv0: Removing interface: batadv_slave_0
[  175.069195][ T3436] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  175.076606][ T3436] batman_adv: batadv0: Removing interface: batadv_slave_1
[  175.087643][ T3436] veth1_macvtap: left promiscuous mode
[  175.093188][ T3436] veth0_macvtap: left promiscuous mode
[  175.098922][ T3436] veth1_vlan: left promiscuous mode
[  175.104275][ T3436] veth0_vlan: left promiscuous mode
[  175.174086][ T3436] team0 (unregistering): Port device team_slave_1 removed
[  175.183913][ T3436] team0 (unregistering): Port device team_slave_0 removed
[  175.231478][T11123] team0: Port device team_slave_0 added
[  175.243834][T11123] team0: Port device team_slave_1 added
[  175.266426][T11123] batman_adv: batadv0: Adding interface: batadv_slave_0
[  175.273417][T11123] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.299354][T11123] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  175.312532][T11123] batman_adv: batadv0: Adding interface: batadv_slave_1
[  175.319606][T11123] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.345715][T11123] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  175.354698][T11204] siw: device registration error -23
[  175.371558][T11210] FAULT_INJECTION: forcing a failure.
[  175.371558][T11210] name failslab, interval 1, probability 0, space 0, times 0
[  175.384274][T11210] CPU: 0 UID: 0 PID: 11210 Comm: syz.6.2952 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  175.384318][T11210] Tainted: [W]=WARN
[  175.384327][T11210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  175.384350][T11210] Call Trace:
[  175.384425][T11210]  <TASK>
[  175.384432][T11210]  __dump_stack+0x1d/0x30
[  175.384492][T11210]  dump_stack_lvl+0xe8/0x140
[  175.384517][T11210]  dump_stack+0x15/0x1b
[  175.384535][T11210]  should_fail_ex+0x265/0x280
[  175.384575][T11210]  ? x509_cert_parse+0x3b/0x430
[  175.384642][T11210]  should_failslab+0x8c/0xb0
[  175.384671][T11210]  __kmalloc_cache_noprof+0x4c/0x320
[  175.384709][T11210]  x509_cert_parse+0x3b/0x430
[  175.384748][T11210]  x509_key_preparse+0x3c/0x420
[  175.384842][T11210]  ? selinux_key_permission+0x161/0x190
[  175.384875][T11210]  asymmetric_key_preparse+0x65/0xb0
[  175.384923][T11210]  __key_create_or_update+0x288/0x750
[  175.385035][T11210]  ? key_validate+0xad/0xd0
[  175.385069][T11210]  key_create_or_update+0x42/0x60
[  175.385123][T11210]  __se_sys_add_key+0x296/0x350
[  175.385151][T11210]  __x64_sys_add_key+0x67/0x80
[  175.385183][T11210]  x64_sys_call+0x28c4/0x2ff0
[  175.385203][T11210]  do_syscall_64+0xd2/0x200
[  175.385224][T11210]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  175.385246][T11210]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  175.385276][T11210]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.385299][T11210] RIP: 0033:0x7fd4a2e0ebe9
[  175.385380][T11210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.385406][T11210] RSP: 002b:00007fd4a1877038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  175.385429][T11210] RAX: ffffffffffffffda RBX: 00007fd4a3035fa0 RCX: 00007fd4a2e0ebe9
[  175.385440][T11210] RDX: 0000200000000180 RSI: 0000000000000000 RDI: 0000200000000100
[  175.385452][T11210] RBP: 00007fd4a1877090 R08: 000000001b46f90d R09: 0000000000000000
[  175.385463][T11210] R10: 000000000000004b R11: 0000000000000246 R12: 0000000000000001
[  175.385506][T11210] R13: 00007fd4a3036038 R14: 00007fd4a3035fa0 R15: 00007ffdaa242b98
[  175.385526][T11210]  </TASK>
[  175.659264][T11123] hsr_slave_0: entered promiscuous mode
[  175.676803][T11123] hsr_slave_1: entered promiscuous mode
[  175.719708][T11225] FAULT_INJECTION: forcing a failure.
[  175.719708][T11225] name failslab, interval 1, probability 0, space 0, times 0
[  175.732502][T11225] CPU: 1 UID: 0 PID: 11225 Comm: syz.2.2959 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  175.732613][T11225] Tainted: [W]=WARN
[  175.732622][T11225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  175.732649][T11225] Call Trace:
[  175.732654][T11225]  <TASK>
[  175.732661][T11225]  __dump_stack+0x1d/0x30
[  175.732682][T11225]  dump_stack_lvl+0xe8/0x140
[  175.732702][T11225]  dump_stack+0x15/0x1b
[  175.732720][T11225]  should_fail_ex+0x265/0x280
[  175.732759][T11225]  should_failslab+0x8c/0xb0
[  175.732784][T11225]  __kmalloc_noprof+0xa5/0x3e0
[  175.732859][T11225]  ? __d_alloc+0x90/0x340
[  175.732888][T11225]  __d_alloc+0x90/0x340
[  175.732916][T11225]  d_alloc+0x2e/0x100
[  175.732944][T11225]  lookup_one_qstr_excl+0x99/0x250
[  175.733002][T11225]  filename_create+0x149/0x230
[  175.733023][T11225]  do_linkat+0x12b/0x600
[  175.733050][T11225]  __x64_sys_link+0x58/0x70
[  175.733078][T11225]  x64_sys_call+0x12a7/0x2ff0
[  175.733185][T11225]  do_syscall_64+0xd2/0x200
[  175.733210][T11225]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  175.733281][T11225]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  175.733310][T11225]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.733338][T11225] RIP: 0033:0x7f261663ebe9
[  175.733358][T11225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.733381][T11225] RSP: 002b:00007f261509f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
[  175.733408][T11225] RAX: ffffffffffffffda RBX: 00007f2616865fa0 RCX: 00007f261663ebe9
[  175.733453][T11225] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 00002000000001c0
[  175.733465][T11225] RBP: 00007f261509f090 R08: 0000000000000000 R09: 0000000000000000
[  175.733477][T11225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.733493][T11225] R13: 00007f2616866038 R14: 00007f2616865fa0 R15: 00007fff013cf558
[  175.733515][T11225]  </TASK>
[  175.938595][   T29] kauditd_printk_skb: 113 callbacks suppressed
[  175.938616][   T29] audit: type=1400 audit(1754544861.553:4767): avc:  denied  { write } for  pid=11218 comm="syz.4.2956" name="001" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  175.980328][T11222] __nla_validate_parse: 8 callbacks suppressed
[  175.980359][T11222] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2958'.
[  175.997117][   T29] audit: type=1326 audit(1754544861.613:4768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11229 comm="syz.2.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261663ebe9 code=0x7ffc0000
[  176.037795][T11228] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.052388][   T29] audit: type=1326 audit(1754544861.613:4769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11229 comm="syz.2.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261663ebe9 code=0x7ffc0000
[  176.076053][   T29] audit: type=1326 audit(1754544861.653:4770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11229 comm="syz.2.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f261663ebe9 code=0x7ffc0000
[  176.099567][   T29] audit: type=1326 audit(1754544861.653:4771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11229 comm="syz.2.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261663ebe9 code=0x7ffc0000
[  176.123269][   T29] audit: type=1326 audit(1754544861.653:4772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11229 comm="syz.2.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f261663ebe9 code=0x7ffc0000
[  176.146879][   T29] audit: type=1326 audit(1754544861.653:4773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11229 comm="syz.2.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261663ebe9 code=0x7ffc0000
[  176.170425][   T29] audit: type=1326 audit(1754544861.653:4774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11229 comm="syz.2.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f261663ebe9 code=0x7ffc0000
[  176.194059][   T29] audit: type=1326 audit(1754544861.653:4775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11229 comm="syz.2.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261663ebe9 code=0x7ffc0000
[  176.250001][   T29] audit: type=1400 audit(1754544861.863:4776): avc:  denied  { read } for  pid=11241 comm="syz.6.2965" name="event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  176.275809][T11238] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2963'.
[  176.290162][T11228] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.301421][T11242] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2965'.
[  176.322412][T11238] 8021q: adding VLAN 0 to HW filter on device bond13
[  176.330410][T11246] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2963'.
[  176.342870][T11123] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  176.385016][T11123] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  176.410195][T11228] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.425558][T11256] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2970'.
[  176.438810][T11123] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  176.462033][T11123] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  176.476718][T11256] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2970'.
[  176.487627][T11228] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.510348][T11258] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  176.578331][   T37] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  176.605597][   T31] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  176.636004][   T37] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  176.646264][T11123] 8021q: adding VLAN 0 to HW filter on device bond0
[  176.695523][   T37] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  176.708553][T11123] 8021q: adding VLAN 0 to HW filter on device team0
[  176.738304][T10651] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.745437][T10651] bridge0: port 1(bridge_slave_0) entered forwarding state
[  176.771718][T10651] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.778852][T10651] bridge0: port 2(bridge_slave_1) entered forwarding state
[  176.821918][T11274] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2976'.
[  176.841713][T11280] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2978'.
[  176.845787][T11123] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  176.901002][T11280] 8021q: adding VLAN 0 to HW filter on device bond13
[  176.907052][T11285] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2978'.
[  177.013347][T11123] 8021q: adding VLAN 0 to HW filter on device batadv0
[  177.049454][T11288] ip6gretap0: mtu less than device minimum
[  177.056046][T11300] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2982'.
[  177.306260][T11328] IPVS: Error joining to the multicast group
[  177.325817][T11328] netlink: 'syz.4.2989': attribute type 2 has an invalid length.
[  177.330686][T11123] veth0_vlan: entered promiscuous mode
[  177.358549][T11123] veth1_vlan: entered promiscuous mode
[  177.398509][T11123] veth0_macvtap: entered promiscuous mode
[  177.423040][T11123] veth1_macvtap: entered promiscuous mode
[  177.439427][T11123] batman_adv: batadv0: Interface activated: batadv_slave_0
[  177.472586][T11123] batman_adv: batadv0: Interface activated: batadv_slave_1
[  177.506877][   T12] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  177.506967][   T12] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  177.507013][   T12] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  177.552008][   T12] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  177.860528][T11368] block device autoloading is deprecated and will be removed.
[  177.910104][T11371] serio: Serial port ptm0
[  178.020125][T11390] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  178.191021][T11372] chnl_net:caif_netlink_parms(): no params data found
[  178.327017][T11372] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.334298][T11372] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.343220][T11372] bridge_slave_0: entered allmulticast mode
[  178.351576][T11372] bridge_slave_0: entered promiscuous mode
[  178.365291][T11372] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.372477][T11372] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.398925][T11372] bridge_slave_1: entered allmulticast mode
[  178.405552][T11372] bridge_slave_1: entered promiscuous mode
[  178.447100][T11372] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  178.458346][T11428] FAULT_INJECTION: forcing a failure.
[  178.458346][T11428] name failslab, interval 1, probability 0, space 0, times 0
[  178.471116][T11428] CPU: 1 UID: 0 PID: 11428 Comm: syz.6.3021 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  178.471159][T11428] Tainted: [W]=WARN
[  178.471166][T11428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  178.471180][T11428] Call Trace:
[  178.471188][T11428]  <TASK>
[  178.471197][T11428]  __dump_stack+0x1d/0x30
[  178.471224][T11428]  dump_stack_lvl+0xe8/0x140
[  178.471247][T11428]  dump_stack+0x15/0x1b
[  178.471283][T11428]  should_fail_ex+0x265/0x280
[  178.471325][T11428]  should_failslab+0x8c/0xb0
[  178.471358][T11428]  kmem_cache_alloc_node_noprof+0x57/0x320
[  178.471396][T11428]  ? __alloc_skb+0x101/0x320
[  178.471478][T11428]  ? should_fail_ex+0xdb/0x280
[  178.471520][T11428]  __alloc_skb+0x101/0x320
[  178.471638][T11428]  __pskb_copy_fclone+0x6e/0x7a0
[  178.471715][T11428]  tipc_sk_mcast_rcv+0x3bb/0x920
[  178.471744][T11428]  tipc_mcast_xmit+0x769/0xcb0
[  178.471831][T11428]  ? tipc_msg_build+0x2fd/0x840
[  178.471876][T11428]  tipc_send_group_bcast+0x5d9/0x6c0
[  178.471915][T11428]  ? __pfx_woken_wake_function+0x10/0x10
[  178.471947][T11428]  __tipc_sendmsg+0x186/0x1b00
[  178.472024][T11428]  ? avc_has_perm+0xf7/0x180
[  178.472054][T11428]  ? selinux_socket_sendmsg+0x175/0x1b0
[  178.472081][T11428]  ? _raw_spin_unlock_bh+0x36/0x40
[  178.472118][T11428]  ? lock_sock_nested+0x112/0x140
[  178.472145][T11428]  tipc_sendmsg+0x3e/0x60
[  178.472181][T11428]  ? __pfx_tipc_sendmsg+0x10/0x10
[  178.472217][T11428]  __sock_sendmsg+0x142/0x180
[  178.472280][T11372] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  178.472278][T11428]  ____sys_sendmsg+0x31e/0x4e0
[  178.472325][T11428]  ___sys_sendmsg+0x17b/0x1d0
[  178.472447][T11428]  __x64_sys_sendmsg+0xd4/0x160
[  178.472500][T11428]  x64_sys_call+0x191e/0x2ff0
[  178.472532][T11428]  do_syscall_64+0xd2/0x200
[  178.472570][T11428]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  178.472713][T11428]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  178.472818][T11428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.472850][T11428] RIP: 0033:0x7fd4a2e0ebe9
[  178.472871][T11428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.472896][T11428] RSP: 002b:00007fd4a1877038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  178.472947][T11428] RAX: ffffffffffffffda RBX: 00007fd4a3035fa0 RCX: 00007fd4a2e0ebe9
[  178.472965][T11428] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000007
[  178.473055][T11428] RBP: 00007fd4a1877090 R08: 0000000000000000 R09: 0000000000000000
[  178.473073][T11428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  178.473090][T11428] R13: 00007fd4a3036038 R14: 00007fd4a3035fa0 R15: 00007ffdaa242b98
[  178.473118][T11428]  </TASK>
[  178.473127][T11428] tipc: Failed to clone mcast rcv buffer
[  178.638624][T11437] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  178.762250][T11437] SELinux: failed to load policy
[  178.791664][T11441] delete_channel: no stack
[  178.812752][T11423] C: renamed from team_slave_0
[  178.826792][T11423] netlink: 'syz.0.3020': attribute type 1 has an invalid length.
[  178.834638][T11423] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  178.851250][T11372] team0: Port device team_slave_0 added
[  178.868355][T11372] team0: Port device team_slave_1 added
[  178.905706][T11372] batman_adv: batadv0: Adding interface: batadv_slave_0
[  178.912696][T11372] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  178.938702][T11372] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  178.950750][T11372] batman_adv: batadv0: Adding interface: batadv_slave_1
[  178.957805][T11372] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  178.983783][T11372] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  179.078570][T11372] hsr_slave_0: entered promiscuous mode
[  179.085327][T11372] hsr_slave_1: entered promiscuous mode
[  179.092424][T11372] debugfs: 'hsr0' already exists in 'hsr'
[  179.098235][T11372] Cannot create hsr debugfs directory
[  179.251032][T11475] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  179.282527][T11372] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.336265][T11372] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.447258][T11372] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.528099][T11372] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.687368][T11505] unsupported nlmsg_type 40
[  179.739590][T11509] loop7: detected capacity change from 0 to 512
[  179.757735][T11509] EXT4-fs (loop7): 1 orphan inode deleted
[  179.764141][T11509] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  179.777077][  T340] EXT4-fs error (device loop7): ext4_release_dquot:6969: comm kworker/u8:5: Failed to release dquot type 1
[  179.790322][T11509] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  179.823924][T11123] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.176973][T11530] IPv6: Can't replace route, no match found
[  180.188244][T11530] tipc: Started in network mode
[  180.193173][T11530] tipc: Node identity ac14140f, cluster identity 4711
[  180.200683][T11530] tipc: New replicast peer: 255.255.255.255
[  180.206793][T11530] tipc: Enabled bearer <udp:syz2>, priority 10
[  180.245197][T11532] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[  180.470760][T11372] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  180.480953][T11372] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  180.491864][T11372] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  180.503227][T11372] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  180.566866][T11372] 8021q: adding VLAN 0 to HW filter on device bond0
[  180.587320][T11372] 8021q: adding VLAN 0 to HW filter on device team0
[  180.597461][ T3436] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.604563][ T3436] bridge0: port 1(bridge_slave_0) entered forwarding state
[  180.617988][ T3436] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.625146][ T3436] bridge0: port 2(bridge_slave_1) entered forwarding state
[  180.656036][T11372] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  180.666720][T11372] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  180.727108][   T31] batadv0: left allmulticast mode
[  180.732227][   T31] batadv0: left promiscuous mode
[  180.737424][   T31] bridge0: port 3(batadv0) entered disabled state
[  180.744863][   T31] bridge_slave_1: left allmulticast mode
[  180.750603][   T31] bridge_slave_1: left promiscuous mode
[  180.756381][   T31] bridge0: port 2(bridge_slave_1) entered disabled state
[  180.769995][   T31] bridge_slave_0: left allmulticast mode
[  180.775762][   T31] bridge_slave_0: left promiscuous mode
[  180.781557][   T31] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.842344][T11570] IPv6: Can't replace route, no match found
[  180.926298][   T31] bond1 (unregistering): (slave bridge1): Releasing backup interface
[  180.937880][T11573] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[  180.986115][   T31] bond2 (unregistering): (slave bridge2): Releasing backup interface
[  181.045891][   T31] bond3 (unregistering): (slave bridge3): Releasing backup interface
[  181.137247][   T31] bond6 (unregistering): (slave bridge5): Releasing backup interface
[  181.206943][ T3408] tipc: Node number set to 2886997007
[  181.330743][   T31] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  181.340878][   T31] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  181.351064][   T31] bond0 (unregistering): Released all slaves
[  181.360594][   T31] bond1 (unregistering): Released all slaves
[  181.370110][   T31] bond2 (unregistering): Released all slaves
[  181.379747][   T31] bond3 (unregistering): Released all slaves
[  181.388992][   T31] bond4 (unregistering): Released all slaves
[  181.399985][   T31] bond5 (unregistering): Released all slaves
[  181.409755][   T31] bond6 (unregistering): Released all slaves
[  181.420650][   T31] bond7 (unregistering): Released all slaves
[  181.430375][   T31] bond8 (unregistering): Released all slaves
[  181.442368][   T31] bond9 (unregistering): Released all slaves
[  181.455034][   T31] bond10 (unregistering): Released all slaves
[  181.462382][T11579] __nla_validate_parse: 16 callbacks suppressed
[  181.462394][T11579] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3079'.
[  181.480107][   T31] bond11 (unregistering): Released all slaves
[  181.491104][   T31] bond12 (unregistering): Released all slaves
[  181.500899][   T31] bond13 (unregistering): Released all slaves
[  181.511153][T11570] tipc: Started in network mode
[  181.516237][T11570] tipc: Node identity ac14140f, cluster identity 4711
[  181.523183][T11570] tipc: New replicast peer: 255.255.255.255
[  181.529539][T11570] tipc: Enabled bearer <udp:syz2>, priority 10
[  181.569905][T11372] 8021q: adding VLAN 0 to HW filter on device batadv0
[  181.579541][   T31] tipc: Disabling bearer <udp:syz2>
[  181.584805][   T31] tipc: Left network mode
[  181.614880][   T31] hsr_slave_0: left promiscuous mode
[  181.628435][   T31] hsr_slave_1: left promiscuous mode
[  181.642217][   T31] veth0_macvtap: left promiscuous mode
[  181.653340][   T29] kauditd_printk_skb: 160 callbacks suppressed
[  181.653352][   T29] audit: type=1326 audit(1754544867.263:4936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.7.3084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  181.665865][   T31] veth1_vlan: left promiscuous mode
[  181.683161][   T29] audit: type=1326 audit(1754544867.263:4937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.7.3084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  181.689114][T11596] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3085'.
[  181.726831][   T31] veth0_vlan: left promiscuous mode
[  181.732624][   T29] audit: type=1326 audit(1754544867.323:4938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.7.3084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  181.756025][   T29] audit: type=1326 audit(1754544867.323:4939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.7.3084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  181.779753][   T29] audit: type=1326 audit(1754544867.323:4940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.7.3084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  181.803395][   T29] audit: type=1326 audit(1754544867.323:4941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.7.3084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  181.812706][T11601] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3085'.
[  181.826982][   T29] audit: type=1326 audit(1754544867.323:4942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.7.3084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  181.859278][   T29] audit: type=1326 audit(1754544867.323:4943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.7.3084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  181.964456][   T31] team0 (unregistering): Port device team_slave_1 removed
[  181.978925][   T31] team0 (unregistering): Port device team_slave_0 removed
[  182.023631][T11596] 8021q: adding VLAN 0 to HW filter on device bond1
[  182.123862][   T29] audit: type=1326 audit(1754544867.723:4944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11614 comm="syz.2.3090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261663ebe9 code=0x7ffc0000
[  182.147574][   T29] audit: type=1326 audit(1754544867.723:4945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11614 comm="syz.2.3090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261663ebe9 code=0x7ffc0000
[  182.301490][T11372] veth0_vlan: entered promiscuous mode
[  182.310175][T11372] veth1_vlan: entered promiscuous mode
[  182.372129][T11372] veth0_macvtap: entered promiscuous mode
[  182.393904][T11372] veth1_macvtap: entered promiscuous mode
[  182.421441][T11372] batman_adv: batadv0: Interface activated: batadv_slave_0
[  182.434075][T11372] batman_adv: batadv0: Interface activated: batadv_slave_1
[  182.474399][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  182.486917][T11651] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.499227][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  182.513968][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  182.524488][   T23] tipc: Node number set to 2886997007
[  182.531113][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  182.550174][T11651] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.620942][T11657] netlink: 'syz.4.3001': attribute type 3 has an invalid length.
[  182.628855][T11657] FAULT_INJECTION: forcing a failure.
[  182.628855][T11657] name failslab, interval 1, probability 0, space 0, times 0
[  182.641635][T11657] CPU: 0 UID: 0 PID: 11657 Comm: syz.4.3001 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  182.641670][T11657] Tainted: [W]=WARN
[  182.641676][T11657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  182.641689][T11657] Call Trace:
[  182.641694][T11657]  <TASK>
[  182.641740][T11657]  __dump_stack+0x1d/0x30
[  182.641775][T11657]  dump_stack_lvl+0xe8/0x140
[  182.641800][T11657]  dump_stack+0x15/0x1b
[  182.641820][T11657]  should_fail_ex+0x265/0x280
[  182.641908][T11657]  should_failslab+0x8c/0xb0
[  182.641939][T11657]  __kmalloc_noprof+0xa5/0x3e0
[  182.641969][T11657]  ? offload_action_alloc+0x2b/0x180
[  182.642003][T11657]  offload_action_alloc+0x2b/0x180
[  182.642100][T11657]  tcf_action_offload_add_ex+0x11f/0x3c0
[  182.642146][T11657]  tcf_action_init+0x333/0x6d0
[  182.642196][T11657]  tc_ctl_action+0x291/0x830
[  182.642257][T11657]  ? __pfx_tc_ctl_action+0x10/0x10
[  182.642345][T11657]  rtnetlink_rcv_msg+0x65a/0x6d0
[  182.642382][T11657]  netlink_rcv_skb+0x123/0x220
[  182.642420][T11657]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  182.642448][T11657]  rtnetlink_rcv+0x1c/0x30
[  182.642543][T11657]  netlink_unicast+0x5bd/0x690
[  182.642584][T11657]  netlink_sendmsg+0x58b/0x6b0
[  182.642627][T11657]  ? __pfx_netlink_sendmsg+0x10/0x10
[  182.642722][T11657]  __sock_sendmsg+0x142/0x180
[  182.642755][T11657]  ____sys_sendmsg+0x31e/0x4e0
[  182.642813][T11657]  ___sys_sendmsg+0x17b/0x1d0
[  182.642864][T11657]  __x64_sys_sendmsg+0xd4/0x160
[  182.642945][T11657]  x64_sys_call+0x191e/0x2ff0
[  182.642969][T11657]  do_syscall_64+0xd2/0x200
[  182.642997][T11657]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  182.643026][T11657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.643130][T11657] RIP: 0033:0x7f6d8673ebe9
[  182.643158][T11657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.643226][T11657] RSP: 002b:00007f6d851a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  182.643254][T11657] RAX: ffffffffffffffda RBX: 00007f6d86965fa0 RCX: 00007f6d8673ebe9
[  182.643271][T11657] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000004
[  182.643286][T11657] RBP: 00007f6d851a7090 R08: 0000000000000000 R09: 0000000000000000
[  182.643298][T11657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  182.643311][T11657] R13: 00007f6d86966038 R14: 00007f6d86965fa0 R15: 00007ffc21971948
[  182.643336][T11657]  </TASK>
[  182.643389][T11657] netlink: 'syz.4.3001': attribute type 3 has an invalid length.
[  182.905761][T11651] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.936254][T11663] serio: Serial port ptm0
[  182.978472][T11651] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.053713][T11673] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3106'.
[  183.115565][   T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  183.123783][   T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  183.170917][T10651] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.193363][   T12] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  183.202002][   T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  183.216054][T10651] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.267405][T10651] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.328809][T10651] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.342891][T11699] IPv6: Can't replace route, no match found
[  183.358691][T11699] tipc: Started in network mode
[  183.363628][T11699] tipc: Node identity ac14140f, cluster identity 4711
[  183.371599][T11699] tipc: New replicast peer: 255.255.255.255
[  183.377809][T11699] tipc: Enabled bearer <udp:syz2>, priority 10
[  183.555862][T10651] bond1 (unregistering): (slave bridge1): Releasing backup interface
[  183.605718][T10651] bond2 (unregistering): (slave bridge2): Releasing backup interface
[  183.716306][T10651] bond0 (unregistering): Released all slaves
[  183.724798][T10651] bond1 (unregistering): Released all slaves
[  183.733169][T10651] bond2 (unregistering): Released all slaves
[  183.741728][T10651] bond3 (unregistering): Released all slaves
[  183.750366][T10651] bond4 (unregistering): Released all slaves
[  183.760011][T10651] bond5 (unregistering): Released all slaves
[  183.768821][T10651] bond6 (unregistering): Released all slaves
[  183.778163][T10651] bond7 (unregistering): Released all slaves
[  183.787438][T10651] bond8 (unregistering): Released all slaves
[  183.796765][T10651] bond9 (unregistering): Released all slaves
[  183.806823][T10651] bond10 (unregistering): Released all slaves
[  183.816541][T10651] bond11 (unregistering): Released all slaves
[  183.825957][T10651] bond12 (unregistering): Released all slaves
[  183.835012][T10651] bond13 (unregistering): Released all slaves
[  183.843445][T11711] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  183.856368][T11676] chnl_net:caif_netlink_parms(): no params data found
[  183.882473][T10651] tipc: Disabling bearer <udp:syz2>
[  183.887759][T10651] tipc: Left network mode
[  183.910777][T10651] hsr_slave_0: left promiscuous mode
[  183.926728][T10651] veth1_macvtap: left promiscuous mode
[  183.932277][T10651] veth0_macvtap: left promiscuous mode
[  183.938161][T10651] veth1_vlan: left promiscuous mode
[  183.943597][T10651] veth0_vlan: left promiscuous mode
[  183.955915][T11725] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[  184.050935][T11734] IPv6: Can't replace route, no match found
[  184.112693][T11734] tipc: Started in network mode
[  184.117641][T11734] tipc: Node identity ac14140f, cluster identity 4711
[  184.129765][T11734] tipc: New replicast peer: 255.255.255.255
[  184.135949][T11734] tipc: Enabled bearer <udp:syz2>, priority 10
[  184.144543][T11676] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.151689][T11676] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.159826][T11676] bridge_slave_0: entered allmulticast mode
[  184.166243][T11676] bridge_slave_0: entered promiscuous mode
[  184.182847][T11676] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.190235][T11676] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.203020][T11676] bridge_slave_1: entered allmulticast mode
[  184.209791][T11676] bridge_slave_1: entered promiscuous mode
[  184.249781][T11676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  184.286500][T11676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  184.300358][T11741] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  184.356585][T11676] team0: Port device team_slave_0 added
[  184.376086][T11676] team0: Port device team_slave_1 added
[  184.424861][T11676] batman_adv: batadv0: Adding interface: batadv_slave_0
[  184.431874][T11676] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  184.457826][T11676] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  184.479589][T11676] batman_adv: batadv0: Adding interface: batadv_slave_1
[  184.486691][T11676] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  184.493069][T11761] IPv6: Can't replace route, no match found
[  184.512611][T11676] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  184.522065][T11618] tipc: Node number set to 2886997007
[  184.543893][T11761] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  184.597576][T11676] hsr_slave_0: entered promiscuous mode
[  184.611271][T11676] hsr_slave_1: entered promiscuous mode
[  184.623788][T11676] debugfs: 'hsr0' already exists in 'hsr'
[  184.629576][T11676] Cannot create hsr debugfs directory
[  184.952683][T11786] loop7: detected capacity change from 0 to 128
[  184.966659][T11786] vfat: Unknown parameter '����18446744073709551615���"��	�����9����)&�7�ީ�V�1�Kg�����|sd�S:�����ӳ��W�@q�'�h��{Հ����4E>���#Nr���Rb�'
[  185.139084][T11806] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3155'.
[  185.272282][ T3409] tipc: Node number set to 2886997007
[  185.374053][T11676] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  185.433033][T11676] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  185.474600][T11676] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  185.512472][T11676] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  185.734650][T11676] 8021q: adding VLAN 0 to HW filter on device bond0
[  185.772656][T11676] 8021q: adding VLAN 0 to HW filter on device team0
[  185.847642][  T340] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.854747][  T340] bridge0: port 1(bridge_slave_0) entered forwarding state
[  185.890183][  T340] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.897374][  T340] bridge0: port 2(bridge_slave_1) entered forwarding state
[  185.948832][T11676] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  185.959324][T11676] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  186.090228][T11676] 8021q: adding VLAN 0 to HW filter on device batadv0
[  186.184812][T11838] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[  186.336196][T11676] veth0_vlan: entered promiscuous mode
[  186.367123][T11676] veth1_vlan: entered promiscuous mode
[  186.451437][T11676] veth0_macvtap: entered promiscuous mode
[  186.474022][T11676] veth1_macvtap: entered promiscuous mode
[  186.547337][T11676] batman_adv: batadv0: Interface activated: batadv_slave_0
[  186.605542][T11676] batman_adv: batadv0: Interface activated: batadv_slave_1
[  186.657069][ T2913] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  186.705094][ T2913] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  186.748581][ T2913] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  186.769651][ T2913] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  186.809811][T11871] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  186.951435][   T29] kauditd_printk_skb: 48 callbacks suppressed
[  186.951451][   T29] audit: type=1326 audit(1754544872.563:4994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11883 comm="syz.0.3176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  186.981210][   T29] audit: type=1326 audit(1754544872.563:4995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11883 comm="syz.0.3176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  187.060087][T11888] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[  187.070353][   T29] audit: type=1326 audit(1754544872.593:4996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11883 comm="syz.0.3176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  187.093731][   T29] audit: type=1326 audit(1754544872.593:4997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11883 comm="syz.0.3176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  187.117339][   T29] audit: type=1326 audit(1754544872.593:4998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11883 comm="syz.0.3176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  187.141019][   T29] audit: type=1326 audit(1754544872.593:4999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11883 comm="syz.0.3176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  187.164757][   T29] audit: type=1326 audit(1754544872.593:5000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11883 comm="syz.0.3176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  187.188595][   T29] audit: type=1326 audit(1754544872.593:5001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11883 comm="syz.0.3176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  187.315973][T11899] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  187.442343][T11908] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3186'.
[  187.528781][T11917] IPv6: Can't replace route, no match found
[  187.550014][T11917] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  188.581902][T11988] FAULT_INJECTION: forcing a failure.
[  188.581902][T11988] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  188.595286][T11988] CPU: 1 UID: 0 PID: 11988 Comm: syz.7.3217 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  188.595323][T11988] Tainted: [W]=WARN
[  188.595331][T11988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  188.595346][T11988] Call Trace:
[  188.595353][T11988]  <TASK>
[  188.595361][T11988]  __dump_stack+0x1d/0x30
[  188.595386][T11988]  dump_stack_lvl+0xe8/0x140
[  188.595410][T11988]  dump_stack+0x15/0x1b
[  188.595467][T11988]  should_fail_ex+0x265/0x280
[  188.595499][T11988]  should_fail+0xb/0x20
[  188.595584][T11988]  should_fail_usercopy+0x1a/0x20
[  188.595603][T11988]  _copy_from_user+0x1c/0xb0
[  188.595632][T11988]  ___sys_sendmsg+0xc1/0x1d0
[  188.595704][T11988]  __x64_sys_sendmsg+0xd4/0x160
[  188.595749][T11988]  x64_sys_call+0x191e/0x2ff0
[  188.595771][T11988]  do_syscall_64+0xd2/0x200
[  188.595842][T11988]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  188.595872][T11988]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  188.595898][T11988]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.595918][T11988] RIP: 0033:0x7f1f244debe9
[  188.595987][T11988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.596004][T11988] RSP: 002b:00007f1f22f47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  188.596034][T11988] RAX: ffffffffffffffda RBX: 00007f1f24705fa0 RCX: 00007f1f244debe9
[  188.596046][T11988] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[  188.596060][T11988] RBP: 00007f1f22f47090 R08: 0000000000000000 R09: 0000000000000000
[  188.596082][T11988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.596097][T11988] R13: 00007f1f24706038 R14: 00007f1f24705fa0 R15: 00007ffc5c21f5a8
[  188.596122][T11988]  </TASK>
[  188.816189][T11989] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  188.998068][   T29] audit: type=1326 audit(1754544874.603:5002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11991 comm="syz.0.3219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  189.021667][   T29] audit: type=1326 audit(1754544874.603:5003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11991 comm="syz.0.3219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  189.263858][T12010] loop7: detected capacity change from 0 to 512
[  189.309618][T12010] EXT4-fs (loop7): 1 orphan inode deleted
[  189.325006][T12010] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  189.328326][T10651] EXT4-fs error (device loop7): ext4_release_dquot:6969: comm kworker/u8:10: Failed to release dquot type 1
[  189.350482][T12010] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  189.366865][T12016] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3227'.
[  189.425308][T12018] IPv6: Can't replace route, no match found
[  189.464989][T11123] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.506281][T12018] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  189.812455][T12049] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3241'.
[  189.840784][T12051] netlink: 'syz.2.3242': attribute type 10 has an invalid length.
[  189.873160][T12051] team0: Device hsr_slave_0 failed to register rx_handler
[  189.897015][T12053] ALSA: seq fatal error: cannot create timer (-22)
[  189.927148][T12051] netlink: 'syz.2.3242': attribute type 1 has an invalid length.
[  189.957207][T12051] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3242'.
[  190.690835][T12080] serio: Serial port ptm0
[  191.171690][T12089] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  191.385989][T12074] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  191.849963][T12103] IPv6: Can't replace route, no match found
[  191.886799][T12103] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  191.981145][T12111] FAULT_INJECTION: forcing a failure.
[  191.981145][T12111] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  191.994422][T12111] CPU: 1 UID: 0 PID: 12111 Comm: syz.2.3264 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  191.994503][T12111] Tainted: [W]=WARN
[  191.994510][T12111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  191.994525][T12111] Call Trace:
[  191.994531][T12111]  <TASK>
[  191.994540][T12111]  __dump_stack+0x1d/0x30
[  191.994564][T12111]  dump_stack_lvl+0xe8/0x140
[  191.994637][T12111]  dump_stack+0x15/0x1b
[  191.994655][T12111]  should_fail_ex+0x265/0x280
[  191.994700][T12111]  should_fail_alloc_page+0xf2/0x100
[  191.994808][T12111]  __alloc_frozen_pages_noprof+0xff/0x360
[  191.994870][T12111]  __alloc_pages_noprof+0x9/0x20
[  191.995042][T12111]  probe_event_enable+0x50d/0x7d0
[  191.995071][T12111]  ? __pfx_uprobe_perf_filter+0x10/0x10
[  191.995100][T12111]  trace_uprobe_register+0x86/0x3c0
[  191.995131][T12111]  perf_trace_event_init+0x359/0x7b0
[  191.995197][T12111]  perf_uprobe_init+0xf9/0x150
[  191.995258][T12111]  perf_uprobe_event_init+0xc4/0x140
[  191.995295][T12111]  perf_try_init_event+0xd6/0x540
[  191.995467][T12111]  ? perf_event_alloc+0xb1c/0x1740
[  191.995506][T12111]  perf_event_alloc+0xb27/0x1740
[  191.995547][T12111]  __se_sys_perf_event_open+0x4a5/0x11c0
[  191.995585][T12111]  ? __rcu_read_unlock+0x4f/0x70
[  191.995661][T12111]  __x64_sys_perf_event_open+0x67/0x80
[  191.995699][T12111]  x64_sys_call+0x7bd/0x2ff0
[  191.995788][T12111]  do_syscall_64+0xd2/0x200
[  191.995816][T12111]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  191.995895][T12111]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  191.995915][T12111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.995934][T12111] RIP: 0033:0x7f261663ebe9
[  191.995947][T12111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  191.995964][T12111] RSP: 002b:00007f261509f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  191.996013][T12111] RAX: ffffffffffffffda RBX: 00007f2616865fa0 RCX: 00007f261663ebe9
[  191.996027][T12111] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 00002000000004c0
[  191.996040][T12111] RBP: 00007f261509f090 R08: 0000000000000000 R09: 0000000000000000
[  191.996054][T12111] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  191.996067][T12111] R13: 00007f2616866038 R14: 00007f2616865fa0 R15: 00007fff013cf558
[  191.996089][T12111]  </TASK>
[  192.232001][T12112] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  192.249645][   T29] kauditd_printk_skb: 62 callbacks suppressed
[  192.249662][   T29] audit: type=1326 audit(1754544877.863:5065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12114 comm="syz.7.3266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  192.279362][   T29] audit: type=1326 audit(1754544877.863:5066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12114 comm="syz.7.3266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  192.309951][   T29] audit: type=1326 audit(1754544877.923:5067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12114 comm="syz.7.3266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  192.333590][   T29] audit: type=1326 audit(1754544877.923:5068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12114 comm="syz.7.3266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  192.357214][   T29] audit: type=1326 audit(1754544877.923:5069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12114 comm="syz.7.3266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  192.380749][   T29] audit: type=1326 audit(1754544877.923:5070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12114 comm="syz.7.3266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  192.404315][   T29] audit: type=1326 audit(1754544877.923:5071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12114 comm="syz.7.3266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  192.427932][   T29] audit: type=1326 audit(1754544877.923:5072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12114 comm="syz.7.3266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  192.451482][   T29] audit: type=1326 audit(1754544877.923:5073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12114 comm="syz.7.3266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  192.474953][   T29] audit: type=1326 audit(1754544877.923:5074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12114 comm="syz.7.3266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f244debe9 code=0x7ffc0000
[  192.678245][T12141] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  192.842282][T12153] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3280'.
[  192.960576][T12165] FAULT_INJECTION: forcing a failure.
[  192.960576][T12165] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  192.973835][T12165] CPU: 0 UID: 0 PID: 12165 Comm: syz.0.3287 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  192.973936][T12165] Tainted: [W]=WARN
[  192.973945][T12165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  192.973961][T12165] Call Trace:
[  192.973968][T12165]  <TASK>
[  192.973977][T12165]  __dump_stack+0x1d/0x30
[  192.974003][T12165]  dump_stack_lvl+0xe8/0x140
[  192.974054][T12165]  dump_stack+0x15/0x1b
[  192.974070][T12165]  should_fail_ex+0x265/0x280
[  192.974103][T12165]  should_fail_alloc_page+0xf2/0x100
[  192.974133][T12165]  __alloc_frozen_pages_noprof+0xff/0x360
[  192.974302][T12165]  alloc_pages_mpol+0xb3/0x250
[  192.974401][T12165]  vma_alloc_folio_noprof+0x1aa/0x300
[  192.974450][T12165]  handle_mm_fault+0xec2/0x2c20
[  192.974481][T12165]  ? __rcu_read_lock+0x37/0x50
[  192.974511][T12165]  ? __pte_offset_map_lock+0x1d4/0x230
[  192.974561][T12165]  __get_user_pages+0x102e/0x1fa0
[  192.974595][T12165]  __gup_longterm_locked+0x8f4/0xe60
[  192.974621][T12165]  ? __schedule+0x6b9/0xb30
[  192.974697][T12165]  ? should_fail_ex+0xdb/0x280
[  192.974773][T12165]  pin_user_pages_remote+0x7e/0xb0
[  192.974803][T12165]  process_vm_rw+0x484/0x960
[  192.974832][T12165]  ? 0xffffffffa0201888
[  192.974868][T12165]  ? __bpf_trace_sys_enter+0x10/0x30
[  192.974937][T12165]  __x64_sys_process_vm_writev+0x78/0x90
[  192.974969][T12165]  x64_sys_call+0x2a7c/0x2ff0
[  192.974997][T12165]  do_syscall_64+0xd2/0x200
[  192.975071][T12165]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  192.975101][T12165]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  192.975128][T12165]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.975190][T12165] RIP: 0033:0x7f0885a4ebe9
[  192.975207][T12165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  192.975229][T12165] RSP: 002b:00007f08844b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
[  192.975248][T12165] RAX: ffffffffffffffda RBX: 00007f0885c75fa0 RCX: 00007f0885a4ebe9
[  192.975315][T12165] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000036
[  192.975328][T12165] RBP: 00007f08844b7090 R08: 000000000000023a R09: 0000000000000000
[  192.975339][T12165] R10: 0000200000121000 R11: 0000000000000246 R12: 0000000000000001
[  192.975350][T12165] R13: 00007f0885c76038 R14: 00007f0885c75fa0 R15: 00007ffd39d91a98
[  192.975369][T12165]  </TASK>
[  193.372976][T12176] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  193.431543][T12181] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  193.465739][T12181] SELinux: failed to load policy
[  193.475354][T12174] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  193.525784][T12182] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3289'.
[  193.543187][T12182] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3289'.
[  193.746349][T12199] serio: Serial port ptm0
[  193.765840][T12197] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[  193.838176][T12204] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3302'.
[  193.899945][T12208] IPv6: Can't replace route, no match found
[  193.932911][T12210] FAULT_INJECTION: forcing a failure.
[  193.932911][T12210] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  193.946170][T12210] CPU: 0 UID: 0 PID: 12210 Comm: syz.7.3305 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  193.946202][T12210] Tainted: [W]=WARN
[  193.946210][T12210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  193.946263][T12210] Call Trace:
[  193.946270][T12210]  <TASK>
[  193.946277][T12210]  __dump_stack+0x1d/0x30
[  193.946302][T12210]  dump_stack_lvl+0xe8/0x140
[  193.946326][T12210]  dump_stack+0x15/0x1b
[  193.946347][T12210]  should_fail_ex+0x265/0x280
[  193.946414][T12210]  should_fail+0xb/0x20
[  193.946449][T12210]  should_fail_usercopy+0x1a/0x20
[  193.946473][T12210]  _copy_from_iter+0xcf/0xe40
[  193.946507][T12210]  ? __build_skb_around+0x1a0/0x200
[  193.946589][T12210]  ? __alloc_skb+0x223/0x320
[  193.946627][T12210]  netlink_sendmsg+0x471/0x6b0
[  193.946761][T12210]  ? __pfx_netlink_sendmsg+0x10/0x10
[  193.946802][T12210]  __sock_sendmsg+0x142/0x180
[  193.946910][T12210]  ____sys_sendmsg+0x31e/0x4e0
[  193.946953][T12210]  ___sys_sendmsg+0x17b/0x1d0
[  193.947017][T12210]  __x64_sys_sendmsg+0xd4/0x160
[  193.947062][T12210]  x64_sys_call+0x191e/0x2ff0
[  193.947086][T12210]  do_syscall_64+0xd2/0x200
[  193.947107][T12210]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  193.947191][T12210]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  193.947215][T12210]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.947240][T12210] RIP: 0033:0x7f1f244debe9
[  193.947254][T12210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  193.947270][T12210] RSP: 002b:00007f1f22f47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  193.947357][T12210] RAX: ffffffffffffffda RBX: 00007f1f24705fa0 RCX: 00007f1f244debe9
[  193.947368][T12210] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005
[  193.947394][T12210] RBP: 00007f1f22f47090 R08: 0000000000000000 R09: 0000000000000000
[  193.947479][T12210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  193.947493][T12210] R13: 00007f1f24706038 R14: 00007f1f24705fa0 R15: 00007ffc5c21f5a8
[  193.947515][T12210]  </TASK>
[  194.227415][T12208] tipc: Started in network mode
[  194.232329][T12208] tipc: Node identity ac14140f, cluster identity 4711
[  194.240645][T12208] tipc: New replicast peer: 255.255.255.255
[  194.246841][T12208] tipc: Enabled bearer <udp:syz2>, priority 10
[  194.454335][T12228] serio: Serial port ptm0
[  194.522161][T12232] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[  194.543338][T12235] IPv6: Can't replace route, no match found
[  194.561331][T12235] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  194.585886][T12241] FAULT_INJECTION: forcing a failure.
[  194.585886][T12241] name failslab, interval 1, probability 0, space 0, times 0
[  194.598797][T12241] CPU: 0 UID: 0 PID: 12241 Comm: syz.6.3319 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  194.598855][T12241] Tainted: [W]=WARN
[  194.598868][T12241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  194.598884][T12241] Call Trace:
[  194.598891][T12241]  <TASK>
[  194.598917][T12241]  __dump_stack+0x1d/0x30
[  194.599057][T12241]  dump_stack_lvl+0xe8/0x140
[  194.599077][T12241]  dump_stack+0x15/0x1b
[  194.599145][T12241]  should_fail_ex+0x265/0x280
[  194.599180][T12241]  should_failslab+0x8c/0xb0
[  194.599218][T12241]  kmem_cache_alloc_node_noprof+0x57/0x320
[  194.599295][T12241]  ? __alloc_skb+0x101/0x320
[  194.599402][T12241]  __alloc_skb+0x101/0x320
[  194.599433][T12241]  ? audit_log_start+0x365/0x6c0
[  194.599464][T12241]  audit_log_start+0x380/0x6c0
[  194.599501][T12241]  audit_seccomp+0x48/0x100
[  194.599564][T12241]  ? __seccomp_filter+0x68c/0x10d0
[  194.599589][T12241]  __seccomp_filter+0x69d/0x10d0
[  194.599619][T12241]  ? __list_add_valid_or_report+0x38/0xe0
[  194.599759][T12241]  ? _raw_spin_unlock+0x26/0x50
[  194.599827][T12241]  __secure_computing+0x82/0x150
[  194.599849][T12241]  syscall_trace_enter+0xcf/0x1e0
[  194.599945][T12241]  do_syscall_64+0xac/0x200
[  194.599982][T12241]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  194.600012][T12241]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  194.600041][T12241]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  194.600132][T12241] RIP: 0033:0x7fd4a2e0d5fc
[  194.600147][T12241] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  194.600166][T12241] RSP: 002b:00007fd4a1877030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  194.600184][T12241] RAX: ffffffffffffffda RBX: 00007fd4a3035fa0 RCX: 00007fd4a2e0d5fc
[  194.600247][T12241] RDX: 000000000000000f RSI: 00007fd4a18770a0 RDI: 0000000000000006
[  194.600263][T12241] RBP: 00007fd4a1877090 R08: 0000000000000000 R09: 0000000000000000
[  194.600295][T12241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  194.600308][T12241] R13: 00007fd4a3036038 R14: 00007fd4a3035fa0 R15: 00007ffdaa242b98
[  194.600333][T12241]  </TASK>
[  194.872264][T12248] netlink: 'syz.2.3322': attribute type 33 has an invalid length.
[  194.880307][T12248] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3322'.
[  194.930958][T12255] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3322'.
[  194.940142][T12255] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3322'.
[  194.986891][T12258] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3326'.
[  194.998172][T12255] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3322'.
[  195.007211][T12255] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3322'.
[  195.016121][T12258] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  195.175609][T12271] serio: Serial port ptm0
[  195.334309][T12282] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  196.299070][   T10] tipc: Node number set to 2886997007
[  196.373258][T12296] 9pnet: Could not find request transport: dno=0xffffffffffffffff
[  196.586297][T12311] serio: Serial port ptm1
[  196.740055][T12315] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  196.935862][T12330] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  197.073851][T12338] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  197.932925][T12361] __nla_validate_parse: 4 callbacks suppressed
[  197.932944][T12361] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3363'.
[  198.113981][T12361] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  198.620425][   T29] kauditd_printk_skb: 125 callbacks suppressed
[  198.620442][   T29] audit: type=1326 audit(1754544884.233:5198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12372 comm="syz.0.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  198.684477][   T29] audit: type=1326 audit(1754544884.263:5199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12372 comm="syz.0.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  198.707876][   T29] audit: type=1326 audit(1754544884.263:5200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12372 comm="syz.0.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  198.731345][   T29] audit: type=1326 audit(1754544884.263:5201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12372 comm="syz.0.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  198.754998][   T29] audit: type=1326 audit(1754544884.263:5202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12372 comm="syz.0.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  198.778435][   T29] audit: type=1326 audit(1754544884.263:5203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12372 comm="syz.0.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  198.801926][   T29] audit: type=1326 audit(1754544884.263:5204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12372 comm="syz.0.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  198.875445][T12393] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3376'.
[  198.892269][   T29] audit: type=1326 audit(1754544884.503:5205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12394 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  198.915985][   T29] audit: type=1326 audit(1754544884.503:5206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12394 comm="syz.0.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  198.934410][T12393] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  198.943527][   T29] audit: type=1326 audit(1754544884.553:5207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12398 comm="syz.4.3379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d8673ebe9 code=0x7ffc0000
[  199.111716][T12413] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3384'.
[  199.133643][T12417] serio: Serial port ptm0
[  199.161775][T12413] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  199.341089][T12432] netlink: 'syz.0.3392': attribute type 13 has an invalid length.
[  199.372488][T12439] loop7: detected capacity change from 0 to 512
[  199.389123][T12439] EXT4-fs (loop7): 1 orphan inode deleted
[  199.400974][T12439] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.413914][T12439] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  199.423579][   T12] EXT4-fs error (device loop7): ext4_release_dquot:6969: comm kworker/u8:0: Failed to release dquot type 1
[  199.440822][T12432] bridge0: port 2(bridge_slave_1) entered disabled state
[  199.448001][T12432] bridge0: port 1(bridge_slave_0) entered disabled state
[  199.456760][T11123] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.503343][T12432] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  199.513877][T12432] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  199.565864][T12444] $H�: renamed from bond0
[  199.575047][T12444] $H�: entered promiscuous mode
[  199.580117][T12444] bond_slave_0: entered promiscuous mode
[  199.585941][T12444] bond_slave_1: entered promiscuous mode
[  199.592710][T12446] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.603902][   T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  199.618509][   T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  199.637375][   T12] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  199.661337][T12446] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.686648][   T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  199.732263][T12446] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.786383][T12460] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3401'.
[  199.799378][T12446] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.812861][T12460] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  199.903721][   T31] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  199.929481][   T31] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  199.953992][   T31] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  199.965072][T12465] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3403'.
[  199.987693][   T31] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  200.065959][T12472] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  200.225519][T12481] loop7: detected capacity change from 0 to 512
[  200.257834][T12481] EXT4-fs (loop7): 1 orphan inode deleted
[  200.270633][T12481] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  200.284175][   T31] EXT4-fs error (device loop7): ext4_release_dquot:6969: comm kworker/u8:1: Failed to release dquot type 1
[  200.327472][T12481] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  200.376470][T11123] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.248379][T12513] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  201.368444][T12527] netlink: 36 bytes leftover after parsing attributes in process `syz.7.3416'.
[  201.772718][T12554] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3437'.
[  202.081996][T12570] FAULT_INJECTION: forcing a failure.
[  202.081996][T12570] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.095186][T12570] CPU: 0 UID: 0 PID: 12570 Comm: syz.0.3444 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  202.095224][T12570] Tainted: [W]=WARN
[  202.095229][T12570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  202.095240][T12570] Call Trace:
[  202.095245][T12570]  <TASK>
[  202.095251][T12570]  __dump_stack+0x1d/0x30
[  202.095277][T12570]  dump_stack_lvl+0xe8/0x140
[  202.095357][T12570]  dump_stack+0x15/0x1b
[  202.095375][T12570]  should_fail_ex+0x265/0x280
[  202.095424][T12570]  should_fail+0xb/0x20
[  202.095464][T12570]  should_fail_usercopy+0x1a/0x20
[  202.095488][T12570]  _copy_from_user+0x1c/0xb0
[  202.095518][T12570]  simple_transaction_get+0xe2/0x130
[  202.095578][T12570]  selinux_transaction_write+0x9d/0x110
[  202.095629][T12570]  ? __pfx_selinux_transaction_write+0x10/0x10
[  202.095658][T12570]  vfs_write+0x269/0x8e0
[  202.095683][T12570]  ? __rcu_read_unlock+0x4f/0x70
[  202.095757][T12570]  ? __fget_files+0x184/0x1c0
[  202.095789][T12570]  ksys_write+0xda/0x1a0
[  202.095817][T12570]  __x64_sys_write+0x40/0x50
[  202.095844][T12570]  x64_sys_call+0x27fe/0x2ff0
[  202.095869][T12570]  do_syscall_64+0xd2/0x200
[  202.095930][T12570]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  202.095952][T12570]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  202.095999][T12570]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.096023][T12570] RIP: 0033:0x7f0885a4ebe9
[  202.096039][T12570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.096061][T12570] RSP: 002b:00007f08844b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  202.096083][T12570] RAX: ffffffffffffffda RBX: 00007f0885c75fa0 RCX: 00007f0885a4ebe9
[  202.096146][T12570] RDX: 000000000000001d RSI: 0000200000000340 RDI: 0000000000000005
[  202.096160][T12570] RBP: 00007f08844b7090 R08: 0000000000000000 R09: 0000000000000000
[  202.096174][T12570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.096223][T12570] R13: 00007f0885c76038 R14: 00007f0885c75fa0 R15: 00007ffd39d91a98
[  202.096248][T12570]  </TASK>
[  202.362075][T12581] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3449'.
[  202.373968][T12579] atomic_op ffff888116852528 conn xmit_atomic 0000000000000000
[  202.512779][T12595] loop7: detected capacity change from 0 to 1024
[  202.546275][T12595] EXT4-fs (loop7): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  202.557308][T12595] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  202.616493][T12595] JBD2: no valid journal superblock found
[  202.622248][T12595] EXT4-fs (loop7): Could not load journal inode
[  203.129039][T12608] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  203.362477][T12622] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  204.245040][T12651] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3474'.
[  204.249095][T12649] serio: Serial port ptm0
[  204.264025][T12646] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.335975][T12646] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.359843][T12657] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3478'.
[  204.404742][   T29] kauditd_printk_skb: 258 callbacks suppressed
[  204.404753][   T29] audit: type=1326 audit(1754544890.013:5464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12661 comm="syz.0.3480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  204.434510][   T29] audit: type=1326 audit(1754544890.013:5465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12661 comm="syz.0.3480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  204.458041][   T29] audit: type=1326 audit(1754544890.013:5466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12661 comm="syz.0.3480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  204.481799][   T29] audit: type=1326 audit(1754544890.013:5467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12661 comm="syz.0.3480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  204.505509][   T29] audit: type=1326 audit(1754544890.013:5468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12661 comm="syz.0.3480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  204.529253][   T29] audit: type=1326 audit(1754544890.013:5469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12661 comm="syz.0.3480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  204.552824][   T29] audit: type=1326 audit(1754544890.013:5470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12661 comm="syz.0.3480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  204.576386][   T29] audit: type=1326 audit(1754544890.013:5471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12661 comm="syz.0.3480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  204.600083][   T29] audit: type=1326 audit(1754544890.013:5472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12661 comm="syz.0.3480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  204.623622][   T29] audit: type=1326 audit(1754544890.013:5473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12661 comm="syz.0.3480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0885a4ebe9 code=0x7ffc0000
[  204.757160][T12657] 8021q: adding VLAN 0 to HW filter on device bond1
[  204.793488][T12646] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.855137][T12646] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.924648][   T31] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  204.949474][   T31] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  204.972570][   T31] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  204.995567][   T31] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  205.195931][T12689] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3487'.
[  205.267847][T12689] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3487'.
[  205.332283][T12693] serio: Serial port ptm0
[  205.406284][T12695] netlink: 260 bytes leftover after parsing attributes in process `syz.0.3490'.
[  205.473210][ T9934] ==================================================================
[  205.481365][ T9934] BUG: KCSAN: data-race in shmem_add_to_page_cache / shmem_getattr
[  205.489301][ T9934] 
[  205.491637][ T9934] read-write to 0xffff8881045c8818 of 8 bytes by task 12675 on cpu 1:
[  205.499796][ T9934]  shmem_add_to_page_cache+0x414/0x530
[  205.505280][ T9934]  shmem_get_folio_gfp+0x4e8/0xd60
[  205.510409][ T9934]  shmem_write_begin+0xa8/0x190
[  205.515261][ T9934]  generic_perform_write+0x181/0x490
[  205.520550][ T9934]  shmem_file_write_iter+0xc5/0xf0
[  205.525669][ T9934]  __kernel_write_iter+0x256/0x4c0
[  205.530789][ T9934]  dump_user_range+0x61e/0x8f0
[  205.535575][ T9934]  elf_core_dump+0x1e00/0x1f90
[  205.540350][ T9934]  coredump_write+0xb0a/0xe30
[  205.545033][ T9934]  vfs_coredump+0x142f/0x20c0
[  205.549726][ T9934]  get_signal+0xd85/0xf70
[  205.554077][ T9934]  arch_do_signal_or_restart+0x96/0x480
[  205.559625][ T9934]  irqentry_exit_to_user_mode+0x5e/0xa0
[  205.565181][ T9934]  irqentry_exit+0x12/0x50
[  205.569604][ T9934]  asm_exc_page_fault+0x26/0x30
[  205.574460][ T9934] 
[  205.576790][ T9934] read to 0xffff8881045c8818 of 8 bytes by task 9934 on cpu 0:
[  205.584334][ T9934]  shmem_getattr+0x68/0x200
[  205.588854][ T9934]  vfs_getattr_nosec+0x143/0x1e0
[  205.593808][ T9934]  vfs_statx+0x113/0x390
[  205.598088][ T9934]  vfs_fstatat+0x115/0x170
[  205.602526][ T9934]  __se_sys_newfstatat+0x55/0x260
[  205.607581][ T9934]  __x64_sys_newfstatat+0x55/0x70
[  205.612629][ T9934]  x64_sys_call+0x135a/0x2ff0
[  205.617314][ T9934]  do_syscall_64+0xd2/0x200
[  205.621928][ T9934]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.627826][ T9934] 
[  205.630158][ T9934] value changed: 0x0000000000002c97 -> 0x0000000000002c98
[  205.637258][ T9934] 
[  205.639590][ T9934] Reported by Kernel Concurrency Sanitizer on:
[  205.645738][ T9934] CPU: 0 UID: 0 PID: 9934 Comm: syz-executor Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  205.659629][ T9934] Tainted: [W]=WARN
[  205.663432][ T9934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  205.673488][ T9934] ==================================================================
[  205.879294][T12707] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.948044][T12707] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.006348][T12707] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.056191][T12707] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.131363][   T31] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  206.150586][   T31] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  206.167485][   T31] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  206.184510][   T31] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0