last executing test programs: 4m17.574773642s ago: executing program 2 (id=309): syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) socket$pppl2tp(0x18, 0x1, 0x1) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000e40)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000400)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000240), 0x62e40) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000400396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000100)='kfree\x00', r1, 0x0, 0x8000000000}, 0x18) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) timer_create(0x9, &(0x7f0000000780)={0x0, 0x3f, 0x0, @thr={0x0, 0x0}}, &(0x7f00000007c0)) clock_gettime(0x0, &(0x7f0000000000)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000500)='kfree\x00', r3}, 0x18) setreuid(0x0, 0xee01) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000003feffff720a00fef8ffffff71a4f1ff0000000071302000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00ff040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0xffffffffffffff20, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 4m17.524843823s ago: executing program 2 (id=310): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x18) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN") r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) fdatasync(r2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 4m17.294169066s ago: executing program 2 (id=311): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x50}}, 0x4820) socket$netlink(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000440)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02080000000100000080002000", @ANYRES32=0x0, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0x0, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000807b8af0ff00000000bfa100000000030007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000c5fecb4896b303e923cb53d82883f9efe0c0a9471dc4d770755927a574c3c6efb638cf98862fda9e87fac800f7018763bbc8de877326e0f8fc8f0672a6735d5d193d3cd99b7fa991dced2f0807ac45282f6a5cabed0079ba9330388388e1099d14d0bc24124230235e23ec786cb597a549c51ccfe490416edccc4fa350f08af8ee1b96d0f993e2925fa0f76a587116aea545f5d1b67297255917e6cfc6bf9c4af29b3a4543a0ae87d28d165ed9e8ee6d554c8b387f54b946487650be12f765407be474e9043c6c2d1c03a7adef38cbb36e3b1832e9d66b4ed57478fd1cb3f7ed7bf85c4ee57317ce0e4e281145721619851e938ec9b017c5b3211a3b2844daf948bff862881a328ffc72a3199e010000003ddb062b9a9612870ab4b71125ce837a65f14c37f39baff0763a630bfbf138568cb4d554a44b88357362bd72ea8dd175041e6dae6c6ad927fc86d27b325a4aa470b3e79a431c91435a0bcc1b76155f990072ecb44d30b632a890913479429095e2ab5c7d4133716d27f56a391326fd33e8fef71f42190850a3089303d49466d2ca47168052676bea43820d57ca8d4ad2", @ANYRES32=r0, @ANYBLOB="0000000000000000b70400000800000085000000950000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x19, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) unshare(0x2c060000) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="000000920000000000b70800030000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016000000", @ANYRESOCT=r0], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x18, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="b45478037246f9552ee40a98738926fcdff504a55f63d20d5b56a6f96249a51763c2149616640000000000", @ANYRES8=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b0000000800000020000000ffffffff01"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r6, 0x0, 0x2ab}, 0x18) unshare(0x2c020400) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0xa, r5}, 0x38) getsockopt$inet_udp_int(r4, 0x11, 0x65, 0x0, &(0x7f0000000440)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) eventfd(0x7) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000b000000010000000200000000000000", @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200000000000d00"/28], 0x50) unshare(0x2c020400) unshare(0xc000000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='sys_enter\x00'}, 0x10) r7 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000500)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a320000000008004100727865001400330076657468305f746f5f626f6e64"], 0x38}, 0x1, 0x0, 0x0, 0x20000854}, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x5) 4m17.250700827s ago: executing program 2 (id=312): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x20000086, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r3}, 0x10) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xd, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r4, 0x0, 0x0, 0xcc, 0x0, &(0x7f0000000700)=""/204, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x50) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x14040, 0x0) r6 = inotify_init1(0x0) inotify_add_watch(r6, &(0x7f0000000040)='./file1\x00', 0x2000434) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0) ioprio_set$pid(0x1, 0x0, 0x0) syz_clone3(&(0x7f00000006c0)={0x102102180, 0x0, 0x0, 0x0, {0x29}, 0x0, 0x0, 0x0, 0x0}, 0x58) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8e7, @void, @value}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00'}) r9 = socket$unix(0x1, 0x1, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000380)={'bond0\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xb}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfe, {0x0, 0x0, 0x0, r11, {0x0, 0xffed}, {0xf, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0xe70, 0x6, 0x3, 0x7cb, 0x6960, 0xff}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8021}, 0x4008000) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), r5) 4m17.146627698s ago: executing program 2 (id=313): r0 = gettid() r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r3}, 0x10) socketpair(0x0, 0x0, 0x0, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000000800)=[@in6={0xa, 0x4e23, 0x9e, @local, 0xfc}], 0x1c) write$nci(r1, &(0x7f0000000140)=@NCI_OP_RF_NFCEE_ACTION_NTF={0x1, 0x0, 0x3, 0x9, 0x1}, 0x3) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) prlimit64(r0, 0x7, &(0x7f0000000080)={0x80000001, 0x2}, &(0x7f00000000c0)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x18) r7 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$selinux_access(r7, &(0x7f00000004c0)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a7570647077645f657865635f742073797374656d5f753a73797374656d5f723afaffffffffffffff3a73302030"], 0x56) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x18) r9 = getpid() sched_getattr(r9, &(0x7f00000002c0)={0x38}, 0x38, 0x0) r10 = syz_io_uring_complete(0x0) openat(r10, &(0x7f0000000200)='./file0\x00', 0x2000, 0x100) r11 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r11) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) sendmsg$NL80211_CMD_START_AP(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x20000050}, 0x48000) 4m16.966594761s ago: executing program 2 (id=317): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r3, 0x0, r2, 0x0, 0x6, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000100)=0x403) r4 = dup3(r3, r2, 0x0) sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c000000010605"], 0x2c}, 0x1, 0x0, 0x0, 0x40001d0}, 0x80) r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r1, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0], 0x0, 0x6a, &(0x7f0000000540)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f00000004c0), &(0x7f00000005c0), 0x8, 0x91, 0x8, 0x8, &(0x7f0000000600)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRES16=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r8}, 0xc) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000140), &(0x7f0000000040)='%pI4 \x00'}, 0x2a) syz_emit_ethernet(0x52, &(0x7f00000007c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0xc, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x5, 0x0, @dev, @private=0xa010100, {[@timestamp_addr={0x44, 0x14, 0x5, 0x3, 0x0, [{@multicast2}, {@initdev={0xac, 0x1e, 0x1, 0x0}}]}, @ssrr={0x89, 0x3, 0xce}, @lsrr={0x83, 0x3}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0x3}}}}}}, 0x0) getsockopt$bt_sco_SCO_OPTIONS(r4, 0x11, 0x1, &(0x7f00000008c0)=""/95, &(0x7f0000000940)=0x5f) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002ec0)={0x38, r10, 0x10ada85e65c25359, 0xfffffffd, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x72}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x38}}, 0x0) 4m16.966359092s ago: executing program 32 (id=317): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r3, 0x0, r2, 0x0, 0x6, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000100)=0x403) r4 = dup3(r3, r2, 0x0) sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c000000010605"], 0x2c}, 0x1, 0x0, 0x0, 0x40001d0}, 0x80) r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r1, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0], 0x0, 0x6a, &(0x7f0000000540)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f00000004c0), &(0x7f00000005c0), 0x8, 0x91, 0x8, 0x8, &(0x7f0000000600)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRES16=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r8}, 0xc) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000140), &(0x7f0000000040)='%pI4 \x00'}, 0x2a) syz_emit_ethernet(0x52, &(0x7f00000007c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0xc, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x5, 0x0, @dev, @private=0xa010100, {[@timestamp_addr={0x44, 0x14, 0x5, 0x3, 0x0, [{@multicast2}, {@initdev={0xac, 0x1e, 0x1, 0x0}}]}, @ssrr={0x89, 0x3, 0xce}, @lsrr={0x83, 0x3}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0x3}}}}}}, 0x0) getsockopt$bt_sco_SCO_OPTIONS(r4, 0x11, 0x1, &(0x7f00000008c0)=""/95, &(0x7f0000000940)=0x5f) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002ec0)={0x38, r10, 0x10ada85e65c25359, 0xfffffffd, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x72}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x38}}, 0x0) 1m48.366147425s ago: executing program 1 (id=2780): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0}, 0x18) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000880)}, 0x4048841) r2 = openat(0xffffffffffffff9c, 0x0, 0x101000, 0x0) getdents64(r2, 0x0, 0x0) lseek(r2, 0x3, 0x1) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x5, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r3}, 0x10) r4 = socket(0x10, 0x803, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x90, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x64, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0xe, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0xfffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x6783, 0x2, 0x8001, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0xffff, 0xa}}, @TCA_U32_INDEV={0x14, 0x8, 'netdevsim0\x00'}]}}]}, 0x90}}, 0x24040084) 1m48.343248915s ago: executing program 1 (id=2781): unshare(0x26000400) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000000c0), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) syz_clone(0x43001000, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000380), 0x12) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$BTRFS_IOC_BALANCE_CTL(r4, 0x40049421, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) r5 = io_uring_setup(0x1ed, &(0x7f0000000000)={0x0, 0xbcd9, 0x100, 0x0, 0x223}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x4010, r5, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c00020007009300000000000c0001"], 0x30}, 0x1, 0x0, 0x0, 0x8080}, 0x4080) 1m48.185941248s ago: executing program 1 (id=2782): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000004c0)={r0, &(0x7f0000000300), 0x0}, 0x20) 1m48.122538109s ago: executing program 1 (id=2783): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0, 0xffffffffffffffff}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20) r2 = socket(0x10, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x18, 0x1, 0x7, 0x101, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFACCT_FILTER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4004881}, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0) umount2(&(0x7f0000000480)='./file0\x00', 0x2) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x303}, "fbffffffffffffff", "1fd33c81cf7995313c09de00fd6ded74", '\x00', "1e00040000000100"}, 0x28) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd87}, &(0x7f0000000240)=0x40) writev(r3, &(0x7f00000030c0)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1000000000000054) close_range(r2, r3, 0x0) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f0000000040)={{r6}, 0xffff, 0x2, 0x76}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0xc000, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000440)={'batadv_slave_1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}) 1m48.122201419s ago: executing program 1 (id=2784): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="340000001400010000000000ffdbdf250a00a100", @ANYRES32=r2, @ANYBLOB], 0x34}}, 0x0) 1m48.081687629s ago: executing program 1 (id=2785): perf_event_open(0x0, 0x0, 0xffffffdfffffffff, 0xffffffffffffffff, 0x2) unshare(0x2040400) mq_open(&(0x7f00000000c0)='${$\x00', 0x840, 0x0, 0x0) syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0), &(0x7f00000001c0)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) semtimedop(0x0, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0xa6b1, 0x0) syz_open_dev$loop(0x0, 0x9, 0x12d600) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6) write$cgroup_type(r1, &(0x7f0000000280), 0xfffffeed) connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x0, @hyper}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000000), 0x8) unshare(0x42000000) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000880)={{{@in=@remote, @in=@broadcast, 0x4620, 0x1, 0x4e23, 0x1, 0xa, 0x80, 0xa0, 0x5e}, {0x4000000000d06, 0x1c000000000000, 0x2, 0x1, 0x3, 0x3, 0x7, 0x6812}, {0x4, 0x2, 0x1, 0x7ffffffffffffffd}, 0x75e, 0x6e6bb6, 0x0, 0x1, 0x1}, {{@in6=@private2, 0x4d9, 0x3c}, 0x2, @in=@rand_addr=0x64010102, 0x3504, 0x2, 0x2, 0xff, 0x3ff, 0x7, 0x4}}, 0xe8) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 1m48.0570453s ago: executing program 33 (id=2785): perf_event_open(0x0, 0x0, 0xffffffdfffffffff, 0xffffffffffffffff, 0x2) unshare(0x2040400) mq_open(&(0x7f00000000c0)='${$\x00', 0x840, 0x0, 0x0) syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0), &(0x7f00000001c0)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) semtimedop(0x0, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0xa6b1, 0x0) syz_open_dev$loop(0x0, 0x9, 0x12d600) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6) write$cgroup_type(r1, &(0x7f0000000280), 0xfffffeed) connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x0, @hyper}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000000), 0x8) unshare(0x42000000) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000880)={{{@in=@remote, @in=@broadcast, 0x4620, 0x1, 0x4e23, 0x1, 0xa, 0x80, 0xa0, 0x5e}, {0x4000000000d06, 0x1c000000000000, 0x2, 0x1, 0x3, 0x3, 0x7, 0x6812}, {0x4, 0x2, 0x1, 0x7ffffffffffffffd}, 0x75e, 0x6e6bb6, 0x0, 0x1, 0x1}, {{@in6=@private2, 0x4d9, 0x3c}, 0x2, @in=@rand_addr=0x64010102, 0x3504, 0x2, 0x2, 0xff, 0x3ff, 0x7, 0x4}}, 0xe8) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 4.030737266s ago: executing program 0 (id=4737): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x10050, &(0x7f0000000800)={[{@jqfmt_vfsv1}, {@nouid32}, {@jqfmt_vfsv0}, {@norecovery}, {@nogrpid}, {@dioread_lock}]}, 0x3, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSdJ47bBh6og+lRQKz4Ja0wmIWSSWZJJuwmLTfFVEES04Is++SL4BwjSF99FKNR3UVGkZvVBoe2VO3Onm0xmkhRncpfk94Oz9557Zu73nQlz5tyZu/cGcGE9GRE3ImIsIp6JiKlie1qU2OuU/HH39+8t5iWJLHvp7SSSYlt3X5eL5bXiaRMR8Y2vRnw3ORp3a2d3baHRqG8W9enWevJOlu3eXF1fWKmv1Dfm5mafm39+/tb8zFD6WY2IF77815/88JdfeeG3n33lT7f/fuN7eVr/zbJXo6cfw9TpeqX9WnSNR8TmKIKVZLzdw45bJecCAMDx8vn+hyPik+35/1SMtWdzAAAAwHmSfWEy3kkiMgAAAODcSiNiMpK0VpzvO1mcsXotIj4aV9NGc6v1meXm9sZS3hZRjUq6vNqoz8RE+9yBalSSvD5bnGPbrT/bU5+LiEcj4sdTV9r12mKzsVT2lx8AAABwQVzrOf7/91Sa1mpF417JyQEAAADDUy07AQAAAGDkHP8DAADA+VfN+tyh66h09JkAAAAAI/C1F1/MS9a9//XSyzvba82Xby7Vt9Zq69uLtcXm5p3aSrO50r5m3/pJ+2s0m3c+Fxvbd6db9a3W9NbO7u315vZG6/bqoVtgAwAAAGfo0U+88cckIvY+f6VdcpeKtkpENnbwweNlZAiMygc6p+cvo8sDOHsHP9+vlJgHcPZM6eHiqpSdAFC6k/4D0MCTd34//FwAAIDRuP6xwb//v71camrAiBW//yenugAIcK6MlZ0AUJrO73/vZR1lZwOcpcpxMwAHBXDupcP5/f+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSZZXG/WZiPhQRLw1Vbmc12fbz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3u8HLiX/mWovI+KVn73007sLrdbmbL79n+9vb71ebH+2jG8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNP9/XuL97Msy/bvLZ5l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjB56XRMTYEOLvvRYRj/WLn+RpRbXI4lD8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK4+/uavpwfGfy3i8fH+4083fpLvr0/8p07Zx+98c3d3UFv2i4jr/ca/5HCs6db6nemtnd2bq+sLK/WV+sbc3Oxz88/P35qfmV5ebdSLf/vG+NHHf/Peg9q7R/p/9Zjxt93/Aa//06fs/7tv3t3/SGe15y8Tlfh5lt14qv/f/7F88emj8buffZ8qPgfyev4apq9/q2/8J371hycG5Zb3f2lA/yd6+n+5p/83Ttn/Z77+/T+f8qEAwBnY2tldW2g06ptWDq5E9aFI4+FdyeedpaeRRBL5yluHmhbKT6yz8mrxHltodN9tQ9rz74qDo1EmX9J4BAAAjM6DSX9vS1JOQgAAAAAAAAAAAAAAAAAAAHABnXgZsEFNaUQ82PLtHxxzNbLemHvldBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Fj/CwAA//8GI9aV") r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000010c0)=ANY=[@ANYBLOB="c801000010000100000008000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000a8011a80400002803c000180080021000000000008001800000000003800030000000000080009000000000008000c00000000003800120000000000"], 0x1c8}}, 0x0) creat(&(0x7f0000000ac0)='./file0\x00', 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4000) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r3, r3) chown(&(0x7f00000003c0)='./file0\x00', r3, r2) creat(&(0x7f0000000ac0)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10) r9 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r9, &(0x7f0000000080)="be", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x7fff}}]}, 0x38}}, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x1, 0x3}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) 3.803336069s ago: executing program 0 (id=4740): setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x9, &(0x7f0000000340)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], &(0x7f0000000000)='GPL\x00', 0x7, 0x1000, &(0x7f0000001140)=""/4096, 0x40f00, 0x1c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x1, 0x2}, 0x8, 0x10, &(0x7f00000001c0)={0x2, 0x6, 0x7f, 0x200}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000440)=[{0x0, 0x2, 0x1, 0x9}], 0x10, 0x2, @void, @value}, 0x94) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000005c0)=@gcm_256={{0x304}, "a811aa2c93b7d258", "4004ceb8b4065db434b6eea5825628b2309dd66da534243819c5ec3b689adb9e", "d0a90526", "3ef3cd9ec3616abe"}, 0x38) socket$pppl2tp(0x18, 0x1, 0x1) ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, &(0x7f0000000100)={0x1000, 0x9ce, 0x2, 0x6, 0x9, "7f75bd0c639bb7da5d14e6048a250506359a2d", 0x4, 0x9ec}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c0000000000000000", @ANYRES32=r0], 0x30}}, 0x0) 3.769475599s ago: executing program 0 (id=4742): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r2 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00'}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x18) add_key$keyring(&(0x7f0000000040), &(0x7f0000000340)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r3, 0x0, 0x6}, 0x18) socket$inet6_tcp(0xa, 0x1, 0x0) add_key(&(0x7f0000000180)='asymmetric\x00', 0x0, &(0x7f00000001c0)="060000000000000000fd49d6", 0xc, r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x88, 0x2c, 0xd2b, 0x70bd2b, 0x35dfdbfb, {0x0, 0x0, 0x0, r1, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x5c, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0x1, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0x7ffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x6783, 0x2, 0x8001, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_INDEV={0x14, 0x8, 'netdevsim0\x00'}]}}]}, 0x88}}, 0x24040084) 3.73706638s ago: executing program 0 (id=4743): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={@dev, 0x9, r3}) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000240)={@empty, r3}, 0x14) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="18ffffffff000000000000000000000018110000356cb00cea1400000000010000005b4e7f97355cd8a143", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe8000000000000000000000000000bbff010000000000000000000000000001ffff00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="64010101000000000000000000000000000000023200000000000000000000000000000000000001000000000000000003000000000000000000000003000000000000000000000000000000000000180000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000af0000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000000000000000000000000000000000000000000000004c001400636d61632861657329"], 0x1a0}, 0x1, 0x0, 0x0, 0x4000001}, 0x0) sendmmsg$inet6(r0, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)="12", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}}], 0x2, 0x48800) syz_usb_disconnect(0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6) shutdown(r0, 0x2) 2.091095807s ago: executing program 0 (id=4753): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x50}}, 0x4820) socket$netlink(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000440)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02080000000100000080002000", @ANYRES32=0x0, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0x0, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000807b8af0ff00000000bfa100000000030007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000c5fecb4896b303e923cb53d82883f9efe0c0a9471dc4d770755927a574c3c6efb638cf98862fda9e87fac800f7018763bbc8de877326e0f8fc8f0672a6735d5d193d3cd99b7fa991dced2f0807ac45282f6a5cabed0079ba9330388388e1099d14d0bc24124230235e23ec786cb597a549c51ccfe490416edccc4fa350f08af8ee1b96d0f993e2925fa0f76a587116aea545f5d1b67297255917e6cfc6bf9c4af29b3a4543a0ae87d28d165ed9e8ee6d554c8b387f54b946487650be12f765407be474e9043c6c2d1c03a7adef38cbb36e3b1832e9d66b4ed57478fd1cb3f7ed7bf85c4ee57317ce0e4e281145721619851e938ec9b017c5b3211a3b2844daf948bff862881a328ffc72a3199e010000003ddb062b9a9612870ab4b71125ce837a65f14c37f39baff0763a630bfbf138568cb4d554a44b88357362bd72ea8dd175041e6dae6c6ad927fc86d27b325a4aa470b3e79a431c91435a0bcc1b76155f990072ecb44d30b632a890913479429095e2ab5c7d4133716d27f56a391326fd33e8fef71f42190850a3089303d49466d2ca47168052676bea43820d57ca8d4ad2", @ANYRES32=r0, @ANYBLOB="0000000000000000b70400000800000085000000950000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x19, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) unshare(0x2c060000) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="000000920000000000b70800030000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016000000", @ANYRESOCT=r0], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x18, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="b45478037246f9552ee40a98738926fcdff504a55f63d20d5b56a6f96249a51763c2149616640000000000", @ANYRES8=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r6, 0x0, 0x2ab}, 0x18) unshare(0x2c020400) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0xa, r5}, 0x38) getsockopt$inet_udp_int(r4, 0x11, 0x65, 0x0, &(0x7f0000000440)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) eventfd(0x7) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000b000000010000000200000000000000", @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200000000000d00"/28], 0x50) unshare(0x2c020400) unshare(0xc000000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='sys_enter\x00'}, 0x10) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000500)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a320000000008004100727865001400330076657468305f746f5f626f6e64"], 0x38}, 0x1, 0x0, 0x0, 0x20000854}, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x5) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x53, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 2.030202987s ago: executing program 0 (id=4755): syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @local}, {0x0, 0x17c1, 0x8}}}}}, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]}) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{r2}, &(0x7f0000000000), &(0x7f0000000040)='%ps \x00'}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) r7 = fcntl$getown(r1, 0x9) sched_setaffinity(r7, 0x8, &(0x7f0000000300)=0x20b) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xfff3}}}, 0x24}}, 0x0) r9 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0) r10 = fsmount(r9, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r10) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8936, &(0x7f0000000280)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x69, r8}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003000000ff090000004000010203010902240001010cc030090400007eeef372ca160203010008092189080801221f03090581"], 0x0) close_range(r0, 0xffffffffffffffff, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_DELRULE={0x14, 0x8, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0x6}}, @NFT_MSG_DELCHAIN={0x14, 0x5, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x3}}, @NFT_MSG_NEWTABLE={0x60, 0x0, 0xa, 0xa02, 0x0, 0x0, {0x5, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWCHAIN={0x4c, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5, 0x0, 0x6}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x2}, @NFTA_CHAIN_HOOK={0x24, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x5598518e}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_CHAIN_POLICY={0x8}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xfc}, 0x1, 0x0, 0x0, 0xc8890}, 0x1) 1.605267044s ago: executing program 6 (id=4767): r0 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x902r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x80, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r1}, 0x18) mq_timedsend(r0, 0x0, 0x0, 0x6, 0x0) mq_timedreceive(r0, &(0x7f000001d600)=""/102382, 0x18fee, 0x9000, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00'}, 0x10) r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e20, 0x5, @private1, 0x9}}, 0x5, 0xd}, &(0x7f00000003c0)=0x90) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000400)={r3, 0x2}, &(0x7f0000000440)=0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffff"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 1.522272726s ago: executing program 4 (id=4768): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804000, &(0x7f0000000040)={[{}, {@noauto_da_alloc}, {@delalloc}, {@nobh}, {@dioread_lock}]}, 0x3, 0x4c0, &(0x7f0000000540)="$eJzs3VFrXFkdAPD/vUlq2qYmVR9qwRq0khbtTNLYNvjQVhB9Kqj1PcZkEkImmZCZtE0okuIHEERU9MknXwQ/gCD9CCIU9F2WZZey23Yf9mF3Z7kzd9psmCTtNpnpZn4/OLnn3Hsz//+ZYc7MmXu5N4CeNRoRNyOiLyIuRsRwvj7NS2w1S7bf0yf3Z7OSRL1++70kknxd67GSfHky/7fBiPj5TyJ+lSTNFdtUNzaXZsrl0lreLtaWV4vVjc1Li8szC6WF0srk5MTVqWtTV6bGD6yv13/09h9++7cfX//X9+7+f/rdC7/O8h3Kt23vx0FqPicDjeeipT8i1g4jWBf05f0Z6HYiAAC8lOw7/lci4lsR8ezP3c4GAAAAOAz1G0PxURJRBwAAAI6stHEObJIW8nMBhiJNC4XmObxfixtRrlRr352vrK/MNc+VHYmBdH6xXBrPzxUeiYEka0806i/al3e0JyPidET8fvh4o12YrZTnuv3jBwAAAPSIbJ4/lDbr2eKD4eb8HwAAADhiRrqdAAAAAHDozP8BAADg6Nt1/p/0dzYRAAAA4DD89NatrNRb97+eu7OxvlS5c2muVF0qLK/PFmYra6uFhUploXHNvuX9Hq9cqax+P1bW7xVrpWqtWN3YnF6urK/Uphv39Z4uuU80AAAAdN7pbz78XxIRWz843iiZY/k2c3U42tJX2z05rDyAzuvrdgJA1zjBF3qXOT6w38R+sEN5AAAAh2fs647/Q696xeP/wBHi+D/0Lsf/oXeZ4wOf+/j/vw8+FwAA4HAMNUqSFvJjgUORpoVCxKnGbQEGkvnFcmk8Ir4cEf8dHvhS1p7odtIAAAAAAAAAAAAAAAAAAAAAAAAA8AVTrydRBwAAAI60iPSdJL//19jw+aGdvw8cSz4cbiwj4u5fbv/x3kyttjaRrX//+fran/L1l7vxCwYAAACwU2ue3prHAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBBevrk/myrdDLu4x9GxEi7+P0x2FgOxkBEnHiWRP+2/0siou8A4m89iIgz7eInWVoxkmexM34aEcc7FL9d/7P4Jw8gPvSyh9n4c7Pd+y+N0cay/fu/Py+v6/HobuNf+nz869tl/Du1z2Mfy5dnH/2juGv8BxFn+9uPP634yWuOv7/8xebmbtvqf40Ya/v5k3wmVrG2vFqsbmxeWlyeWSgtlFYmJyeuTl2bujI1XpxfLJfyv21j/O4b//xkr/6f2CX+yD79P7+tvddz8fGje0++ukf8C99u//qf2SN+Fu87+edAtn2sVd9q1rc79/f/nNur/3O79H+/1//CHn3e7uLPfvPWS+4KAHRAdWNzaaZcLq29TCWNV9hZ5TUro29GGiq9WckHiMEuD1AAAMCBefGlv9uZAAAAAAAAAAAAAAAAAAAAQO/qxOXEtsdzOTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4E31aQAAAP//YGHTsw==") prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) rename(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000240)='./file2\x00') (fail_nth: 2) 1.457505027s ago: executing program 6 (id=4769): setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x9, &(0x7f0000000340)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], &(0x7f0000000000)='GPL\x00', 0x7, 0x1000, &(0x7f0000001140)=""/4096, 0x40f00, 0x1c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x1, 0x2}, 0x8, 0x10, &(0x7f00000001c0)={0x2, 0x6, 0x7f, 0x200}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000440)=[{0x0, 0x2, 0x1, 0x9}], 0x10, 0x2, @void, @value}, 0x94) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000005c0)=@gcm_256={{0x304}, "a811aa2c93b7d258", "4004ceb8b4065db434b6eea5825628b2309dd66da534243819c5ec3b689adb9e", "d0a90526", "3ef3cd9ec3616abe"}, 0x38) socket$pppl2tp(0x18, 0x1, 0x1) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0, 0x0, 0x2}, 0x18) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c0000000000000000", @ANYRES32=r1], 0x30}}, 0x0) 1.439166987s ago: executing program 6 (id=4770): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)={0x14, r4, 0xb3d3e8a28760fb9b, 0x70bd27}, 0x14}, 0x1, 0x0, 0x0, 0x2000c804}, 0x20048004) r5 = socket$kcm(0xa, 0x1, 0x106) r6 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000000), 0x4) r7 = getpid() r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0x1d, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x3}, {}, {}, [@ldst={0x0, 0x3, 0x4, 0x2, 0x1, 0xfffffffffffffff8, 0xffffffffffffffff}, @map_val={0x18, 0xe, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_fd={0x18, 0x6}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x7fffffff, 0x11, &(0x7f0000000180)=""/17, 0x1f00, 0xd, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x3, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x1, 0x2, 0x0, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x6, &(0x7f0000000380)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000003c0)=[{0x2, 0x4, 0x8}, {0x2, 0x1, 0xc, 0x6}, {0x5, 0x1, 0x2, 0x1}, {0x3, 0x3, 0x4, 0x1}, {0x1, 0x5, 0x3, 0xb}, {0x5, 0x3, 0x0, 0x8}], 0x10, 0x9, @void, @value}, 0x94) r10 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r10, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2c010000160001000000000000000000ff01000000000000000000000000000100000000000000000000ffff000000004e20000000000000000080000400000062401bb9ce0c324fb3d345a77c244f3e8ac96f09ef14daec5bfd4dc5b6a380272a389809dde48888048f1c7dbe03be6bcc39e50bef37897c84873459dae5409a", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000ffffac1414230000000033000000ff010000000000000000000000000001000000000000000000000000000000002f0000000000000000000000000000009f00000000000000f1ffffffffffffff0300000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000960700000000000000000000000000004f0000000000000000000000b1a001002c001300ffffffff000000000000000000000000ffffffff000000000000000000000000000000000200000008000c00ff7f0000"], 0x12c}, 0x1, 0x0, 0x0, 0x40}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r9, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) gettid() r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r11}, 0x10) r12 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r6) sendmsg$DEVLINK_CMD_RELOAD(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="805d493cf526616d8e012c32130e4ac3ee9b3d84b0cce746c64f299de45dddeb21edc53d87ed6aead957a726d5805a90f6374cb7d688649aba9cf75d3ebd3ed2ec98b78a95e95144d304fd6230104ea890965b85bdc78e4f0ed3161bbb19023cea32a531e28323fc020ce4bcf77c989e0ccb", @ANYRES16=r12, @ANYBLOB="010026bd700000000000250000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008b00", @ANYRES32=r7, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) writev(r9, &(0x7f0000000600)=[{&(0x7f0000000b80)="d8353ae48ec28f42bf25cd809ddeca0a757b152caae5bbd83fccdadb968d6ca59b86afb88852903342bad4a441cfb5c6c8bdf844e890550eabceabef36ea6a30a82e0bb782f9f6e83168a5dd7357350e1ef28fed6e604eb55f43544fc62464fa7476a4b742e5ad27b8ab1dbbb86f4c0b3a27e2e6ed89fa15d4ad2c8cf0e97fed654779ccc0e4ea75e786d21718b0b6b76e3dc096896b0a4d830525a8617acaa92723c1db03d907efb3a16e46314b0a5aef81c5fb9615081ceb013ad3a104df42ca", 0xc1}, {&(0x7f0000000c80)="e53478d6ee6fb1eb370f5096fb7dab233927bcacae72c3c0eb32e59d0e83fa7954b98e75e509b4e3ebfda143d289aaa4a03ead8c6cbd18b290a7bffbfaf03f1cd7264d0e47db569432126bc944b6dede1296c88ea70370a916ca826a983ddc5a3a923b0f71db90c958b7ee3da4e5e3498d98ec3007acf74b99341b7150637179998267105bb09a81ecdc5c8d964589c5c7dcd669744272e7358b69ebd6494055685699a7676b220d5a8de16edfc3fc0b9b54421c46ea3d1e4f", 0xb9}], 0x2) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r6, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) sendmsg$kcm(r5, &(0x7f00000019c0)={&(0x7f00000008c0)=@l2tp6={0xa, 0x0, 0x0, @dev, 0x5}, 0x80, 0x0}, 0x24004059) close(r5) 1.157232072s ago: executing program 4 (id=4772): bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, 0x0, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x3bf, 0x4, 0x14a}}) ioctl$TCSETS2(r3, 0x402c542b, &(0x7f0000000080)={0xfffe7527, 0x1, 0xefcc, 0x7f9, 0xb2, "20ab980c230fe3310ebcb09e77c9681ec267a0", 0x7, 0x7fffffff}) ioctl$TIOCL_PASTESEL(r3, 0x541c, &(0x7f0000000000)) openat$procfs(0xffffffffffffff9c, &(0x7f0000000580)='/proc/bus/input/devices\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0x14, 0x0, 0x0, 0xfffffffc, 0x32, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = openat$random(0xffffffffffffff9c, &(0x7f0000002b40), 0x109040, 0x0) preadv2(r4, &(0x7f0000003d00), 0x0, 0x7, 0x1, 0x20) epoll_create(0x6) openat$selinux_policy(0xffffffffffffff9c, 0x0, 0x0, 0x0) poll(0x0, 0x0, 0x7) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', 0x0}) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r5, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000004600)={'ip_vti0\x00', &(0x7f0000004580)={'syztnl1\x00', 0x0, 0x40, 0x1, 0x6, 0x6, {{0x14, 0x4, 0x1, 0x36, 0x50, 0x64, 0x0, 0x4, 0x29, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x2c, 0x40, 0x3, 0x5, [{@private=0xa010101, 0xa2}, {@loopback, 0x1}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8}, {@loopback, 0x1}, {@empty, 0x9cf}]}, @end, @lsrr={0x83, 0xf, 0xef, [@private=0xa010100, @broadcast, @empty]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000004700)={'gretap0\x00', &(0x7f0000004640)={'erspan0\x00', 0x0, 0xf7, 0x1, 0x6, 0x40, {{0x8, 0x4, 0x3, 0x9, 0x20, 0x65, 0x0, 0x5, 0x2f, 0x0, @local, @loopback, {[@ssrr={0x89, 0x3, 0x4b}, @cipso={0x86, 0x6}]}}}}}) r7 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 1.099472923s ago: executing program 6 (id=4773): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000009, 0x31, 0xffffffffffffffff, 0x7c5c7000) (async) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async) r1 = open(&(0x7f0000000280)='.\x00', 0x8100, 0x0) fcntl$notify(r1, 0x402, 0x8000003d) fcntl$setsig(r1, 0xa, 0x11) (async, rerun: 64) openat(0xffffffffffffff9c, &(0x7f0000002600)='./file1\x00', 0x105040, 0x0) (async, rerun: 64) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000000), 0x0) (async) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x100001f, &(0x7f0000000240)={[{@errors_remount}, {@grpquota}, {@i_version}, {@data_err_ignore}]}, 0x21, 0x44b, &(0x7f0000000dc0)="$eJzs281vG0UbAPBn7aR9274lKSof/YAGCqICkTRpgR44tAgkDiAhwaEcQ5JWoW6DmiDRKoKAUDmiShy4IY5I/AWc4IKAExJXuKNKFcqlhZPR2ruJ49hJnNh1iH8/aZWZ3XFmHu+OPbPjDaBnDUXEpxHx/4j4PSIGIiKpLzBU/XN3cX7i78X5iSTK5Tf/Sirl7izOT+RF89ftyzML1fyRBvXOXrt+abxUmrqa5UfmLr83Mnvt+rPTl8cvTl2cujJ25szpU6MvPD/2XFviTNt05/CHM0cPvfr2zdcnzt985+dvkyy8qIujTYbWOvhkmyvrtv016aSviw2hJcWISE9Xf6X/D0Qxlk/eQLzySVcbB3RUuVwu725+eKEM7GBJdLsFQHfkX/Tp/Dff7tHQY1u4fa46AUrjvptt1SN9UcjK9NfNb9spnW2dX/jnq3SLztyHAABY4ftz1b+rx3+FeLCm3NlsbWgwIg7ULG4cjIgHIiplH4qIh1usv36RZPX4p3CrxX/ZknT892K2trVy/JeP/mKwmOX2V+LvTy5Ml6ZORsR9EXEi+nen+dE16vjh5d8+b3ZsqGb8l25p/flYMGvHrb66G3ST43PjW4m51u2PIw73NYo/WVoJSCLiUEQcPra5Oqaf/uZos2Prx7+GNqwzlb+OeKp6/heiLv5csvb65Mj/ojR1ciS/Klb75dcbbzSrv9X4D3y5PGdrh/T87214/S/FP1gu1qzXzrZex40/Pms6p9ns9b8reauS3pXt+2B8bu7qaMSu5LVs/9nl/WPLr83zefk0/hPHG/f/+2P5nTgSEelF/EhEPBoRx7K2PxYRj0fE8TXi/+mlJ97dfPydlcY/uc75T2rX6zeRKF768bsVlQ62En96/k9XUieyPRv5/NtoA7f6/gEAAMB/QaHy2/+kMLyULhSGh6u/lz8Yewulmdm5Zy7MvH9lsvqMwGD0F/I7XQM190NHs2l9nh+ry5/K7ht/UdxTyQ9PzJQmux089Lh9Tfp/6s9it1sHdJzntaB36f/Qu/R/6F36P/SsRs//79lAGWAHaPT9/1EX2gHce8b/0Lta7f/VyYEpAewEvv+hd+n/0JO28lx/JxP5+sN2ac+KRLm8Xpm+7dLUziWisC2aIdGhRJc/mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANrk3wAAAP//+TvoKw==") setsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000040)=0x69, 0x1) 1.064212093s ago: executing program 4 (id=4774): syz_io_uring_submit(0x0, 0x0, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}, 0x0, 0x40000103}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000fcffffff18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000100850000008600000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) r3 = socket$netlink(0x10, 0x3, 0x0) preadv(r2, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 986.397214ms ago: executing program 6 (id=4775): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000570000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r0}, 0x18) r1 = syz_open_dev$usbfs(&(0x7f0000000340), 0x206, 0x8401) ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522) ioctl$USBDEVFS_BULK(r1, 0x5523, 0x0) ioctl$USBDEVFS_FORBID_SUSPEND(r1, 0x5521) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e85000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{}, &(0x7f0000000380), &(0x7f00000003c0)=r2}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = gettid() r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0) read(r4, &(0x7f0000000200)=""/202, 0xca) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, {0x3}}) tkill(r3, 0x7) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r4, 0xc08c5336, &(0x7f0000000000)={0x1, 0x2, 0x0, 'queue0\x00', 0x3}) r5 = socket(0x10, 0x3, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x18) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x5}, 0x2004c000) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[], &(0x7f0000000040)=""/247, 0x26, 0xf7, 0x1, 0x0, 0x0, @void, @value}, 0x28) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004", @ANYRES32=r2, @ANYBLOB="0f29f4d44fdd804834e17308c2f878c00e13dca6ff5556cc828429b4b618", @ANYRES64=r3], 0x50) 924.185085ms ago: executing program 4 (id=4778): futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) socket$tipc(0x1e, 0x5, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f0000000500)={0x2, 0xfc, 0x8}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000440)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5800000010004b04000000000000ff007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000380012800b000100627269646765000028000280060006000004000005000700070000000500260001"], 0x58}}, 0x0) capget(&(0x7f0000001dc0)={0x19980330, 0xffffffffffffffff}, &(0x7f0000001e00)={0x6, 0x8, 0x1, 0x5, 0x6, 0x6}) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180), 0x12) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_mems\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x18}) r3 = socket$inet6(0xa, 0x3, 0xff) dup2(r3, r3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18) symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f0000000240)='./file0\x00') link(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/../file0\x00') 685.433189ms ago: executing program 6 (id=4781): futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) socket$tipc(0x1e, 0x5, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDSKBENT(r1, 0x4b47, &(0x7f0000000500)={0x2, 0xfc, 0x8}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000440)='kmem_cache_free\x00', r0}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5800000010004b04000000000000ff007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000380012800b000100627269646765000028000280060006000004000005000700070000000500260001"], 0x58}}, 0x0) capget(&(0x7f0000001dc0)={0x19980330, 0xffffffffffffffff}, &(0x7f0000001e00)={0x6, 0x8, 0x1, 0x5, 0x6, 0x6}) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000180), 0x12) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_mems\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r4, 0xc028660f, &(0x7f0000000080)={0x0, r3, 0x18}) r5 = socket$inet6(0xa, 0x3, 0xff) dup2(r5, r5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18) symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f0000000240)='./file0\x00') link(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/../file0\x00') 654.66882ms ago: executing program 5 (id=4784): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0x9}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x5, 0x0, 0x7ffc1ffb}]}) capget(&(0x7f0000000040)={0x20080522}, 0x0) 643.33095ms ago: executing program 3 (id=4785): r0 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x902r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x80, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r1}, 0x18) mq_timedsend(r0, 0x0, 0x0, 0x6, 0x0) mq_timedreceive(r0, &(0x7f000001d600)=""/102382, 0x18fee, 0x9000, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00'}, 0x10) r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e20, 0x5, @private1, 0x9}}, 0x5, 0xd}, &(0x7f00000003c0)=0x90) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000400)={r3, 0x2}, &(0x7f0000000440)=0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffff"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 622.25505ms ago: executing program 5 (id=4786): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = creat(&(0x7f0000000440)='./file0\x00', 0xa) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f00000002c0), r2) sendmsg$NFC_CMD_DEP_LINK_UP(r2, &(0x7f0000000600)={0x0, 0xffffffffffffff24, &(0x7f00000005c0)={&(0x7f0000000700)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fbdbdf250400000005000a0000000000080001"], 0x3c}, 0x1, 0x0, 0x0, 0x26040041}, 0x40) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(0xffffffffffffffff, 0x7, &(0x7f0000000580)=r0, 0x1) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000002ac0)=[@in6={0xa, 0x4e24, 0xa, @local, 0x9}]}, &(0x7f0000000080)=0x10) 601.8161ms ago: executing program 5 (id=4787): socket$packet(0x11, 0x3, 0x300) (async) r0 = socket$packet(0x11, 0x3, 0x300) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = signalfd(0xffffffffffffffff, &(0x7f0000000500)={[0x5]}, 0x8) name_to_handle_at(r4, &(0x7f0000004740)='\x00', &(0x7f0000004780)=ANY=[@ANYBLOB='\f'], &(0x7f00000047c0), 0x1200) openat$cgroup_ro(r4, &(0x7f0000000180)='blkio.throttle.io_serviced\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x3b0, 0x0, 0x43, 0xa0, 0x1d0, 0x98, 0x318, 0x178, 0x178, 0x318, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1b0, 0x1d0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@helper={{0x48}, {0x0, 'ftp-20000\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@unspec=@connbytes={{0x38}, {[{0xb}]}}, @common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x410) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r1}, 0x10) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r1}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000200009500000000000000"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000200009500000000000000"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socket$packet(0x11, 0x2, 0x300) (async) r8 = socket$packet(0x11, 0x2, 0x300) socket$inet6(0xa, 0x800000000000002, 0x0) (async) r9 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r9, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c) sendmmsg$inet6(r9, &(0x7f0000003d80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000001140)={0xa, 0x4e21, 0x1, @dev={0xfe, 0x80, '\x00', 0x3b}, 0x47}, 0x1c, 0x0, 0x0, &(0x7f0000001480)=[@rthdrdstopts={{0x18, 0x29, 0x37, {0x32}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x7594}}], 0x30}}], 0x2, 0x4040005) (async) sendmmsg$inet6(r9, &(0x7f0000003d80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000001140)={0xa, 0x4e21, 0x1, @dev={0xfe, 0x80, '\x00', 0x3b}, 0x47}, 0x1c, 0x0, 0x0, &(0x7f0000001480)=[@rthdrdstopts={{0x18, 0x29, 0x37, {0x32}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x7594}}], 0x30}}], 0x2, 0x4040005) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r7, r10, 0x25, 0x0, @val=@netfilter}, 0x40) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r10}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486fe42cf2f676cdbb91f7582ab314be"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000008c0)=r11, 0x4) mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x1f0, 0x0) (async) r12 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x1f0, 0x0) mq_timedsend(r12, 0x0, 0x0, 0x0, 0x0) (async) mq_timedsend(r12, 0x0, 0x0, 0x0, 0x0) mq_unlink(&(0x7f0000000000)='eth0\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) 510.137462ms ago: executing program 3 (id=4788): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x10050, &(0x7f0000000800)={[{@jqfmt_vfsv1}, {@nouid32}, {@jqfmt_vfsv0}, {@norecovery}, {@nogrpid}, {@dioread_lock}]}, 0x3, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSdJ47bBh6og+lRQKz4Ja0wmIWSSWZJJuwmLTfFVEES04Is++SL4BwjSF99FKNR3UVGkZvVBoe2VO3Onm0xmkhRncpfk94Oz9557Zu73nQlz5tyZu/cGcGE9GRE3ImIsIp6JiKlie1qU2OuU/HH39+8t5iWJLHvp7SSSYlt3X5eL5bXiaRMR8Y2vRnw3ORp3a2d3baHRqG8W9enWevJOlu3eXF1fWKmv1Dfm5mafm39+/tb8zFD6WY2IF77815/88JdfeeG3n33lT7f/fuN7eVr/zbJXo6cfw9TpeqX9WnSNR8TmKIKVZLzdw45bJecCAMDx8vn+hyPik+35/1SMtWdzAAAAwHmSfWEy3kkiMgAAAODcSiNiMpK0VpzvO1mcsXotIj4aV9NGc6v1meXm9sZS3hZRjUq6vNqoz8RE+9yBalSSvD5bnGPbrT/bU5+LiEcj4sdTV9r12mKzsVT2lx8AAABwQVzrOf7/91Sa1mpF417JyQEAAADDUy07AQAAAGDkHP8DAADA+VfN+tyh66h09JkAAAAAI/C1F1/MS9a9//XSyzvba82Xby7Vt9Zq69uLtcXm5p3aSrO50r5m3/pJ+2s0m3c+Fxvbd6db9a3W9NbO7u315vZG6/bqoVtgAwAAAGfo0U+88cckIvY+f6VdcpeKtkpENnbwweNlZAiMygc6p+cvo8sDOHsHP9+vlJgHcPZM6eHiqpSdAFC6k/4D0MCTd34//FwAAIDRuP6xwb//v71camrAiBW//yenugAIcK6MlZ0AUJrO73/vZR1lZwOcpcpxMwAHBXDupcP5/f+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSZZXG/WZiPhQRLw1Vbmc12fbz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3u8HLiX/mWovI+KVn73007sLrdbmbL79n+9vb71ebH+2jG8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNP9/XuL97Msy/bvLZ5l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjB56XRMTYEOLvvRYRj/WLn+RpRbXI4lD8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK4+/uavpwfGfy3i8fH+4083fpLvr0/8p07Zx+98c3d3UFv2i4jr/ca/5HCs6db6nemtnd2bq+sLK/WV+sbc3Oxz88/P35qfmV5ebdSLf/vG+NHHf/Peg9q7R/p/9Zjxt93/Aa//06fs/7tv3t3/SGe15y8Tlfh5lt14qv/f/7F88emj8buffZ8qPgfyev4apq9/q2/8J371hycG5Zb3f2lA/yd6+n+5p/83Ttn/Z77+/T+f8qEAwBnY2tldW2g06ptWDq5E9aFI4+FdyeedpaeRRBL5yluHmhbKT6yz8mrxHltodN9tQ9rz74qDo1EmX9J4BAAAjM6DSX9vS1JOQgAAAAAAAAAAAAAAAAAAAHABnXgZsEFNaUQ82PLtHxxzNbLemHvldBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Fj/CwAA//8GI9aV") r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000010c0)=ANY=[@ANYBLOB="c801000010000100000008000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000a8011a80400002803c000180080021000000000008001800000000003800030000000000080009000000000008000c00000000003800120000000000"], 0x1c8}}, 0x0) creat(&(0x7f0000000ac0)='./file0\x00', 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4000) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r3, r3) chown(&(0x7f00000003c0)='./file0\x00', r3, r2) creat(&(0x7f0000000ac0)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10) r9 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r9, &(0x7f0000000080)="be", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x7fff}}]}, 0x38}}, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x1, 0x3}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) 509.023122ms ago: executing program 5 (id=4789): r0 = socket$kcm(0x10, 0x100000000002, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) write$selinux_load(r1, &(0x7f00000002c0)={0xf97cff8c, 0x8}, 0x10) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r3 = syz_open_procfs$pagemap(0x0, &(0x7f0000000180)) ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0xf8f, 0x0, 0x0, 0x0, 0x0, 0x2}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="e3a6cffb71765485f7a5b7", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) gettid() close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r6}, 0x10) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x1000000, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x61980, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000200)='kfree\x00', r9, 0x0, 0x80}, 0x18) sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100d0000000fbdbdf252100000018000180140002007665746831"], 0x2c}, 0x1, 0x0, 0x0, 0x840}, 0x4008800) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)="39000000140081ae00002c000500015601618575e285af0180000000171300883795c04a31ba377a1b2cc32b38d3740000ffffffffffffffff", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0) 478.414213ms ago: executing program 3 (id=4790): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x3}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20400, 0xc1bd03297b06a709, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_bp={0x0, 0x8}, 0x2, 0x100ffffffff, 0x6, 0x2, 0x3, 0x5, 0xfff9, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x4000, 0xffffffffffffffff, 0xb) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x10, 0x803, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000b5470000000095000000e76471784e958510c956bf7879f31502fb45427902f956e2256697c1d78001b069bac13eb9a341b0fa960743f15db5b32d335382f212dee55677506dcd3459f03d7b3fbab1339b04000000e2465f497f9b0830"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="00000000000057b6b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f00000003c0)='kmem_cache_free\x00', r3}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r4 = epoll_create1(0x80000) epoll_pwait2(r4, &(0x7f00000001c0)=[{}], 0x1, &(0x7f0000000380)={0x0, 0x989680}, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newtaction={0x90, 0x30, 0x871a15abc695fb3d, 0xfffffffe, 0x0, {}, [{0x7c, 0x1, [@m_tunnel_key={0x78, 0x1, 0x0, 0x0, {{0xf}, {0x48, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x2, 0x0, 0x6}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @empty}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @remote}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x800}, 0x24004044) 416.949333ms ago: executing program 5 (id=4791): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000570000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r0}, 0x18) r1 = syz_open_dev$usbfs(&(0x7f0000000340), 0x206, 0x8401) ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522) ioctl$USBDEVFS_BULK(r1, 0x5523, 0x0) ioctl$USBDEVFS_FORBID_SUSPEND(r1, 0x5521) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e85000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{}, &(0x7f0000000380), &(0x7f00000003c0)=r2}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = gettid() r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0) read(r4, &(0x7f0000000200)=""/202, 0xca) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, {0x3}}) tkill(r3, 0x7) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r4, 0xc08c5336, &(0x7f0000000000)={0x1, 0x2, 0x0, 'queue0\x00', 0x3}) r5 = socket(0x10, 0x3, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x18) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x5}, 0x2004c000) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[], &(0x7f0000000040)=""/247, 0x26, 0xf7, 0x1, 0x0, 0x0, @void, @value}, 0x28) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004", @ANYRES32=r2, @ANYBLOB="0f29f4d44fdd804834e17308c2f878c00e13dca6ff5556cc828429b4b618", @ANYRES64=r3], 0x50) 397.095334ms ago: executing program 3 (id=4792): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x3}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20400, 0xc1bd03297b06a709, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_bp={0x0, 0x8}, 0x2, 0x100ffffffff, 0x6, 0x2, 0x3, 0x5, 0xfff9, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x4000, 0xffffffffffffffff, 0xb) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x10, 0x803, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000b5470000000095000000e76471784e958510c956bf7879f31502fb45427902f956e2256697c1d78001b069bac13eb9a341b0fa960743f15db5b32d335382f212dee55677506dcd3459f03d7b3fbab1339b04000000e2465f497f9b0830"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="00000000000057b6b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f00000003c0)='kmem_cache_free\x00', r4}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r5 = epoll_create1(0x80000) epoll_pwait2(r5, &(0x7f00000001c0)=[{}], 0x1, &(0x7f0000000380)={0x0, 0x989680}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newtaction={0x90, 0x30, 0x871a15abc695fb3d, 0xfffffffe, 0x0, {}, [{0x7c, 0x1, [@m_tunnel_key={0x78, 0x1, 0x0, 0x0, {{0xf}, {0x48, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x2, 0x0, 0x6}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @empty}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @remote}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x800}, 0x24004044) 307.003975ms ago: executing program 3 (id=4793): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x47, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x200, {0x0, 0x0, 0x0, r3, {0xfff2}, {}, {0x9}}}, 0x24}}, 0x0) (fail_nth: 2) 33.29131ms ago: executing program 3 (id=4794): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) getpgrp(0x0) 31.94005ms ago: executing program 4 (id=4795): bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f00000004c0)='kmem_cache_free\x00', r0}, 0x18) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x20000, 0x2) 24.93627ms ago: executing program 5 (id=4796): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x47, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0_macvtap\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x200, {0x0, 0x0, 0x0, r3, {0xfff2}, {}, {0x9}}}, 0x24}}, 0x0) 0s ago: executing program 4 (id=4797): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) creat(&(0x7f0000000440)='./file0\x00', 0xa) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000002c0), r1) sendmsg$NFC_CMD_DEP_LINK_UP(r1, &(0x7f0000000600)={0x0, 0xffffffffffffff24, &(0x7f00000005c0)={&(0x7f0000000700)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002abd7000fbdbdf250400000005000a0000000000080001"], 0x3c}, 0x1, 0x0, 0x0, 0x26040041}, 0x40) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000002ac0)=[@in6={0xa, 0x4e24, 0xa, @local, 0x9}]}, &(0x7f0000000080)=0x10) kernel console output (not intermixed with test programs): 6151][T14417] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 279.546184][T14417] ? clear_bhb_loop+0x40/0x90 [ 279.546266][T14417] ? clear_bhb_loop+0x40/0x90 [ 279.546320][T14417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.546396][T14417] RIP: 0033:0x7fb10efae929 [ 279.546410][T14417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 279.546427][T14417] RSP: 002b:00007fb10d617038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 279.546445][T14417] RAX: ffffffffffffffda RBX: 00007fb10f1d5fa0 RCX: 00007fb10efae929 [ 279.546457][T14417] RDX: 0000000020000000 RSI: 0000200000001200 RDI: 0000000000000004 [ 279.546469][T14417] RBP: 00007fb10d617090 R08: 0000000000000000 R09: 0000000000000000 [ 279.546520][T14417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 279.546533][T14417] R13: 0000000000000000 R14: 00007fb10f1d5fa0 R15: 00007ffc36d7c428 [ 279.546551][T14417] [ 279.941909][T14431] bond1: (slave veth0_to_bond): Releasing active interface [ 279.975915][T14431] bond1: (slave veth3): Releasing active interface [ 279.983343][T14431] bond1: (slave veth3): the permanent HWaddr of slave - c6:99:45:30:fe:e7 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 280.017871][T14431] bond1: (slave vlan2): Releasing active interface [ 280.023550][T14419] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3896'. [ 280.026047][T14431] vlan2: left promiscuous mode [ 280.045007][T14431] veth1: left promiscuous mode [ 280.254167][T14443] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3906'. [ 280.276214][T14445] FAULT_INJECTION: forcing a failure. [ 280.276214][T14445] name failslab, interval 1, probability 0, space 0, times 0 [ 280.291731][T14445] CPU: 0 UID: 0 PID: 14445 Comm: syz.6.3907 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 280.291781][T14445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 280.291800][T14445] Call Trace: [ 280.291810][T14445] [ 280.291820][T14445] __dump_stack+0x1d/0x30 [ 280.291848][T14445] dump_stack_lvl+0xe8/0x140 [ 280.291873][T14445] dump_stack+0x15/0x1b [ 280.291906][T14445] should_fail_ex+0x265/0x280 [ 280.292031][T14445] should_failslab+0x8c/0xb0 [ 280.292061][T14445] __kmalloc_node_track_caller_noprof+0xa4/0x410 [ 280.292101][T14445] ? sidtab_sid2str_get+0xa0/0x130 [ 280.292145][T14445] kmemdup_noprof+0x2b/0x70 [ 280.292176][T14445] sidtab_sid2str_get+0xa0/0x130 [ 280.292263][T14445] security_sid_to_context_core+0x1eb/0x2e0 [ 280.292300][T14445] security_sid_to_context+0x27/0x40 [ 280.292333][T14445] selinux_lsmprop_to_secctx+0x67/0xf0 [ 280.292467][T14445] security_lsmprop_to_secctx+0x43/0x80 [ 280.292586][T14445] audit_log_task_context+0x77/0x190 [ 280.292633][T14445] audit_log_task+0xf4/0x250 [ 280.293239][T14445] audit_seccomp+0x61/0x100 [ 280.293352][T14445] ? __seccomp_filter+0x68c/0x10d0 [ 280.293542][T14445] __seccomp_filter+0x69d/0x10d0 [ 280.293575][T14445] ? save_fpregs_to_fpstate+0x100/0x160 [ 280.293606][T14445] ? _raw_spin_unlock+0x26/0x50 [ 280.293639][T14445] __secure_computing+0x82/0x150 [ 280.293755][T14445] syscall_trace_enter+0xcf/0x1e0 [ 280.293788][T14445] do_syscall_64+0xac/0x200 [ 280.293829][T14445] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 280.293874][T14445] ? clear_bhb_loop+0x40/0x90 [ 280.294025][T14445] ? clear_bhb_loop+0x40/0x90 [ 280.294055][T14445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.294083][T14445] RIP: 0033:0x7fb10efa58e7 [ 280.294103][T14445] Code: 0b e9 68 fe ff ff 48 83 c4 18 48 8d 3d b2 6f d6 00 5b 5d 41 5c 41 5d 41 5e 41 5f e9 13 f8 fb ff 0f 1f 00 b8 27 00 00 00 0f 05 0f 1f 84 00 00 00 00 00 b8 6e 00 00 00 0f 05 c3 0f 1f 84 00 00 [ 280.294177][T14445] RSP: 002b:00007fb10d616a48 EFLAGS: 00000206 ORIG_RAX: 0000000000000027 [ 280.294203][T14445] RAX: ffffffffffffffda RBX: 00007fb10d616bb0 RCX: 00007fb10efa58e7 [ 280.294230][T14445] RDX: 00007fb10d616a80 RSI: 00007fb10d616bb0 RDI: 0000000000000021 [ 280.294245][T14445] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fb10d616df7 [ 280.294262][T14445] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 280.294279][T14445] R13: 0000000000000000 R14: 00007fb10f1d5fa0 R15: 00007ffc36d7c428 [ 280.294302][T14445] [ 280.738961][T14469] xt_hashlimit: max too large, truncated to 1048576 [ 280.884644][T14486] netlink: 'syz.0.3923': attribute type 10 has an invalid length. [ 280.893942][T14486] batman_adv: batadv0: Adding interface: team0 [ 280.900534][T14486] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.928257][T14486] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 280.982443][T14491] veth1_to_bond: entered allmulticast mode [ 280.984145][T14491] veth1_to_bond: entered promiscuous mode [ 281.014587][T14491] veth1_to_bond: left promiscuous mode [ 281.014691][T14491] veth1_to_bond: left allmulticast mode [ 281.178142][T14511] veth1_to_bond: entered allmulticast mode [ 281.187692][T14511] veth1_to_bond: entered promiscuous mode [ 281.196917][T14511] veth1_to_bond: left promiscuous mode [ 281.203359][T14511] veth1_to_bond: left allmulticast mode [ 281.409770][T14543] veth1_to_bond: entered allmulticast mode [ 281.417440][T14543] veth1_to_bond: entered promiscuous mode [ 281.427079][T14543] veth1_to_bond: left promiscuous mode [ 281.434132][T14543] veth1_to_bond: left allmulticast mode [ 281.485559][T14555] __nla_validate_parse: 3 callbacks suppressed [ 281.485580][T14555] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3949'. [ 281.536689][T14558] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3949'. [ 281.674897][T14574] FAULT_INJECTION: forcing a failure. [ 281.674897][T14574] name failslab, interval 1, probability 0, space 0, times 0 [ 281.689250][T14574] CPU: 0 UID: 0 PID: 14574 Comm: syz.0.3954 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 281.689362][T14574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 281.689379][T14574] Call Trace: [ 281.689388][T14574] [ 281.689399][T14574] __dump_stack+0x1d/0x30 [ 281.689432][T14574] dump_stack_lvl+0xe8/0x140 [ 281.689459][T14574] dump_stack+0x15/0x1b [ 281.689535][T14574] should_fail_ex+0x265/0x280 [ 281.689591][T14574] should_failslab+0x8c/0xb0 [ 281.689624][T14574] kmem_cache_alloc_lru_noprof+0x55/0x310 [ 281.689711][T14574] ? __d_alloc+0x3d/0x350 [ 281.689749][T14574] __d_alloc+0x3d/0x350 [ 281.689777][T14574] ? mpol_shared_policy_init+0xbd/0x4c0 [ 281.689812][T14574] d_alloc_pseudo+0x1e/0x80 [ 281.689928][T14574] alloc_file_pseudo+0x71/0x160 [ 281.689970][T14574] __shmem_file_setup+0x1de/0x210 [ 281.690015][T14574] shmem_file_setup+0x3b/0x50 [ 281.690088][T14574] __se_sys_memfd_create+0x2c3/0x590 [ 281.690215][T14574] __x64_sys_memfd_create+0x31/0x40 [ 281.690278][T14574] x64_sys_call+0x122f/0x2fb0 [ 281.690350][T14574] do_syscall_64+0xd2/0x200 [ 281.690380][T14574] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 281.690425][T14574] ? clear_bhb_loop+0x40/0x90 [ 281.690454][T14574] ? clear_bhb_loop+0x40/0x90 [ 281.690485][T14574] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.690544][T14574] RIP: 0033:0x7f492087e929 [ 281.690564][T14574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.690651][T14574] RSP: 002b:00007f491eec5e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 281.690677][T14574] RAX: ffffffffffffffda RBX: 0000000000000438 RCX: 00007f492087e929 [ 281.690694][T14574] RDX: 00007f491eec5ef0 RSI: 0000000000000000 RDI: 00007f49209014cc [ 281.690711][T14574] RBP: 0000200000000580 R08: 00007f491eec5bb7 R09: 00007f491eec5e40 [ 281.690791][T14574] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000001c0 [ 281.690809][T14574] R13: 00007f491eec5ef0 R14: 00007f491eec5eb0 R15: 0000200000000c80 [ 281.690836][T14574] [ 281.976150][T14581] veth1_to_bond: entered allmulticast mode [ 281.984735][T14581] veth1_to_bond: entered promiscuous mode [ 281.995588][T14581] veth1_to_bond: left promiscuous mode [ 282.001787][T14581] veth1_to_bond: left allmulticast mode [ 282.057072][T14589] FAULT_INJECTION: forcing a failure. [ 282.057072][T14589] name failslab, interval 1, probability 0, space 0, times 0 [ 282.070882][T14589] CPU: 1 UID: 0 PID: 14589 Comm: syz.3.3961 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 282.070963][T14589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 282.070978][T14589] Call Trace: [ 282.070988][T14589] [ 282.070999][T14589] __dump_stack+0x1d/0x30 [ 282.071080][T14589] dump_stack_lvl+0xe8/0x140 [ 282.071105][T14589] dump_stack+0x15/0x1b [ 282.071122][T14589] should_fail_ex+0x265/0x280 [ 282.071176][T14589] should_failslab+0x8c/0xb0 [ 282.071206][T14589] kmem_cache_alloc_lru_noprof+0x55/0x310 [ 282.071243][T14589] ? __d_alloc+0x3d/0x350 [ 282.071325][T14589] __d_alloc+0x3d/0x350 [ 282.071353][T14589] ? mpol_shared_policy_init+0xbd/0x4c0 [ 282.071398][T14589] d_alloc_pseudo+0x1e/0x80 [ 282.071455][T14589] alloc_file_pseudo+0x71/0x160 [ 282.071494][T14589] __shmem_file_setup+0x1de/0x210 [ 282.071537][T14589] shmem_file_setup+0x3b/0x50 [ 282.071572][T14589] __se_sys_memfd_create+0x2c3/0x590 [ 282.071698][T14589] __x64_sys_memfd_create+0x31/0x40 [ 282.071762][T14589] x64_sys_call+0x122f/0x2fb0 [ 282.071863][T14589] do_syscall_64+0xd2/0x200 [ 282.071887][T14589] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 282.071934][T14589] ? clear_bhb_loop+0x40/0x90 [ 282.071959][T14589] ? clear_bhb_loop+0x40/0x90 [ 282.071981][T14589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.072003][T14589] RIP: 0033:0x7f2aee09e929 [ 282.072018][T14589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.072055][T14589] RSP: 002b:00007f2aec706e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 282.072075][T14589] RAX: ffffffffffffffda RBX: 000000000000044a RCX: 00007f2aee09e929 [ 282.072089][T14589] RDX: 00007f2aec706ef0 RSI: 0000000000000000 RDI: 00007f2aee1214cc [ 282.072106][T14589] RBP: 0000200000000400 R08: 00007f2aec706bb7 R09: 00007f2aec706e40 [ 282.072123][T14589] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000001c0 [ 282.072139][T14589] R13: 00007f2aec706ef0 R14: 00007f2aec706eb0 R15: 0000200000000000 [ 282.072165][T14589] [ 282.360387][T14598] veth1_to_bond: entered allmulticast mode [ 282.368780][T14598] veth1_to_bond: entered promiscuous mode [ 282.376879][T14598] veth1_to_bond: left promiscuous mode [ 282.383332][T14598] veth1_to_bond: left allmulticast mode [ 282.623901][T14625] FAULT_INJECTION: forcing a failure. [ 282.623901][T14625] name failslab, interval 1, probability 0, space 0, times 0 [ 282.637770][T14625] CPU: 0 UID: 0 PID: 14625 Comm: syz.5.3977 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 282.637797][T14625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 282.637810][T14625] Call Trace: [ 282.637816][T14625] [ 282.637824][T14625] __dump_stack+0x1d/0x30 [ 282.637843][T14625] dump_stack_lvl+0xe8/0x140 [ 282.637860][T14625] dump_stack+0x15/0x1b [ 282.637875][T14625] should_fail_ex+0x265/0x280 [ 282.637949][T14625] should_failslab+0x8c/0xb0 [ 282.637971][T14625] kmem_cache_alloc_noprof+0x50/0x310 [ 282.638005][T14625] ? alloc_empty_file+0x76/0x200 [ 282.638029][T14625] ? fast_dput+0x44/0x2c0 [ 282.638050][T14625] alloc_empty_file+0x76/0x200 [ 282.638075][T14625] dentry_open+0x2d/0x90 [ 282.638121][T14625] ptm_open_peer+0x113/0x180 [ 282.638148][T14625] tty_ioctl+0x3bc/0xb80 [ 282.638246][T14625] ? __pfx_tty_ioctl+0x10/0x10 [ 282.638358][T14625] __se_sys_ioctl+0xce/0x140 [ 282.638388][T14625] __x64_sys_ioctl+0x43/0x50 [ 282.638497][T14625] x64_sys_call+0x19a8/0x2fb0 [ 282.638516][T14625] do_syscall_64+0xd2/0x200 [ 282.638536][T14625] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 282.638590][T14625] ? clear_bhb_loop+0x40/0x90 [ 282.638610][T14625] ? clear_bhb_loop+0x40/0x90 [ 282.638733][T14625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.638753][T14625] RIP: 0033:0x7f12d038e929 [ 282.638767][T14625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.638783][T14625] RSP: 002b:00007f12ce9f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 282.638873][T14625] RAX: ffffffffffffffda RBX: 00007f12d05b5fa0 RCX: 00007f12d038e929 [ 282.638884][T14625] RDX: 0000000000000007 RSI: 0000000000005441 RDI: 0000000000000007 [ 282.638933][T14625] RBP: 00007f12ce9f7090 R08: 0000000000000000 R09: 0000000000000000 [ 282.638944][T14625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 282.638955][T14625] R13: 0000000000000000 R14: 00007f12d05b5fa0 R15: 00007fff955d7b08 [ 282.638973][T14625] [ 282.878679][T14623] veth1_to_bond: entered allmulticast mode [ 282.895903][T14626] veth1_to_bond: entered promiscuous mode [ 282.903387][T14626] veth1_to_bond: left promiscuous mode [ 282.909291][T14626] veth1_to_bond: left allmulticast mode [ 282.948546][T14628] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3972'. [ 283.023751][T14636] @: renamed from vlan0 (while UP) [ 283.128258][T14649] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3985'. [ 283.179427][ T29] kauditd_printk_skb: 775 callbacks suppressed [ 283.179463][ T29] audit: type=1400 audit(1749614716.835:25189): avc: denied { read write } for pid=14652 comm="syz.5.3988" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 283.212409][ T29] audit: type=1400 audit(1749614716.835:25190): avc: denied { open } for pid=14652 comm="syz.5.3988" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 283.255887][ T29] audit: type=1326 audit(1749614716.855:25191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14653 comm="syz.3.3987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 283.281894][ T29] audit: type=1326 audit(1749614716.855:25192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14653 comm="syz.3.3987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 283.310333][ T29] audit: type=1326 audit(1749614716.855:25193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14653 comm="syz.3.3987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 283.338678][ T29] audit: type=1326 audit(1749614716.855:25194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14653 comm="syz.3.3987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 283.371893][ T29] audit: type=1326 audit(1749614716.855:25195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14653 comm="syz.3.3987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 283.398564][ T29] audit: type=1326 audit(1749614716.855:25196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14653 comm="syz.3.3987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 283.424558][ T29] audit: type=1326 audit(1749614716.855:25197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14653 comm="syz.3.3987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 283.451448][ T29] audit: type=1326 audit(1749614716.865:25198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14653 comm="syz.3.3987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 283.477089][ T3489] usb 1-1: enqueue for inactive port 0 [ 283.483242][ T3489] usb 1-1: enqueue for inactive port 0 [ 283.544643][T14669] veth1_to_bond: entered allmulticast mode [ 283.557720][T14669] veth1_to_bond: entered promiscuous mode [ 283.565484][T14669] veth1_to_bond: left promiscuous mode [ 283.571771][T14669] veth1_to_bond: left allmulticast mode [ 283.572391][T14672] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 283.587780][ T3489] vhci_hcd: vhci_device speed not set [ 283.637047][T14678] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3993'. [ 283.684730][T14677] FAULT_INJECTION: forcing a failure. [ 283.684730][T14677] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 283.700789][T14677] CPU: 1 UID: 0 PID: 14677 Comm: syz.5.3998 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 283.700821][T14677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 283.700838][T14677] Call Trace: [ 283.700855][T14677] [ 283.700872][T14677] __dump_stack+0x1d/0x30 [ 283.700945][T14677] dump_stack_lvl+0xe8/0x140 [ 283.701101][T14677] dump_stack+0x15/0x1b [ 283.701131][T14677] should_fail_ex+0x265/0x280 [ 283.701175][T14677] should_fail+0xb/0x20 [ 283.701297][T14677] should_fail_usercopy+0x1a/0x20 [ 283.701325][T14677] _copy_from_user+0x1c/0xb0 [ 283.701358][T14677] __sys_bpf+0x178/0x790 [ 283.701414][T14677] __x64_sys_bpf+0x41/0x50 [ 283.701450][T14677] x64_sys_call+0x2478/0x2fb0 [ 283.701479][T14677] do_syscall_64+0xd2/0x200 [ 283.701582][T14677] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 283.701617][T14677] ? clear_bhb_loop+0x40/0x90 [ 283.701696][T14677] ? clear_bhb_loop+0x40/0x90 [ 283.701725][T14677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.701754][T14677] RIP: 0033:0x7f12d038e929 [ 283.701773][T14677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.701833][T14677] RSP: 002b:00007f12ce9f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 283.701897][T14677] RAX: ffffffffffffffda RBX: 00007f12d05b5fa0 RCX: 00007f12d038e929 [ 283.701910][T14677] RDX: 0000000000000050 RSI: 0000200000000840 RDI: 0000000000000000 [ 283.701923][T14677] RBP: 00007f12ce9f7090 R08: 0000000000000000 R09: 0000000000000000 [ 283.701937][T14677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 283.701954][T14677] R13: 0000000000000000 R14: 00007f12d05b5fa0 R15: 00007fff955d7b08 [ 283.701979][T14677] [ 283.937071][T14689] FAULT_INJECTION: forcing a failure. [ 283.937071][T14689] name failslab, interval 1, probability 0, space 0, times 0 [ 283.950884][T14689] CPU: 0 UID: 0 PID: 14689 Comm: syz.5.4001 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 283.950916][T14689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 283.950931][T14689] Call Trace: [ 283.950939][T14689] [ 283.950948][T14689] __dump_stack+0x1d/0x30 [ 283.950971][T14689] dump_stack_lvl+0xe8/0x140 [ 283.950992][T14689] dump_stack+0x15/0x1b [ 283.951077][T14689] should_fail_ex+0x265/0x280 [ 283.951156][T14689] ? allocate_file_region_entries+0xd2/0x310 [ 283.951184][T14689] should_failslab+0x8c/0xb0 [ 283.951209][T14689] __kmalloc_cache_noprof+0x4c/0x320 [ 283.951340][T14689] ? __pfx_workingset_update_node+0x10/0x10 [ 283.951364][T14689] allocate_file_region_entries+0xd2/0x310 [ 283.951396][T14689] region_chg+0x232/0x2d0 [ 283.951429][T14689] alloc_hugetlb_folio+0x312/0x1070 [ 283.951467][T14689] hugetlb_fault+0xd0f/0x1be0 [ 283.951506][T14689] ? css_rstat_updated+0xcd/0x5b0 [ 283.951563][T14689] handle_mm_fault+0x1861/0x2be0 [ 283.951591][T14689] ? mt_find+0x200/0x320 [ 283.951616][T14689] ? try_grab_folio+0x75/0x170 [ 283.951636][T14689] ? down_read+0x77/0xe0 [ 283.951664][T14689] __get_user_pages+0x1036/0x1fb0 [ 283.951698][T14689] __mm_populate+0x243/0x3a0 [ 283.951723][T14689] do_mlock+0x47f/0x520 [ 283.951752][T14689] ? fput+0x8f/0xc0 [ 283.951780][T14689] ? ksys_write+0x192/0x1a0 [ 283.951880][T14689] __x64_sys_mlock+0x36/0x50 [ 283.951911][T14689] x64_sys_call+0x28f4/0x2fb0 [ 283.951934][T14689] do_syscall_64+0xd2/0x200 [ 283.951957][T14689] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 283.951985][T14689] ? clear_bhb_loop+0x40/0x90 [ 283.952035][T14689] ? clear_bhb_loop+0x40/0x90 [ 283.952059][T14689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.952092][T14689] RIP: 0033:0x7f12d038e929 [ 283.952110][T14689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.952130][T14689] RSP: 002b:00007f12ce9f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 283.952151][T14689] RAX: ffffffffffffffda RBX: 00007f12d05b5fa0 RCX: 00007f12d038e929 [ 283.952197][T14689] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000000000 [ 283.952210][T14689] RBP: 00007f12ce9f7090 R08: 0000000000000000 R09: 0000000000000000 [ 283.952224][T14689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 283.952306][T14689] R13: 0000000000000000 R14: 00007f12d05b5fa0 R15: 00007fff955d7b08 [ 283.952327][T14689] [ 284.423370][T14705] batman_adv: batadv0: Removing interface: team0 [ 284.706497][T14727] xt_hashlimit: size too large, truncated to 1048576 [ 284.741591][T14731] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4019'. [ 284.953167][T14751] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4027'. [ 284.989035][T14758] veth1_to_bond: entered allmulticast mode [ 284.995827][T14758] veth1_to_bond: entered promiscuous mode [ 285.006803][T14758] veth1_to_bond: left promiscuous mode [ 285.013834][T14758] veth1_to_bond: left allmulticast mode [ 285.058068][T14763] netlink: 76 bytes leftover after parsing attributes in process `syz.0.4032'. [ 285.070636][T14763] FAULT_INJECTION: forcing a failure. [ 285.070636][T14763] name failslab, interval 1, probability 0, space 0, times 0 [ 285.084732][T14763] CPU: 1 UID: 0 PID: 14763 Comm: syz.0.4032 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 285.084791][T14763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 285.084887][T14763] Call Trace: [ 285.084897][T14763] [ 285.084907][T14763] __dump_stack+0x1d/0x30 [ 285.084933][T14763] dump_stack_lvl+0xe8/0x140 [ 285.084952][T14763] dump_stack+0x15/0x1b [ 285.085063][T14763] should_fail_ex+0x265/0x280 [ 285.085109][T14763] should_failslab+0x8c/0xb0 [ 285.085133][T14763] kmem_cache_alloc_node_noprof+0x57/0x320 [ 285.085166][T14763] ? __alloc_skb+0x101/0x320 [ 285.085256][T14763] __alloc_skb+0x101/0x320 [ 285.085298][T14763] netlink_ack+0xfd/0x500 [ 285.085330][T14763] netlink_rcv_skb+0x192/0x220 [ 285.085405][T14763] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 285.085443][T14763] rtnetlink_rcv+0x1c/0x30 [ 285.085544][T14763] netlink_unicast+0x5a1/0x670 [ 285.085665][T14763] netlink_sendmsg+0x58b/0x6b0 [ 285.085697][T14763] ? __pfx_netlink_sendmsg+0x10/0x10 [ 285.085726][T14763] __sock_sendmsg+0x142/0x180 [ 285.085755][T14763] ____sys_sendmsg+0x31e/0x4e0 [ 285.085780][T14763] ___sys_sendmsg+0x17b/0x1d0 [ 285.085977][T14763] __x64_sys_sendmsg+0xd4/0x160 [ 285.086009][T14763] x64_sys_call+0x2999/0x2fb0 [ 285.086034][T14763] do_syscall_64+0xd2/0x200 [ 285.086073][T14763] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 285.086107][T14763] ? clear_bhb_loop+0x40/0x90 [ 285.086209][T14763] ? clear_bhb_loop+0x40/0x90 [ 285.086249][T14763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.086271][T14763] RIP: 0033:0x7f492087e929 [ 285.086287][T14763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.086370][T14763] RSP: 002b:00007f491eee7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 285.086395][T14763] RAX: ffffffffffffffda RBX: 00007f4920aa5fa0 RCX: 00007f492087e929 [ 285.086411][T14763] RDX: 00000000000048c0 RSI: 0000200000000240 RDI: 0000000000000005 [ 285.086428][T14763] RBP: 00007f491eee7090 R08: 0000000000000000 R09: 0000000000000000 [ 285.086443][T14763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 285.086456][T14763] R13: 0000000000000000 R14: 00007f4920aa5fa0 R15: 00007ffd4a6f8458 [ 285.086530][T14763] [ 285.461415][T14783] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4040'. [ 285.514809][T14785] veth1_to_bond: entered allmulticast mode [ 285.522260][T14785] veth1_to_bond: entered promiscuous mode [ 285.547205][T14787] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4042'. [ 285.555306][T14785] veth1_to_bond: left promiscuous mode [ 285.563500][T14785] veth1_to_bond: left allmulticast mode [ 285.636398][T14794] FAULT_INJECTION: forcing a failure. [ 285.636398][T14794] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 285.652667][T14794] CPU: 0 UID: 0 PID: 14794 Comm: syz.6.4045 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 285.652706][T14794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 285.652724][T14794] Call Trace: [ 285.652733][T14794] [ 285.652745][T14794] __dump_stack+0x1d/0x30 [ 285.652768][T14794] dump_stack_lvl+0xe8/0x140 [ 285.652787][T14794] dump_stack+0x15/0x1b [ 285.652826][T14794] should_fail_ex+0x265/0x280 [ 285.652894][T14794] should_fail+0xb/0x20 [ 285.652938][T14794] should_fail_usercopy+0x1a/0x20 [ 285.652970][T14794] _copy_from_user+0x1c/0xb0 [ 285.653076][T14794] ___sys_sendmsg+0xc1/0x1d0 [ 285.653120][T14794] __x64_sys_sendmsg+0xd4/0x160 [ 285.653174][T14794] x64_sys_call+0x2999/0x2fb0 [ 285.653202][T14794] do_syscall_64+0xd2/0x200 [ 285.653284][T14794] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 285.653334][T14794] ? clear_bhb_loop+0x40/0x90 [ 285.653363][T14794] ? clear_bhb_loop+0x40/0x90 [ 285.653393][T14794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.653419][T14794] RIP: 0033:0x7fb10efae929 [ 285.653436][T14794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.653480][T14794] RSP: 002b:00007fb10d617038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 285.653506][T14794] RAX: ffffffffffffffda RBX: 00007fb10f1d5fa0 RCX: 00007fb10efae929 [ 285.653523][T14794] RDX: 0000000000000000 RSI: 0000200000000d80 RDI: 0000000000000003 [ 285.653540][T14794] RBP: 00007fb10d617090 R08: 0000000000000000 R09: 0000000000000000 [ 285.653622][T14794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 285.653638][T14794] R13: 0000000000000000 R14: 00007fb10f1d5fa0 R15: 00007ffc36d7c428 [ 285.653658][T14794] [ 286.025886][T14812] syzkaller0: entered promiscuous mode [ 286.031874][T14812] syzkaller0: entered allmulticast mode [ 286.070169][T14818] geneve0: entered allmulticast mode [ 286.223960][T14823] can: request_module (can-proto-0) failed. [ 286.366285][T14840] veth1_to_bond: entered allmulticast mode [ 286.374256][T14840] veth1_to_bond: entered promiscuous mode [ 286.385552][T14840] veth1_to_bond: left promiscuous mode [ 286.392300][T14840] veth1_to_bond: left allmulticast mode [ 286.419480][T14843] veth1_to_bond: entered allmulticast mode [ 286.444341][T14843] veth1_to_bond: entered promiscuous mode [ 286.456340][T14843] veth1_to_bond: left promiscuous mode [ 286.462980][T14843] veth1_to_bond: left allmulticast mode [ 286.570339][T14857] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 286.610913][T14859] __nla_validate_parse: 4 callbacks suppressed [ 286.610932][T14859] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4072'. [ 286.691049][T14868] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4076'. [ 286.717622][T14868] netlink: 'syz.0.4076': attribute type 13 has an invalid length. [ 286.727488][T14873] veth1_to_bond: entered allmulticast mode [ 286.735686][T14868] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4076'. [ 286.751673][T14873] veth1_to_bond: entered promiscuous mode [ 286.767815][T14873] veth1_to_bond: left promiscuous mode [ 286.774345][T14873] veth1_to_bond: left allmulticast mode [ 286.868671][T14888] netlink: 'syz.5.4085': attribute type 2 has an invalid length. [ 286.877757][T14888] netlink: 132 bytes leftover after parsing attributes in process `syz.5.4085'. [ 286.914509][T14898] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4084'. [ 286.925567][T14889] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4081'. [ 286.942117][T14895] tipc: Started in network mode [ 286.947938][T14895] tipc: Node identity 22ff816fafa1, cluster identity 4711 [ 286.956203][T14895] tipc: Enabled bearer , priority 0 [ 286.966887][T14889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 286.976947][T14889] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 286.990570][T14900] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4087'. [ 287.025314][T14895] sg_write: data in/out 2012/14 bytes for SCSI command 0x0-- guessing data in; [ 287.025314][T14895] program syz.6.4086 not setting count and/or reply_len properly [ 287.048168][T14894] tipc: Resetting bearer [ 287.082912][T14894] tipc: Disabling bearer [ 287.213259][T14913] veth1_to_bond: entered allmulticast mode [ 287.219978][T14913] veth1_to_bond: entered promiscuous mode [ 287.226891][T14916] veth1_to_bond: entered allmulticast mode [ 287.234827][T14916] veth1_to_bond: entered promiscuous mode [ 287.241239][T14913] veth1_to_bond: left promiscuous mode [ 287.248104][T14913] veth1_to_bond: left allmulticast mode [ 287.268091][T14916] veth1_to_bond: left promiscuous mode [ 287.274608][T14916] veth1_to_bond: left allmulticast mode [ 287.288783][T14918] veth1_to_bond: entered allmulticast mode [ 287.296666][T14918] veth1_to_bond: entered promiscuous mode [ 287.307124][T14918] veth1_to_bond: left promiscuous mode [ 287.313918][T14918] veth1_to_bond: left allmulticast mode [ 287.374413][T14923] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4096'. [ 287.439572][T14927] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4099'. [ 287.777138][T14944] veth1_to_bond: entered allmulticast mode [ 287.785346][T14944] veth1_to_bond: entered promiscuous mode [ 287.795135][T14944] veth1_to_bond: left promiscuous mode [ 287.802359][T14944] veth1_to_bond: left allmulticast mode [ 288.208270][ T29] kauditd_printk_skb: 1009 callbacks suppressed [ 288.208288][ T29] audit: type=1400 audit(1749614721.865:26208): avc: denied { create } for pid=14964 comm="syz.3.4114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 288.237312][T14968] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4114'. [ 288.257378][ T29] audit: type=1400 audit(1749614721.915:26209): avc: denied { create } for pid=14964 comm="syz.3.4114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 288.282410][ T29] audit: type=1326 audit(1749614721.945:26210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14971 comm="syz.5.4115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d038e929 code=0x7ffc0000 [ 288.309541][ T29] audit: type=1326 audit(1749614721.945:26211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14971 comm="syz.5.4115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7f12d038e929 code=0x7ffc0000 [ 288.335374][ T29] audit: type=1326 audit(1749614721.955:26212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14971 comm="syz.5.4115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d038e929 code=0x7ffc0000 [ 288.361745][ T29] audit: type=1326 audit(1749614721.955:26213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14971 comm="syz.5.4115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d038e929 code=0x7ffc0000 [ 288.589557][ T29] audit: type=1326 audit(1749614722.245:26214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14984 comm="syz.6.4120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb10efae929 code=0x7ffc0000 [ 288.617419][ T29] audit: type=1326 audit(1749614722.245:26215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14984 comm="syz.6.4120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb10efae929 code=0x7ffc0000 [ 288.645265][ T29] audit: type=1326 audit(1749614722.245:26216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14984 comm="syz.6.4120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb10efae929 code=0x7ffc0000 [ 288.671272][ T29] audit: type=1326 audit(1749614722.245:26217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14984 comm="syz.6.4120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb10efae929 code=0x7ffc0000 [ 288.675439][T14987] FAULT_INJECTION: forcing a failure. [ 288.675439][T14987] name failslab, interval 1, probability 0, space 0, times 0 [ 288.711369][T14987] CPU: 0 UID: 0 PID: 14987 Comm: syz.6.4121 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 288.711423][T14987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 288.711436][T14987] Call Trace: [ 288.711442][T14987] [ 288.711449][T14987] __dump_stack+0x1d/0x30 [ 288.711469][T14987] dump_stack_lvl+0xe8/0x140 [ 288.711486][T14987] dump_stack+0x15/0x1b [ 288.711564][T14987] should_fail_ex+0x265/0x280 [ 288.711596][T14987] should_failslab+0x8c/0xb0 [ 288.711696][T14987] kmem_cache_alloc_lru_noprof+0x55/0x310 [ 288.711734][T14987] ? __d_alloc+0x3d/0x350 [ 288.711760][T14987] __d_alloc+0x3d/0x350 [ 288.711785][T14987] d_alloc+0x2e/0x100 [ 288.711809][T14987] lookup_one_qstr_excl_raw+0x95/0x1b0 [ 288.711890][T14987] do_renameat2+0x3e0/0xab0 [ 288.711923][T14987] __x64_sys_renameat2+0x7e/0x90 [ 288.711999][T14987] x64_sys_call+0x2bf6/0x2fb0 [ 288.712075][T14987] do_syscall_64+0xd2/0x200 [ 288.712095][T14987] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 288.712119][T14987] ? clear_bhb_loop+0x40/0x90 [ 288.712139][T14987] ? clear_bhb_loop+0x40/0x90 [ 288.712212][T14987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.712232][T14987] RIP: 0033:0x7fb10efae929 [ 288.712294][T14987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 288.712312][T14987] RSP: 002b:00007fb10d617038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 288.712329][T14987] RAX: ffffffffffffffda RBX: 00007fb10f1d5fa0 RCX: 00007fb10efae929 [ 288.712340][T14987] RDX: ffffffffffffff9c RSI: 00002000000007c0 RDI: ffffffffffffff9c [ 288.712382][T14987] RBP: 00007fb10d617090 R08: 0000000000000004 R09: 0000000000000000 [ 288.712395][T14987] R10: 00002000000005c0 R11: 0000000000000246 R12: 0000000000000001 [ 288.712411][T14987] R13: 0000000000000000 R14: 00007fb10f1d5fa0 R15: 00007ffc36d7c428 [ 288.712436][T14987] [ 289.084244][T15002] veth1_to_bond: entered allmulticast mode [ 289.092375][T15002] veth1_to_bond: entered promiscuous mode [ 289.100793][T15002] veth1_to_bond: left promiscuous mode [ 289.106660][T15002] veth1_to_bond: left allmulticast mode [ 289.500343][T15041] FAULT_INJECTION: forcing a failure. [ 289.500343][T15041] name failslab, interval 1, probability 0, space 0, times 0 [ 289.516594][T15041] CPU: 1 UID: 0 PID: 15041 Comm: syz.4.4144 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 289.516633][T15041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 289.516688][T15041] Call Trace: [ 289.516694][T15041] [ 289.516715][T15041] __dump_stack+0x1d/0x30 [ 289.516742][T15041] dump_stack_lvl+0xe8/0x140 [ 289.516771][T15041] dump_stack+0x15/0x1b [ 289.516793][T15041] should_fail_ex+0x265/0x280 [ 289.516849][T15041] should_failslab+0x8c/0xb0 [ 289.516880][T15041] __kmalloc_noprof+0xa5/0x3e0 [ 289.516914][T15041] ? sk_prot_alloc+0xa8/0x190 [ 289.516942][T15041] sk_prot_alloc+0xa8/0x190 [ 289.516966][T15041] sk_alloc+0x34/0x360 [ 289.517047][T15041] xsk_create+0xc6/0x3c0 [ 289.517073][T15041] __sock_create+0x2ec/0x5b0 [ 289.517193][T15041] __sys_socket+0xb0/0x180 [ 289.517226][T15041] __x64_sys_socket+0x3f/0x50 [ 289.517255][T15041] x64_sys_call+0x285a/0x2fb0 [ 289.517334][T15041] do_syscall_64+0xd2/0x200 [ 289.517361][T15041] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 289.517432][T15041] ? clear_bhb_loop+0x40/0x90 [ 289.517454][T15041] ? clear_bhb_loop+0x40/0x90 [ 289.517483][T15041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.517504][T15041] RIP: 0033:0x7f3d6151e929 [ 289.517597][T15041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.517637][T15041] RSP: 002b:00007f3d5fb87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 289.517670][T15041] RAX: ffffffffffffffda RBX: 00007f3d61745fa0 RCX: 00007f3d6151e929 [ 289.517687][T15041] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 000000000000002c [ 289.517703][T15041] RBP: 00007f3d5fb87090 R08: 0000000000000000 R09: 0000000000000000 [ 289.517719][T15041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 289.517745][T15041] R13: 0000000000000000 R14: 00007f3d61745fa0 R15: 00007ffd21b95f98 [ 289.517766][T15041] [ 289.835543][T15053] FAULT_INJECTION: forcing a failure. [ 289.835543][T15053] name failslab, interval 1, probability 0, space 0, times 0 [ 289.850343][T15053] CPU: 0 UID: 0 PID: 15053 Comm: syz.0.4150 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 289.850379][T15053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 289.850397][T15053] Call Trace: [ 289.850407][T15053] [ 289.850418][T15053] __dump_stack+0x1d/0x30 [ 289.850446][T15053] dump_stack_lvl+0xe8/0x140 [ 289.850535][T15053] dump_stack+0x15/0x1b [ 289.850552][T15053] should_fail_ex+0x265/0x280 [ 289.850602][T15053] should_failslab+0x8c/0xb0 [ 289.850633][T15053] kmem_cache_alloc_noprof+0x50/0x310 [ 289.850670][T15053] ? security_file_alloc+0x32/0x100 [ 289.850698][T15053] security_file_alloc+0x32/0x100 [ 289.850720][T15053] init_file+0x5c/0x1d0 [ 289.850819][T15053] alloc_empty_file+0x8b/0x200 [ 289.850861][T15053] alloc_file_pseudo+0xc6/0x160 [ 289.850903][T15053] __shmem_file_setup+0x1de/0x210 [ 289.850940][T15053] shmem_file_setup+0x3b/0x50 [ 289.851050][T15053] __se_sys_memfd_create+0x2c3/0x590 [ 289.851131][T15053] __x64_sys_memfd_create+0x31/0x40 [ 289.851175][T15053] x64_sys_call+0x122f/0x2fb0 [ 289.851202][T15053] do_syscall_64+0xd2/0x200 [ 289.851247][T15053] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 289.851278][T15053] ? clear_bhb_loop+0x40/0x90 [ 289.851306][T15053] ? clear_bhb_loop+0x40/0x90 [ 289.851336][T15053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.851366][T15053] RIP: 0033:0x7f492087e929 [ 289.851457][T15053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.851475][T15053] RSP: 002b:00007f491eee6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 289.851494][T15053] RAX: ffffffffffffffda RBX: 0000000000000a28 RCX: 00007f492087e929 [ 289.851511][T15053] RDX: 00007f491eee6ef0 RSI: 0000000000000000 RDI: 00007f49209014cc [ 289.851544][T15053] RBP: 0000200000000180 R08: 00007f491eee6bb7 R09: 00007f491eee6e40 [ 289.851561][T15053] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000 [ 289.851582][T15053] R13: 00007f491eee6ef0 R14: 00007f491eee6eb0 R15: 0000200000000cc0 [ 289.851607][T15053] [ 290.125925][T15055] veth1_to_bond: entered allmulticast mode [ 290.146818][T15055] veth1_to_bond: entered promiscuous mode [ 290.160384][T15055] veth1_to_bond: left promiscuous mode [ 290.166584][T15055] veth1_to_bond: left allmulticast mode [ 290.346523][T15090] FAULT_INJECTION: forcing a failure. [ 290.346523][T15090] name failslab, interval 1, probability 0, space 0, times 0 [ 290.360143][T15090] CPU: 0 UID: 0 PID: 15090 Comm: syz.6.4166 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 290.360179][T15090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 290.360196][T15090] Call Trace: [ 290.360204][T15090] [ 290.360214][T15090] __dump_stack+0x1d/0x30 [ 290.360238][T15090] dump_stack_lvl+0xe8/0x140 [ 290.360258][T15090] dump_stack+0x15/0x1b [ 290.360274][T15090] should_fail_ex+0x265/0x280 [ 290.360319][T15090] should_failslab+0x8c/0xb0 [ 290.360375][T15090] kmem_cache_alloc_noprof+0x50/0x310 [ 290.360410][T15090] ? getname_flags+0x80/0x3b0 [ 290.360449][T15090] getname_flags+0x80/0x3b0 [ 290.360490][T15090] __x64_sys_execve+0x42/0x70 [ 290.360509][T15090] x64_sys_call+0x13ab/0x2fb0 [ 290.360532][T15090] do_syscall_64+0xd2/0x200 [ 290.360558][T15090] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 290.360586][T15090] ? clear_bhb_loop+0x40/0x90 [ 290.360634][T15090] ? clear_bhb_loop+0x40/0x90 [ 290.360722][T15090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.360782][T15090] RIP: 0033:0x7fb10efae929 [ 290.360799][T15090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 290.360819][T15090] RSP: 002b:00007fb10d617038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 290.360839][T15090] RAX: ffffffffffffffda RBX: 00007fb10f1d5fa0 RCX: 00007fb10efae929 [ 290.360853][T15090] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 290.360866][T15090] RBP: 00007fb10d617090 R08: 0000000000000000 R09: 0000000000000000 [ 290.360923][T15090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 290.360985][T15090] R13: 0000000000000000 R14: 00007fb10f1d5fa0 R15: 00007ffc36d7c428 [ 290.361006][T15090] [ 290.390628][T15094] veth1_to_bond: entered allmulticast mode [ 290.587283][T15096] veth1_to_bond: entered promiscuous mode [ 290.594358][T15096] veth1_to_bond: left promiscuous mode [ 290.600641][T15096] veth1_to_bond: left allmulticast mode [ 290.747521][T15122] FAULT_INJECTION: forcing a failure. [ 290.747521][T15122] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 290.762316][T15122] CPU: 0 UID: 0 PID: 15122 Comm: syz.3.4177 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 290.762462][T15122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 290.762480][T15122] Call Trace: [ 290.762522][T15122] [ 290.762533][T15122] __dump_stack+0x1d/0x30 [ 290.762562][T15122] dump_stack_lvl+0xe8/0x140 [ 290.762632][T15122] dump_stack+0x15/0x1b [ 290.762655][T15122] should_fail_ex+0x265/0x280 [ 290.762696][T15122] should_fail+0xb/0x20 [ 290.762817][T15122] should_fail_usercopy+0x1a/0x20 [ 290.762839][T15122] _copy_to_user+0x20/0xa0 [ 290.762867][T15122] simple_read_from_buffer+0xb5/0x130 [ 290.762923][T15122] proc_fail_nth_read+0x100/0x140 [ 290.762953][T15122] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 290.762982][T15122] vfs_read+0x19d/0x6f0 [ 290.763014][T15122] ? __rcu_read_unlock+0x4f/0x70 [ 290.763044][T15122] ? __fget_files+0x184/0x1c0 [ 290.763078][T15122] ksys_read+0xda/0x1a0 [ 290.763119][T15122] __x64_sys_read+0x40/0x50 [ 290.763145][T15122] x64_sys_call+0x2d77/0x2fb0 [ 290.763204][T15122] do_syscall_64+0xd2/0x200 [ 290.763231][T15122] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 290.763272][T15122] ? clear_bhb_loop+0x40/0x90 [ 290.763302][T15122] ? clear_bhb_loop+0x40/0x90 [ 290.763397][T15122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.763421][T15122] RIP: 0033:0x7f2aee09d33c [ 290.763437][T15122] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 290.763458][T15122] RSP: 002b:00007f2aec707030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 290.763510][T15122] RAX: ffffffffffffffda RBX: 00007f2aee2c5fa0 RCX: 00007f2aee09d33c [ 290.763528][T15122] RDX: 000000000000000f RSI: 00007f2aec7070a0 RDI: 0000000000000003 [ 290.763544][T15122] RBP: 00007f2aec707090 R08: 0000000000000000 R09: 0000000000000000 [ 290.763562][T15122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 290.763578][T15122] R13: 0000000000000001 R14: 00007f2aee2c5fa0 R15: 00007ffdceae32d8 [ 290.763603][T15122] [ 291.066495][T15129] xt_hashlimit: size too large, truncated to 1048576 [ 291.480785][T15146] veth1_to_bond: entered allmulticast mode [ 291.487868][T15146] veth1_to_bond: entered promiscuous mode [ 291.505699][T15146] veth1_to_bond: left promiscuous mode [ 291.511756][T15146] veth1_to_bond: left allmulticast mode [ 291.676460][T15160] veth1_to_bond: entered allmulticast mode [ 291.691848][T15160] veth1_to_bond: entered promiscuous mode [ 291.708936][T15160] veth1_to_bond: left promiscuous mode [ 291.715317][T15160] veth1_to_bond: left allmulticast mode [ 291.811952][T15180] veth1_to_bond: entered allmulticast mode [ 291.824905][T15180] veth1_to_bond: entered promiscuous mode [ 291.849819][T15180] veth1_to_bond: left promiscuous mode [ 291.856045][T15180] veth1_to_bond: left allmulticast mode [ 291.874170][T15185] veth1_to_bond: entered allmulticast mode [ 291.882476][T15185] veth1_to_bond: entered promiscuous mode [ 291.902895][T15185] veth1_to_bond: left promiscuous mode [ 291.909207][T15185] veth1_to_bond: left allmulticast mode [ 292.076374][T15212] veth1_to_bond: entered allmulticast mode [ 292.083780][T15212] veth1_to_bond: entered promiscuous mode [ 292.093034][T15212] veth1_to_bond: left promiscuous mode [ 292.099646][T15212] veth1_to_bond: left allmulticast mode [ 292.228666][T15210] __nla_validate_parse: 3 callbacks suppressed [ 292.228682][T15210] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4211'. [ 292.264044][T15239] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4216'. [ 292.266595][T15240] veth1_to_bond: entered allmulticast mode [ 292.292700][T15240] veth1_to_bond: entered promiscuous mode [ 292.303667][T15240] veth1_to_bond: left promiscuous mode [ 292.310489][T15240] veth1_to_bond: left allmulticast mode [ 292.637188][T15256] veth1_to_bond: entered allmulticast mode [ 292.644528][T15256] veth1_to_bond: entered promiscuous mode [ 292.695982][T15256] veth1_to_bond: left promiscuous mode [ 292.702888][T15256] veth1_to_bond: left allmulticast mode [ 292.817065][T15273] veth1_to_bond: entered allmulticast mode [ 292.824820][T15273] veth1_to_bond: entered promiscuous mode [ 292.834639][T15273] veth1_to_bond: left promiscuous mode [ 292.841906][T15273] veth1_to_bond: left allmulticast mode [ 292.928572][T15280] netlink: 268 bytes leftover after parsing attributes in process `syz.6.4234'. [ 293.133996][T15302] veth1_to_bond: entered allmulticast mode [ 293.141699][T15302] veth1_to_bond: entered promiscuous mode [ 293.149991][T15302] veth1_to_bond: left promiscuous mode [ 293.156154][T15302] veth1_to_bond: left allmulticast mode [ 293.239581][ T29] kauditd_printk_skb: 1105 callbacks suppressed [ 293.239595][ T29] audit: type=1400 audit(1749614726.895:27323): avc: denied { bind } for pid=15309 comm="syz.4.4246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 293.292579][ T29] audit: type=1400 audit(1749614726.955:27324): avc: denied { mount } for pid=15313 comm="syz.4.4247" name="/" dev="configfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 293.319050][ T29] audit: type=1400 audit(1749614726.985:27325): avc: denied { search } for pid=15313 comm="syz.4.4247" name="/" dev="configfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 293.344353][ T29] audit: type=1400 audit(1749614726.985:27326): avc: denied { search } for pid=15313 comm="syz.4.4247" name="/" dev="configfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 293.369737][ T29] audit: type=1400 audit(1749614726.985:27327): avc: denied { read open } for pid=15313 comm="syz.4.4247" path="/" dev="configfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 293.442678][T15316] netlink: 84 bytes leftover after parsing attributes in process `syz.4.4248'. [ 293.465356][ T29] audit: type=1400 audit(1749614727.125:27328): avc: denied { execute_no_trans } for pid=15315 comm="syz.4.4248" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1439 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 293.543853][ T29] audit: type=1326 audit(1749614727.205:27329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15321 comm="syz.5.4251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d038e929 code=0x7ffc0000 [ 293.569439][ T29] audit: type=1326 audit(1749614727.205:27330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15321 comm="syz.5.4251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d038e929 code=0x7ffc0000 [ 293.609512][ T29] audit: type=1326 audit(1749614727.205:27331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15321 comm="syz.5.4251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f12d038e929 code=0x7ffc0000 [ 293.635746][ T29] audit: type=1326 audit(1749614727.205:27332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15321 comm="syz.5.4251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d038e929 code=0x7ffc0000 [ 293.713017][T15328] veth1_to_bond: entered allmulticast mode [ 293.720393][T15328] veth1_to_bond: entered promiscuous mode [ 293.730507][T15328] veth1_to_bond: left promiscuous mode [ 293.736633][T15328] veth1_to_bond: left allmulticast mode [ 293.974267][T15364] veth1_to_bond: entered allmulticast mode [ 293.981231][T15364] veth1_to_bond: entered promiscuous mode [ 293.990974][T15364] veth1_to_bond: left promiscuous mode [ 293.998064][T15364] veth1_to_bond: left allmulticast mode [ 294.017106][T15344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 294.027782][T15344] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 294.874167][T15400] veth1_to_bond: entered allmulticast mode [ 294.881577][T15400] veth1_to_bond: entered promiscuous mode [ 294.890116][T15400] veth1_to_bond: left promiscuous mode [ 294.896976][T15400] veth1_to_bond: left allmulticast mode [ 295.059934][T15416] netlink: 328 bytes leftover after parsing attributes in process `syz.4.4291'. [ 295.078396][T15412] rdma_rxe: rxe_newlink: failed to add veth0_to_bond [ 295.145008][T15419] netlink: 'syz.4.4291': attribute type 1 has an invalid length. [ 295.203186][T15421] FAULT_INJECTION: forcing a failure. [ 295.203186][T15421] name failslab, interval 1, probability 0, space 0, times 0 [ 295.216967][T15421] CPU: 0 UID: 0 PID: 15421 Comm: syz.0.4293 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 295.217017][T15421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 295.217032][T15421] Call Trace: [ 295.217039][T15421] [ 295.217048][T15421] __dump_stack+0x1d/0x30 [ 295.217119][T15421] dump_stack_lvl+0xe8/0x140 [ 295.217144][T15421] dump_stack+0x15/0x1b [ 295.217166][T15421] should_fail_ex+0x265/0x280 [ 295.217263][T15421] should_failslab+0x8c/0xb0 [ 295.217293][T15421] kmem_cache_alloc_node_noprof+0x57/0x320 [ 295.217330][T15421] ? __alloc_skb+0x101/0x320 [ 295.217364][T15421] __alloc_skb+0x101/0x320 [ 295.217444][T15421] ? audit_log_start+0x365/0x6c0 [ 295.217480][T15421] audit_log_start+0x380/0x6c0 [ 295.217571][T15421] audit_seccomp+0x48/0x100 [ 295.217602][T15421] ? __seccomp_filter+0x68c/0x10d0 [ 295.217681][T15421] __seccomp_filter+0x69d/0x10d0 [ 295.217713][T15421] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 295.217743][T15421] ? vfs_write+0x75e/0x8e0 [ 295.217767][T15421] ? __rcu_read_unlock+0x4f/0x70 [ 295.217794][T15421] ? __fget_files+0x184/0x1c0 [ 295.217903][T15421] __secure_computing+0x82/0x150 [ 295.217934][T15421] syscall_trace_enter+0xcf/0x1e0 [ 295.217989][T15421] do_syscall_64+0xac/0x200 [ 295.218018][T15421] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 295.218044][T15421] ? clear_bhb_loop+0x40/0x90 [ 295.218115][T15421] ? clear_bhb_loop+0x40/0x90 [ 295.218140][T15421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.218168][T15421] RIP: 0033:0x7f492087e929 [ 295.218189][T15421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.218208][T15421] RSP: 002b:00007f491eee7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 295.218237][T15421] RAX: ffffffffffffffda RBX: 00007f4920aa5fa0 RCX: 00007f492087e929 [ 295.218253][T15421] RDX: 0000000000000003 RSI: 0000200000001e40 RDI: 0000000000000005 [ 295.218271][T15421] RBP: 00007f491eee7090 R08: 0000000000000000 R09: 0000000000000000 [ 295.218287][T15421] R10: 00000000400122a0 R11: 0000000000000246 R12: 0000000000000001 [ 295.218301][T15421] R13: 0000000000000000 R14: 00007f4920aa5fa0 R15: 00007ffd4a6f8458 [ 295.218326][T15421] [ 295.531627][T15429] veth1_to_bond: entered allmulticast mode [ 295.549123][T15429] veth1_to_bond: entered promiscuous mode [ 295.559552][T15429] veth1_to_bond: left promiscuous mode [ 295.565890][T15429] veth1_to_bond: left allmulticast mode [ 295.774555][T15466] veth1_to_bond: entered allmulticast mode [ 295.781952][T15466] veth1_to_bond: entered promiscuous mode [ 295.795078][T15466] veth1_to_bond: left promiscuous mode [ 295.801647][T15466] veth1_to_bond: left allmulticast mode [ 295.867318][T15474] FAULT_INJECTION: forcing a failure. [ 295.867318][T15474] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 295.882015][T15474] CPU: 1 UID: 0 PID: 15474 Comm: syz.5.4316 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 295.882142][T15474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 295.882164][T15474] Call Trace: [ 295.882171][T15474] [ 295.882194][T15474] __dump_stack+0x1d/0x30 [ 295.882222][T15474] dump_stack_lvl+0xe8/0x140 [ 295.882248][T15474] dump_stack+0x15/0x1b [ 295.882269][T15474] should_fail_ex+0x265/0x280 [ 295.882312][T15474] should_fail+0xb/0x20 [ 295.882345][T15474] should_fail_usercopy+0x1a/0x20 [ 295.882440][T15474] _copy_from_user+0x1c/0xb0 [ 295.882472][T15474] ___sys_sendmsg+0xc1/0x1d0 [ 295.882515][T15474] __x64_sys_sendmsg+0xd4/0x160 [ 295.882541][T15474] x64_sys_call+0x2999/0x2fb0 [ 295.882563][T15474] do_syscall_64+0xd2/0x200 [ 295.882732][T15474] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 295.882805][T15474] ? clear_bhb_loop+0x40/0x90 [ 295.882863][T15474] ? clear_bhb_loop+0x40/0x90 [ 295.882943][T15474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.882966][T15474] RIP: 0033:0x7f12d038e929 [ 295.882984][T15474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.883005][T15474] RSP: 002b:00007f12ce9f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 295.883024][T15474] RAX: ffffffffffffffda RBX: 00007f12d05b5fa0 RCX: 00007f12d038e929 [ 295.883096][T15474] RDX: 0000000020000004 RSI: 0000200000000200 RDI: 0000000000000003 [ 295.883111][T15474] RBP: 00007f12ce9f7090 R08: 0000000000000000 R09: 0000000000000000 [ 295.883126][T15474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 295.883140][T15474] R13: 0000000000000000 R14: 00007f12d05b5fa0 R15: 00007fff955d7b08 [ 295.883171][T15474] [ 296.133254][T15478] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4315'. [ 296.212356][T15490] Falling back ldisc for ptm0. [ 296.278342][T15497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 296.288384][T15497] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 296.298763][T15502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4326'. [ 296.309838][T15501] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4326'. [ 296.676785][T15556] rdma_rxe: rxe_newlink: failed to add veth0_to_bond [ 296.773476][T15575] FAULT_INJECTION: forcing a failure. [ 296.773476][T15575] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 296.788196][T15575] CPU: 0 UID: 0 PID: 15575 Comm: syz.4.4358 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 296.788235][T15575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 296.788252][T15575] Call Trace: [ 296.788261][T15575] [ 296.788272][T15575] __dump_stack+0x1d/0x30 [ 296.788295][T15575] dump_stack_lvl+0xe8/0x140 [ 296.788315][T15575] dump_stack+0x15/0x1b [ 296.788337][T15575] should_fail_ex+0x265/0x280 [ 296.788380][T15575] should_fail+0xb/0x20 [ 296.788421][T15575] should_fail_usercopy+0x1a/0x20 [ 296.788549][T15575] _copy_from_user+0x1c/0xb0 [ 296.788573][T15575] ___sys_sendmsg+0xc1/0x1d0 [ 296.788617][T15575] __x64_sys_sendmsg+0xd4/0x160 [ 296.788653][T15575] x64_sys_call+0x2999/0x2fb0 [ 296.788743][T15575] do_syscall_64+0xd2/0x200 [ 296.788772][T15575] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 296.788808][T15575] ? clear_bhb_loop+0x40/0x90 [ 296.788836][T15575] ? clear_bhb_loop+0x40/0x90 [ 296.788925][T15575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.788956][T15575] RIP: 0033:0x7f3d6151e929 [ 296.788976][T15575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.789030][T15575] RSP: 002b:00007f3d5fb87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 296.789054][T15575] RAX: ffffffffffffffda RBX: 00007f3d61745fa0 RCX: 00007f3d6151e929 [ 296.789135][T15575] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 000000000000000d [ 296.789190][T15575] RBP: 00007f3d5fb87090 R08: 0000000000000000 R09: 0000000000000000 [ 296.789204][T15575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 296.789219][T15575] R13: 0000000000000000 R14: 00007f3d61745fa0 R15: 00007ffd21b95f98 [ 296.789239][T15575] [ 296.994910][T15580] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4356'. [ 297.058905][T15584] netlink: 3 bytes leftover after parsing attributes in process `syz.4.4361'. [ 297.068862][T15584] 0X: renamed from caif0 [ 297.075828][T15584] 0X: entered allmulticast mode [ 297.081641][T15584] A link change request failed with some changes committed already. Interface 60X may have been left with an inconsistent configuration, please check. [ 297.200231][T15589] rdma_rxe: rxe_newlink: failed to add veth0_to_bond [ 297.248665][T15593] veth1_to_bond: entered allmulticast mode [ 297.255259][T15593] veth1_to_bond: entered promiscuous mode [ 297.264710][T15593] veth1_to_bond: left promiscuous mode [ 297.270546][T15593] veth1_to_bond: left allmulticast mode [ 297.424545][T15602] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4368'. [ 297.436080][T15602] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15602 comm=syz.5.4368 [ 297.498942][T15610] veth1_to_bond: entered allmulticast mode [ 297.507299][T15610] veth1_to_bond: entered promiscuous mode [ 297.511645][ T3416] kernel read not supported for file /usbmon0 (pid: 3416 comm: kworker/1:5) [ 297.523448][T15610] veth1_to_bond: left promiscuous mode [ 297.529288][T15610] veth1_to_bond: left allmulticast mode [ 297.533418][T15611] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4369'. [ 297.590092][T15615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 297.599422][T15615] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 297.717281][T15624] FAULT_INJECTION: forcing a failure. [ 297.717281][T15624] name failslab, interval 1, probability 0, space 0, times 0 [ 297.731974][T15624] CPU: 1 UID: 0 PID: 15624 Comm: syz.0.4377 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 297.732027][T15624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 297.732088][T15624] Call Trace: [ 297.732100][T15624] [ 297.732135][T15624] __dump_stack+0x1d/0x30 [ 297.732165][T15624] dump_stack_lvl+0xe8/0x140 [ 297.732189][T15624] dump_stack+0x15/0x1b [ 297.732207][T15624] should_fail_ex+0x265/0x280 [ 297.732254][T15624] should_failslab+0x8c/0xb0 [ 297.732325][T15624] kmem_cache_alloc_noprof+0x50/0x310 [ 297.732361][T15624] ? getname_flags+0x80/0x3b0 [ 297.732398][T15624] getname_flags+0x80/0x3b0 [ 297.732553][T15624] do_sys_openat2+0x60/0x110 [ 297.732590][T15624] __x64_sys_openat+0xf2/0x120 [ 297.732768][T15624] x64_sys_call+0x1af/0x2fb0 [ 297.732792][T15624] do_syscall_64+0xd2/0x200 [ 297.732906][T15624] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 297.732945][T15624] ? clear_bhb_loop+0x40/0x90 [ 297.732977][T15624] ? clear_bhb_loop+0x40/0x90 [ 297.733010][T15624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.733169][T15624] RIP: 0033:0x7f492087d290 [ 297.733192][T15624] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 297.733220][T15624] RSP: 002b:00007f491eee6f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 297.733244][T15624] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f492087d290 [ 297.733330][T15624] RDX: 0000000000000002 RSI: 00007f491eee6fa0 RDI: 00000000ffffff9c [ 297.733347][T15624] RBP: 00007f491eee6fa0 R08: 0000000000000000 R09: 0000000000000000 [ 297.733361][T15624] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 297.733375][T15624] R13: 0000000000000000 R14: 00007f4920aa5fa0 R15: 00007ffd4a6f8458 [ 297.733396][T15624] [ 297.960110][T15619] FAULT_INJECTION: forcing a failure. [ 297.960110][T15619] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 297.974728][T15619] CPU: 0 UID: 0 PID: 15619 Comm: syz.6.4375 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 297.974767][T15619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 297.974781][T15619] Call Trace: [ 297.974789][T15619] [ 297.974798][T15619] __dump_stack+0x1d/0x30 [ 297.974827][T15619] dump_stack_lvl+0xe8/0x140 [ 297.974909][T15619] dump_stack+0x15/0x1b [ 297.974930][T15619] should_fail_ex+0x265/0x280 [ 297.975061][T15619] should_fail+0xb/0x20 [ 297.975094][T15619] should_fail_usercopy+0x1a/0x20 [ 297.975115][T15619] _copy_from_user+0x1c/0xb0 [ 297.975140][T15619] ___sys_sendmsg+0xc1/0x1d0 [ 297.975204][T15619] __x64_sys_sendmsg+0xd4/0x160 [ 297.975238][T15619] x64_sys_call+0x2999/0x2fb0 [ 297.975262][T15619] do_syscall_64+0xd2/0x200 [ 297.975289][T15619] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 297.975322][T15619] ? clear_bhb_loop+0x40/0x90 [ 297.975400][T15619] ? clear_bhb_loop+0x40/0x90 [ 297.975431][T15619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.975458][T15619] RIP: 0033:0x7fb10efae929 [ 297.975477][T15619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.975502][T15619] RSP: 002b:00007fb10d617038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 297.975583][T15619] RAX: ffffffffffffffda RBX: 00007fb10f1d5fa0 RCX: 00007fb10efae929 [ 297.975600][T15619] RDX: 0000000000040000 RSI: 00002000000003c0 RDI: 0000000000000008 [ 297.975613][T15619] RBP: 00007fb10d617090 R08: 0000000000000000 R09: 0000000000000000 [ 297.975625][T15619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 297.975639][T15619] R13: 0000000000000000 R14: 00007fb10f1d5fa0 R15: 00007ffc36d7c428 [ 297.975666][T15619] [ 297.977658][T15617] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4374'. [ 298.164648][T15632] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4378'. [ 298.227161][T15631] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 298.238267][T15631] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 298.304982][ T29] kauditd_printk_skb: 1002 callbacks suppressed [ 298.305012][ T29] audit: type=1326 audit(1749614731.965:28333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15638 comm="syz.3.4382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 298.339545][ T29] audit: type=1326 audit(1749614731.965:28334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15638 comm="syz.3.4382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 298.366590][ T29] audit: type=1326 audit(1749614731.965:28335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15638 comm="syz.3.4382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 298.393828][ T29] audit: type=1326 audit(1749614731.965:28336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15638 comm="syz.3.4382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 298.420292][ T29] audit: type=1326 audit(1749614731.965:28337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15638 comm="syz.3.4382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 298.446523][ T29] audit: type=1326 audit(1749614731.965:28338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15638 comm="syz.3.4382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 298.475110][ T29] audit: type=1326 audit(1749614731.965:28339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15638 comm="syz.3.4382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 298.608222][T15649] netlink: 'syz.3.4387': attribute type 10 has an invalid length. [ 298.623265][T15649] team0: Port device dummy0 added [ 298.639155][T15649] netlink: 'syz.3.4387': attribute type 10 has an invalid length. [ 298.652407][T15649] team0: Port device dummy0 removed [ 298.662655][T15649] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 298.775394][ T29] audit: type=1400 audit(1749614732.435:28340): avc: denied { write } for pid=15655 comm="syz.3.4390" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 298.863598][ T29] audit: type=1326 audit(1749614732.525:28341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15661 comm="syz.3.4393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 298.901807][ T29] audit: type=1326 audit(1749614732.525:28342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15661 comm="syz.3.4393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 299.050868][T15676] bond0: (slave dummy0): Releasing backup interface [ 299.189786][T15685] rdma_rxe: rxe_newlink: failed to add veth0_to_bond [ 299.230289][T15693] FAULT_INJECTION: forcing a failure. [ 299.230289][T15693] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 299.248767][T15693] CPU: 1 UID: 0 PID: 15693 Comm: syz.3.4403 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 299.248817][T15693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 299.248836][T15693] Call Trace: [ 299.248844][T15693] [ 299.248854][T15693] __dump_stack+0x1d/0x30 [ 299.248892][T15693] dump_stack_lvl+0xe8/0x140 [ 299.248953][T15693] dump_stack+0x15/0x1b [ 299.248976][T15693] should_fail_ex+0x265/0x280 [ 299.249025][T15693] should_fail+0xb/0x20 [ 299.249069][T15693] should_fail_usercopy+0x1a/0x20 [ 299.249121][T15693] _copy_from_user+0x1c/0xb0 [ 299.249183][T15693] ___sys_sendmsg+0xc1/0x1d0 [ 299.249235][T15693] __x64_sys_sendmsg+0xd4/0x160 [ 299.249272][T15693] x64_sys_call+0x2999/0x2fb0 [ 299.249302][T15693] do_syscall_64+0xd2/0x200 [ 299.249374][T15693] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 299.249459][T15693] ? clear_bhb_loop+0x40/0x90 [ 299.249539][T15693] ? clear_bhb_loop+0x40/0x90 [ 299.249564][T15693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.249741][T15693] RIP: 0033:0x7f2aee09e929 [ 299.249763][T15693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.249801][T15693] RSP: 002b:00007f2aec707038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 299.249826][T15693] RAX: ffffffffffffffda RBX: 00007f2aee2c5fa0 RCX: 00007f2aee09e929 [ 299.249840][T15693] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 299.249857][T15693] RBP: 00007f2aec707090 R08: 0000000000000000 R09: 0000000000000000 [ 299.249875][T15693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 299.249891][T15693] R13: 0000000000000000 R14: 00007f2aee2c5fa0 R15: 00007ffdceae32d8 [ 299.249940][T15693] [ 299.870955][T15720] veth1_to_bond: entered allmulticast mode [ 299.878059][T15720] veth1_to_bond: entered promiscuous mode [ 299.886223][T15720] veth1_to_bond: left promiscuous mode [ 299.892659][T15720] veth1_to_bond: left allmulticast mode [ 299.912206][T15716] netlink: 'syz.3.4413': attribute type 10 has an invalid length. [ 299.929342][T15716] team0: Port device dummy0 added [ 299.940545][T15716] netlink: 'syz.3.4413': attribute type 10 has an invalid length. [ 299.955303][T15716] team0: Port device dummy0 removed [ 299.964312][T15716] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 300.372809][T15748] veth1_to_bond: entered allmulticast mode [ 300.391276][T15748] veth1_to_bond: entered promiscuous mode [ 300.398802][T15748] veth1_to_bond: left promiscuous mode [ 300.404966][T15748] veth1_to_bond: left allmulticast mode [ 300.526401][T15762] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.574448][T15765] netlink: 'syz.5.4434': attribute type 10 has an invalid length. [ 300.583099][T15765] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4434'. [ 300.593944][T13138] hid (null): invalid report_size 65294 [ 300.594280][T15767] FAULT_INJECTION: forcing a failure. [ 300.594280][T15767] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 300.613499][T13138] hid-generic 0000:6AD69D00:F5F9BD7C.0003: unknown main item tag 0x1 [ 300.614025][T15767] CPU: 1 UID: 0 PID: 15767 Comm: syz.4.4436 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 300.614065][T15767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 300.614082][T15767] Call Trace: [ 300.614095][T15767] [ 300.614107][T15767] __dump_stack+0x1d/0x30 [ 300.614138][T15767] dump_stack_lvl+0xe8/0x140 [ 300.614166][T15767] dump_stack+0x15/0x1b [ 300.614208][T15767] should_fail_ex+0x265/0x280 [ 300.614299][T15767] should_fail+0xb/0x20 [ 300.614344][T15767] should_fail_usercopy+0x1a/0x20 [ 300.614374][T15767] strncpy_from_user+0x25/0x230 [ 300.614418][T15767] strncpy_from_bpfptr+0x43/0x50 [ 300.614506][T15767] bpf_prog_load+0x884/0x1070 [ 300.614631][T15767] ? security_bpf+0x2b/0x90 [ 300.614663][T15767] __sys_bpf+0x51d/0x790 [ 300.614717][T15767] __x64_sys_bpf+0x41/0x50 [ 300.614799][T15767] x64_sys_call+0x2478/0x2fb0 [ 300.614831][T15767] do_syscall_64+0xd2/0x200 [ 300.614861][T15767] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 300.614980][T15767] ? clear_bhb_loop+0x40/0x90 [ 300.615010][T15767] ? clear_bhb_loop+0x40/0x90 [ 300.615096][T15767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.615127][T15767] RIP: 0033:0x7f3d6151e929 [ 300.615149][T15767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 300.615177][T15767] RSP: 002b:00007f3d5fb87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 300.615204][T15767] RAX: ffffffffffffffda RBX: 00007f3d61745fa0 RCX: 00007f3d6151e929 [ 300.615266][T15767] RDX: 0000000000000094 RSI: 00002000000001c0 RDI: 0000000000000005 [ 300.615284][T15767] RBP: 00007f3d5fb87090 R08: 0000000000000000 R09: 0000000000000000 [ 300.615303][T15767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 300.615321][T15767] R13: 0000000000000000 R14: 00007f3d61745fa0 R15: 00007ffd21b95f98 [ 300.615348][T15767] [ 300.826900][T13138] hid-generic 0000:6AD69D00:F5F9BD7C.0003: reserved main item tag 0xe [ 300.835485][T13138] hid-generic 0000:6AD69D00:F5F9BD7C.0003: reserved main item tag 0xd [ 300.843840][T13138] hid-generic 0000:6AD69D00:F5F9BD7C.0003: invalid report_size 65294 [ 300.852500][T13138] hid-generic 0000:6AD69D00:F5F9BD7C.0003: item 0 2 1 7 parsing failed [ 300.869325][T15765] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 300.876942][T13138] hid-generic 0000:6AD69D00:F5F9BD7C.0003: probe with driver hid-generic failed with error -22 [ 300.893354][T15765] team0: Failed to send options change via netlink (err -105) [ 300.901657][T15765] team0: Port device geneve1 added [ 300.915350][T15762] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.932234][T15772] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4438'. [ 300.955641][T15762] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.069096][T15785] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4440'. [ 301.130696][T15762] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.153838][T15785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 301.181520][T15785] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 301.210477][T15762] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.223933][T15762] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.237138][T15762] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.249617][T15762] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.586310][T15831] veth1_to_bond: entered allmulticast mode [ 301.604903][T15831] veth1_to_bond: entered promiscuous mode [ 301.618108][T15831] veth1_to_bond: left promiscuous mode [ 301.624125][T15831] veth1_to_bond: left allmulticast mode [ 301.990857][T15869] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4477'. [ 302.062736][T15875] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4479'. [ 302.107547][T15881] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4481'. [ 302.442265][T15909] FAULT_INJECTION: forcing a failure. [ 302.442265][T15909] name failslab, interval 1, probability 0, space 0, times 0 [ 302.458382][T15909] CPU: 0 UID: 0 PID: 15909 Comm: syz.0.4492 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 302.458413][T15909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 302.458425][T15909] Call Trace: [ 302.458431][T15909] [ 302.458439][T15909] __dump_stack+0x1d/0x30 [ 302.458460][T15909] dump_stack_lvl+0xe8/0x140 [ 302.458478][T15909] dump_stack+0x15/0x1b [ 302.458492][T15909] should_fail_ex+0x265/0x280 [ 302.458589][T15909] should_failslab+0x8c/0xb0 [ 302.458625][T15909] __kmalloc_noprof+0xa5/0x3e0 [ 302.458654][T15909] ? alloc_pipe_info+0x1c9/0x350 [ 302.458676][T15909] alloc_pipe_info+0x1c9/0x350 [ 302.458766][T15909] create_pipe_files+0x67/0x400 [ 302.458784][T15909] ? __fget_files+0x184/0x1c0 [ 302.458806][T15909] __do_pipe_flags+0x4a/0x1a0 [ 302.458826][T15909] do_pipe2+0x61/0x130 [ 302.458921][T15909] __x64_sys_pipe+0x21/0x30 [ 302.458940][T15909] x64_sys_call+0x258/0x2fb0 [ 302.458959][T15909] do_syscall_64+0xd2/0x200 [ 302.459033][T15909] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 302.459109][T15909] ? clear_bhb_loop+0x40/0x90 [ 302.459131][T15909] ? clear_bhb_loop+0x40/0x90 [ 302.459150][T15909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.459171][T15909] RIP: 0033:0x7f492087e929 [ 302.459187][T15909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.459221][T15909] RSP: 002b:00007f491eee7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 302.459240][T15909] RAX: ffffffffffffffda RBX: 00007f4920aa5fa0 RCX: 00007f492087e929 [ 302.459339][T15909] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 302.459356][T15909] RBP: 00007f491eee7090 R08: 0000000000000000 R09: 0000000000000000 [ 302.459369][T15909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 302.459441][T15909] R13: 0000000000000000 R14: 00007f4920aa5fa0 R15: 00007ffd4a6f8458 [ 302.459460][T15909] [ 302.698982][T15912] __nla_validate_parse: 1 callbacks suppressed [ 302.699001][T15912] netlink: 80 bytes leftover after parsing attributes in process `syz.0.4493'. [ 302.740036][T15914] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4494'. [ 302.809882][T15918] rdma_rxe: rxe_newlink: failed to add veth0_to_bond [ 302.882881][T15925] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4499'. [ 302.984660][T15932] block device autoloading is deprecated and will be removed. [ 303.220303][T15945] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4506'. [ 303.391093][ T29] kauditd_printk_skb: 1125 callbacks suppressed [ 303.397849][ T29] audit: type=1326 audit(1749614737.045:29468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15955 comm="syz.3.4511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 303.424190][ T29] audit: type=1326 audit(1749614737.055:29469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15955 comm="syz.3.4511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 303.455881][ T29] audit: type=1326 audit(1749614737.085:29470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15955 comm="syz.3.4511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 303.481020][ T29] audit: type=1326 audit(1749614737.085:29471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15955 comm="syz.3.4511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 303.506003][ T29] audit: type=1326 audit(1749614737.085:29472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15955 comm="syz.3.4511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 303.518433][T15956] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4511'. [ 303.531308][ T29] audit: type=1326 audit(1749614737.085:29473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15955 comm="syz.3.4511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 303.531352][ T29] audit: type=1326 audit(1749614737.085:29474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15955 comm="syz.3.4511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 303.594756][ T29] audit: type=1326 audit(1749614737.095:29475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15955 comm="syz.3.4511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 303.646661][ T29] audit: type=1326 audit(1749614737.165:29476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15955 comm="syz.3.4511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 303.672825][ T29] audit: type=1326 audit(1749614737.165:29477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15955 comm="syz.3.4511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 303.704427][T15961] netlink: 'syz.3.4514': attribute type 4 has an invalid length. [ 303.718843][T15961] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4514'. [ 303.911994][T15974] bond0: (slave dummy0): Releasing backup interface [ 304.178785][T15993] netlink: 'syz.4.4526': attribute type 1 has an invalid length. [ 304.220737][T15994] wireguard0: entered promiscuous mode [ 304.227533][T15994] wireguard0: entered allmulticast mode [ 304.277360][T15993] 8021q: adding VLAN 0 to HW filter on device bond2 [ 304.314291][T15996] bond2: (slave veth5): Enslaving as an active interface with a down link [ 304.327151][T15999] bond2: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 304.745031][T16019] x_tables: duplicate underflow at hook 1 [ 304.824214][T16029] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4538'. [ 305.117274][T16048] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4548'. [ 305.165019][T16051] loop0: detected capacity change from 0 to 512 [ 305.179159][T16055] tmpfs: Unknown parameter '' [ 305.248976][T16058] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4551'. [ 305.409999][T16070] veth1_to_bond: entered allmulticast mode [ 305.417130][T16070] veth1_to_bond: entered promiscuous mode [ 305.429821][T16072] veth1_to_bond: entered allmulticast mode [ 305.437118][T16072] veth1_to_bond: entered promiscuous mode [ 305.448446][T16072] veth1_to_bond: left promiscuous mode [ 305.455775][T16072] veth1_to_bond: left allmulticast mode [ 305.468607][T16070] veth1_to_bond: left promiscuous mode [ 305.475323][T16070] veth1_to_bond: left allmulticast mode [ 305.597491][T16084] loop0: detected capacity change from 0 to 1024 [ 305.624672][T16084] EXT4-fs (loop0): filesystem is read-only [ 305.744993][T16100] veth1_to_bond: entered allmulticast mode [ 305.753830][T16100] veth1_to_bond: entered promiscuous mode [ 305.812237][T16100] veth1_to_bond: left promiscuous mode [ 305.818439][T16100] veth1_to_bond: left allmulticast mode [ 305.828012][T16110] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4575'. [ 305.864038][T16112] FAULT_INJECTION: forcing a failure. [ 305.864038][T16112] name failslab, interval 1, probability 0, space 0, times 0 [ 305.865321][T16110] netlink: 'syz.3.4575': attribute type 1 has an invalid length. [ 305.877806][T16112] CPU: 0 UID: 0 PID: 16112 Comm: syz.4.4576 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 305.877843][T16112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 305.877886][T16112] Call Trace: [ 305.877940][T16112] [ 305.877952][T16112] __dump_stack+0x1d/0x30 [ 305.877980][T16112] dump_stack_lvl+0xe8/0x140 [ 305.878011][T16112] dump_stack+0x15/0x1b [ 305.878035][T16112] should_fail_ex+0x265/0x280 [ 305.878198][T16112] ? audit_log_d_path+0x8d/0x150 [ 305.878247][T16112] should_failslab+0x8c/0xb0 [ 305.878279][T16112] __kmalloc_cache_noprof+0x4c/0x320 [ 305.878323][T16112] audit_log_d_path+0x8d/0x150 [ 305.878468][T16112] audit_log_d_path_exe+0x42/0x70 [ 305.878517][T16112] audit_log_task+0x1e9/0x250 [ 305.878635][T16112] audit_seccomp+0x61/0x100 [ 305.878673][T16112] ? __seccomp_filter+0x68c/0x10d0 [ 305.878708][T16112] __seccomp_filter+0x69d/0x10d0 [ 305.878744][T16112] ? selinux_capable+0x1f9/0x270 [ 305.878834][T16112] ? __rcu_read_unlock+0x4f/0x70 [ 305.878871][T16112] __secure_computing+0x82/0x150 [ 305.878903][T16112] syscall_trace_enter+0xcf/0x1e0 [ 305.878989][T16112] do_syscall_64+0xac/0x200 [ 305.879080][T16112] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 305.879161][T16112] ? clear_bhb_loop+0x40/0x90 [ 305.879200][T16112] ? clear_bhb_loop+0x40/0x90 [ 305.879272][T16112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.879331][T16112] RIP: 0033:0x7f3d6151d33c [ 305.879422][T16112] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 305.879450][T16112] RSP: 002b:00007f3d5fb87030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 305.879558][T16112] RAX: ffffffffffffffda RBX: 00007f3d61745fa0 RCX: 00007f3d6151d33c [ 305.879577][T16112] RDX: 000000000000000f RSI: 00007f3d5fb870a0 RDI: 0000000000000005 [ 305.879596][T16112] RBP: 00007f3d5fb87090 R08: 0000000000000000 R09: 0000000000000000 [ 305.879614][T16112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 305.879632][T16112] R13: 0000000000000000 R14: 00007f3d61745fa0 R15: 00007ffd21b95f98 [ 305.879660][T16112] [ 306.116345][T16116] smc: net device bond0 applied user defined pnetid SYZ2 [ 306.128797][T16116] smc: ib device syz2 ibport 1 applied user defined pnetid SYZ2 [ 306.160389][T16116] smc: net device bond0 erased user defined pnetid SYZ2 [ 306.175207][T16116] smc: ib device syz2 ibport 1 erased user defined pnetid SYZ2 [ 306.318287][T16136] loop0: detected capacity change from 0 to 512 [ 306.354205][T16136] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 306.422050][T16136] ext4 filesystem being mounted at /375/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 306.589678][T16163] netlink: 'syz.4.4597': attribute type 29 has an invalid length. [ 306.605879][T16163] netlink: 'syz.4.4597': attribute type 29 has an invalid length. [ 306.649970][T11448] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 306.782383][T16188] FAULT_INJECTION: forcing a failure. [ 306.782383][T16188] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 306.796631][T16188] CPU: 1 UID: 0 PID: 16188 Comm: syz.4.4607 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 306.796702][T16188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 306.796716][T16188] Call Trace: [ 306.796723][T16188] [ 306.796732][T16188] __dump_stack+0x1d/0x30 [ 306.796753][T16188] dump_stack_lvl+0xe8/0x140 [ 306.796776][T16188] dump_stack+0x15/0x1b [ 306.796796][T16188] should_fail_ex+0x265/0x280 [ 306.796875][T16188] should_fail+0xb/0x20 [ 306.796926][T16188] should_fail_usercopy+0x1a/0x20 [ 306.796954][T16188] copy_fpstate_to_sigframe+0x628/0x7d0 [ 306.797028][T16188] ? copy_fpstate_to_sigframe+0xe6/0x7d0 [ 306.797074][T16188] ? x86_task_fpu+0x36/0x60 [ 306.797110][T16188] get_sigframe+0x34d/0x490 [ 306.797170][T16188] ? get_signal+0xdc8/0xf70 [ 306.797211][T16188] x64_setup_rt_frame+0xa8/0x580 [ 306.797260][T16188] arch_do_signal_or_restart+0x27c/0x480 [ 306.797311][T16188] exit_to_user_mode_loop+0x7a/0x100 [ 306.797355][T16188] do_syscall_64+0x1d6/0x200 [ 306.797377][T16188] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 306.797407][T16188] ? clear_bhb_loop+0x40/0x90 [ 306.797436][T16188] ? clear_bhb_loop+0x40/0x90 [ 306.797467][T16188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.797500][T16188] RIP: 0033:0x7f3d6151e927 [ 306.797517][T16188] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 306.797544][T16188] RSP: 002b:00007f3d5fb87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000114 [ 306.797607][T16188] RAX: 0000000000000114 RBX: 00007f3d61745fa0 RCX: 00007f3d6151e929 [ 306.797622][T16188] RDX: 000000000000004e RSI: 0000000000000006 RDI: 0000000000000003 [ 306.797687][T16188] RBP: 00007f3d5fb87090 R08: 0000000000000000 R09: 0000000000000000 [ 306.797705][T16188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 306.797722][T16188] R13: 0000000000000000 R14: 00007f3d61745fa0 R15: 00007ffd21b95f98 [ 306.797803][T16188] [ 307.165820][T16209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 307.176433][T16209] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 307.352946][T16231] veth1_to_bond: entered allmulticast mode [ 307.364830][T16231] veth1_to_bond: entered promiscuous mode [ 307.373988][T16231] veth1_to_bond: left promiscuous mode [ 307.380129][T16231] veth1_to_bond: left allmulticast mode [ 307.680394][T16251] tmpfs: Bad value for 'mpol' [ 307.788729][T16259] veth1_to_bond: entered allmulticast mode [ 307.795935][T16259] veth1_to_bond: entered promiscuous mode [ 307.805443][T16259] veth1_to_bond: left promiscuous mode [ 307.812005][T16259] veth1_to_bond: left allmulticast mode [ 307.949548][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 307.957480][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 307.965727][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 307.974082][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 307.982280][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 307.990358][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 307.999846][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.008228][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.016296][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.025162][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.032761][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.040765][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.048490][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.056625][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.064718][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.072863][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.080451][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.088244][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.096169][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.103973][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.111964][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.119670][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.127532][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.136411][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.145010][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.154287][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.162457][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.170536][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.178500][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 308.191148][ T9] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz1 [ 308.220705][T16278] FAULT_INJECTION: forcing a failure. [ 308.220705][T16278] name failslab, interval 1, probability 0, space 0, times 0 [ 308.234727][T16278] CPU: 0 UID: 0 PID: 16278 Comm: syz.3.4644 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 308.234765][T16278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 308.234780][T16278] Call Trace: [ 308.234787][T16278] [ 308.234794][T16278] __dump_stack+0x1d/0x30 [ 308.234818][T16278] dump_stack_lvl+0xe8/0x140 [ 308.234881][T16278] dump_stack+0x15/0x1b [ 308.234900][T16278] should_fail_ex+0x265/0x280 [ 308.234945][T16278] should_failslab+0x8c/0xb0 [ 308.234971][T16278] kmem_cache_alloc_lru_noprof+0x55/0x310 [ 308.235108][T16278] ? shmem_alloc_inode+0x34/0x50 [ 308.235170][T16278] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 308.235201][T16278] shmem_alloc_inode+0x34/0x50 [ 308.235224][T16278] alloc_inode+0x40/0x170 [ 308.235249][T16278] new_inode+0x1d/0xe0 [ 308.235323][T16278] shmem_get_inode+0x244/0x750 [ 308.235365][T16278] ? __se_sys_memfd_create+0x1cc/0x590 [ 308.235426][T16278] __shmem_file_setup+0x113/0x210 [ 308.235519][T16278] shmem_file_setup+0x3b/0x50 [ 308.235549][T16278] __se_sys_memfd_create+0x2c3/0x590 [ 308.235674][T16278] __x64_sys_memfd_create+0x31/0x40 [ 308.235715][T16278] x64_sys_call+0x122f/0x2fb0 [ 308.235755][T16278] do_syscall_64+0xd2/0x200 [ 308.235848][T16278] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 308.235883][T16278] ? clear_bhb_loop+0x40/0x90 [ 308.235964][T16278] ? clear_bhb_loop+0x40/0x90 [ 308.235986][T16278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.236017][T16278] RIP: 0033:0x7f2aee09e929 [ 308.236037][T16278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.236062][T16278] RSP: 002b:00007f2aec706e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 308.236161][T16278] RAX: ffffffffffffffda RBX: 0000000000000536 RCX: 00007f2aee09e929 [ 308.236174][T16278] RDX: 00007f2aec706ef0 RSI: 0000000000000000 RDI: 00007f2aee1214cc [ 308.236186][T16278] RBP: 0000200000000680 R08: 00007f2aec706bb7 R09: 00007f2aec706e40 [ 308.236199][T16278] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000 [ 308.236247][T16278] R13: 00007f2aec706ef0 R14: 00007f2aec706eb0 R15: 0000200000000200 [ 308.236266][T16278] [ 308.504986][ T29] kauditd_printk_skb: 1181 callbacks suppressed [ 308.505006][ T29] audit: type=1400 audit(1749614742.155:30657): avc: denied { create } for pid=16280 comm="syz.6.4646" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 308.537252][T16281] SELinux: policydb magic number 0x9566c68c does not match expected magic number 0xf97cff8c [ 308.549827][T16281] SELinux: failed to load policy [ 308.556674][T16284] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma? [ 308.557048][ T29] audit: type=1400 audit(1749614742.195:30658): avc: denied { ioctl } for pid=16279 comm="syz.0.4645" path="socket:[50212]" dev="sockfs" ino=50212 ioctlcmd=0x8915 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 308.599517][ T29] audit: type=1400 audit(1749614742.195:30659): avc: denied { load_policy } for pid=16279 comm="syz.0.4645" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 308.623714][ T29] audit: type=1400 audit(1749614742.225:30660): avc: denied { bind } for pid=16280 comm="syz.6.4646" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 308.648259][ T29] audit: type=1400 audit(1749614742.245:30661): avc: denied { create } for pid=16280 comm="syz.6.4646" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 308.671961][ T29] audit: type=1400 audit(1749614742.245:30662): avc: denied { bind } for pid=16280 comm="syz.6.4646" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 308.693822][ T29] audit: type=1326 audit(1749614742.335:30663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16291 comm="syz.5.4649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d038e929 code=0x7ffc0000 [ 308.719152][ T29] audit: type=1326 audit(1749614742.335:30664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16291 comm="syz.5.4649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d038e929 code=0x7ffc0000 [ 308.745335][ T29] audit: type=1326 audit(1749614742.335:30665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16291 comm="syz.5.4649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f12d038e929 code=0x7ffc0000 [ 308.770044][ T29] audit: type=1326 audit(1749614742.335:30666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16291 comm="syz.5.4649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12d038e929 code=0x7ffc0000 [ 308.947986][T16308] loop0: detected capacity change from 0 to 512 [ 308.956818][T16308] EXT4-fs: Ignoring removed mblk_io_submit option [ 308.965469][T16308] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 308.991861][T16308] EXT4-fs (loop0): 1 truncate cleaned up [ 308.999061][T16308] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 309.022302][T16316] __nla_validate_parse: 6 callbacks suppressed [ 309.022319][T16316] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4657'. [ 309.059807][T11448] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 309.075557][T16318] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4659'. [ 309.124233][T16326] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4661'. [ 309.197528][T16330] team0: Port device geneve1 removed [ 309.406168][T16345] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4671'. [ 309.433768][T16347] loop0: detected capacity change from 0 to 512 [ 309.443264][T16347] EXT4-fs: Ignoring removed mblk_io_submit option [ 309.452604][T16347] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 309.482896][T16347] EXT4-fs (loop0): 1 truncate cleaned up [ 309.489366][T16347] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 309.546436][T11448] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.113230][T16382] veth1_to_bond: entered allmulticast mode [ 310.164658][T16386] veth1_to_bond: entered promiscuous mode [ 310.175405][T16386] veth1_to_bond: left promiscuous mode [ 310.182076][T16386] veth1_to_bond: left allmulticast mode [ 310.398437][T16397] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4688'. [ 310.593255][T16407] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4694'. [ 310.619376][T16410] FAULT_INJECTION: forcing a failure. [ 310.619376][T16410] name failslab, interval 1, probability 0, space 0, times 0 [ 310.634086][T16410] CPU: 0 UID: 0 PID: 16410 Comm: syz.0.4696 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 310.634116][T16410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 310.634138][T16410] Call Trace: [ 310.634146][T16410] [ 310.634157][T16410] __dump_stack+0x1d/0x30 [ 310.634189][T16410] dump_stack_lvl+0xe8/0x140 [ 310.634216][T16410] dump_stack+0x15/0x1b [ 310.634326][T16410] should_fail_ex+0x265/0x280 [ 310.634479][T16410] should_failslab+0x8c/0xb0 [ 310.634504][T16410] kmem_cache_alloc_lru_noprof+0x55/0x310 [ 310.634572][T16410] ? __d_alloc+0x3d/0x350 [ 310.634607][T16410] __d_alloc+0x3d/0x350 [ 310.634649][T16410] ? mpol_shared_policy_init+0xbd/0x4c0 [ 310.634756][T16410] d_alloc_pseudo+0x1e/0x80 [ 310.634792][T16410] alloc_file_pseudo+0x71/0x160 [ 310.634831][T16410] __shmem_file_setup+0x1de/0x210 [ 310.634873][T16410] shmem_file_setup+0x3b/0x50 [ 310.634947][T16410] __se_sys_memfd_create+0x2c3/0x590 [ 310.634987][T16410] __x64_sys_memfd_create+0x31/0x40 [ 310.635027][T16410] x64_sys_call+0x122f/0x2fb0 [ 310.635075][T16410] do_syscall_64+0xd2/0x200 [ 310.635150][T16410] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 310.635181][T16410] ? clear_bhb_loop+0x40/0x90 [ 310.635264][T16410] ? clear_bhb_loop+0x40/0x90 [ 310.635340][T16410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.635385][T16410] RIP: 0033:0x7f492087e929 [ 310.635405][T16410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.635429][T16410] RSP: 002b:00007f491eee6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 310.635453][T16410] RAX: ffffffffffffffda RBX: 0000000000000536 RCX: 00007f492087e929 [ 310.635468][T16410] RDX: 00007f491eee6ef0 RSI: 0000000000000000 RDI: 00007f49209014cc [ 310.635486][T16410] RBP: 0000200000000680 R08: 00007f491eee6bb7 R09: 00007f491eee6e40 [ 310.635562][T16410] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000 [ 310.635578][T16410] R13: 00007f491eee6ef0 R14: 00007f491eee6eb0 R15: 0000200000000200 [ 310.635603][T16410] [ 310.914676][T16412] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 310.931810][T16415] FAULT_INJECTION: forcing a failure. [ 310.931810][T16415] name failslab, interval 1, probability 0, space 0, times 0 [ 310.934352][T16412] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 310.946653][T16415] CPU: 0 UID: 0 PID: 16415 Comm: syz.0.4698 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 310.946696][T16415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 310.946722][T16415] Call Trace: [ 310.946744][T16415] [ 310.946756][T16415] __dump_stack+0x1d/0x30 [ 310.946789][T16415] dump_stack_lvl+0xe8/0x140 [ 310.946817][T16415] dump_stack+0x15/0x1b [ 310.946842][T16415] should_fail_ex+0x265/0x280 [ 310.946959][T16415] should_failslab+0x8c/0xb0 [ 310.947010][T16415] kmem_cache_alloc_node_noprof+0x57/0x320 [ 310.947050][T16415] ? __alloc_skb+0x101/0x320 [ 310.947098][T16415] __alloc_skb+0x101/0x320 [ 310.947159][T16415] inet_netconf_notify_devconf+0x173/0x230 [ 310.947212][T16415] inetdev_event+0x743/0xc10 [ 310.947302][T16415] ? __pfx_ib_netdevice_event+0x10/0x10 [ 310.947340][T16415] ? ib_netdevice_event+0x186/0x5f0 [ 310.947377][T16415] ? __pfx_arp_netdev_event+0x10/0x10 [ 310.947454][T16415] ? __pfx_inetdev_event+0x10/0x10 [ 310.947502][T16415] raw_notifier_call_chain+0x6c/0x1b0 [ 310.947551][T16415] ? call_netdevice_notifiers_info+0x9c/0x100 [ 310.947601][T16415] call_netdevice_notifiers_info+0xae/0x100 [ 310.947665][T16415] unregister_netdevice_many_notify+0xd9d/0x1690 [ 310.947711][T16415] unregister_netdevice_queue+0x1f5/0x220 [ 310.947766][T16415] vti6_siocdevprivate+0x273/0x8e0 [ 310.947873][T16415] dev_ifsioc+0x8f5/0xaa0 [ 310.947908][T16415] dev_ioctl+0x78d/0x960 [ 310.947957][T16415] sock_ioctl+0x593/0x610 [ 310.948073][T16415] ? __pfx_sock_ioctl+0x10/0x10 [ 310.948105][T16415] __se_sys_ioctl+0xce/0x140 [ 310.948228][T16415] __x64_sys_ioctl+0x43/0x50 [ 310.948275][T16415] x64_sys_call+0x19a8/0x2fb0 [ 310.948308][T16415] do_syscall_64+0xd2/0x200 [ 310.948349][T16415] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 310.948389][T16415] ? clear_bhb_loop+0x40/0x90 [ 310.948461][T16415] ? clear_bhb_loop+0x40/0x90 [ 310.948493][T16415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.948520][T16415] RIP: 0033:0x7f492087e929 [ 310.948543][T16415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.948570][T16415] RSP: 002b:00007f491eee7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 310.948637][T16415] RAX: ffffffffffffffda RBX: 00007f4920aa5fa0 RCX: 00007f492087e929 [ 310.948656][T16415] RDX: 0000200000000680 RSI: 00000000000089f2 RDI: 0000000000000004 [ 310.948674][T16415] RBP: 00007f491eee7090 R08: 0000000000000000 R09: 0000000000000000 [ 310.948699][T16415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 310.948716][T16415] R13: 0000000000000000 R14: 00007f4920aa5fa0 R15: 00007ffd4a6f8458 [ 310.948749][T16415] [ 311.262907][T16413] FAULT_INJECTION: forcing a failure. [ 311.262907][T16413] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 311.277424][T16413] CPU: 0 UID: 0 PID: 16413 Comm: syz.3.4697 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 311.277526][T16413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 311.277541][T16413] Call Trace: [ 311.277549][T16413] [ 311.277558][T16413] __dump_stack+0x1d/0x30 [ 311.277581][T16413] dump_stack_lvl+0xe8/0x140 [ 311.277659][T16413] dump_stack+0x15/0x1b [ 311.277677][T16413] should_fail_ex+0x265/0x280 [ 311.277746][T16413] should_fail_alloc_page+0xf2/0x100 [ 311.277796][T16413] __alloc_frozen_pages_noprof+0xff/0x360 [ 311.277836][T16413] alloc_pages_mpol+0xb3/0x250 [ 311.277891][T16413] vma_alloc_folio_noprof+0x1aa/0x300 [ 311.277932][T16413] do_wp_page+0x673/0x2400 [ 311.277956][T16413] ? __rcu_read_lock+0x37/0x50 [ 311.277982][T16413] handle_mm_fault+0x77d/0x2be0 [ 311.278022][T16413] ? __rcu_read_unlock+0x4f/0x70 [ 311.278054][T16413] do_user_addr_fault+0x3fe/0x1090 [ 311.278105][T16413] exc_page_fault+0x62/0xa0 [ 311.278239][T16413] asm_exc_page_fault+0x26/0x30 [ 311.278267][T16413] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 311.278337][T16413] Code: eb 01 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 311.278370][T16413] RSP: 0018:ffffc9000a7479b8 EFLAGS: 00050206 [ 311.278386][T16413] RAX: ffff88811a7d3b58 RBX: ffff8881521600c8 RCX: 000000000000f5d0 [ 311.278400][T16413] RDX: 0000000000000000 RSI: ffff888152160cc8 RDI: 0000200000001000 [ 311.278414][T16413] RBP: 0000200000000400 R08: 0000000080000000 R09: 0000000000000390 [ 311.278434][T16413] R10: 00018881521600c8 R11: 0001888152170297 R12: 00002000000105d0 [ 311.278448][T16413] R13: ffffc9000a747e80 R14: 00000000000101d0 R15: 00007ffffffff000 [ 311.278470][T16413] _copy_to_iter+0x13e/0xe30 [ 311.278531][T16413] ? __local_bh_enable_ip+0x70/0x80 [ 311.278558][T16413] ? _raw_spin_unlock_bh+0x36/0x40 [ 311.278593][T16413] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 311.278618][T16413] __skb_datagram_iter+0xc6/0x690 [ 311.278671][T16413] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 311.278701][T16413] skb_copy_datagram_iter+0x3d/0x110 [ 311.278732][T16413] tipc_recvstream+0x4d7/0x780 [ 311.278772][T16413] ? __pfx_tipc_recvstream+0x10/0x10 [ 311.278869][T16413] sock_recvmsg+0x139/0x170 [ 311.278900][T16413] ____sys_recvmsg+0xf5/0x280 [ 311.278987][T16413] ___sys_recvmsg+0x11f/0x370 [ 311.279027][T16413] __x64_sys_recvmsg+0xd1/0x160 [ 311.279056][T16413] x64_sys_call+0xf19/0x2fb0 [ 311.279079][T16413] do_syscall_64+0xd2/0x200 [ 311.279133][T16413] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 311.279161][T16413] ? clear_bhb_loop+0x40/0x90 [ 311.279184][T16413] ? clear_bhb_loop+0x40/0x90 [ 311.279222][T16413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.279244][T16413] RIP: 0033:0x7f2aee09e929 [ 311.279260][T16413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.279280][T16413] RSP: 002b:00007f2aec707038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 311.279299][T16413] RAX: ffffffffffffffda RBX: 00007f2aee2c5fa0 RCX: 00007f2aee09e929 [ 311.279312][T16413] RDX: 0000000000001f00 RSI: 0000200000000500 RDI: 0000000000000003 [ 311.279325][T16413] RBP: 00007f2aec707090 R08: 0000000000000000 R09: 0000000000000000 [ 311.279383][T16413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.279396][T16413] R13: 0000000000000000 R14: 00007f2aee2c5fa0 R15: 00007ffdceae32d8 [ 311.279416][T16413] [ 311.715415][T16423] SELinux: ebitmap: truncated map [ 311.721374][T16423] SELinux: failed to load policy [ 311.728353][T16423] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4700'. [ 311.737925][T16427] pim6reg: entered allmulticast mode [ 311.745401][T16427] pim6reg: left allmulticast mode [ 311.889222][T16442] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4705'. [ 312.035080][T16455] 9pnet_fd: Insufficient options for proto=fd [ 312.120125][T16466] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 312.205083][T16479] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4725'. [ 312.269377][T16485] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4728'. [ 312.278847][T16485] FAULT_INJECTION: forcing a failure. [ 312.278847][T16485] name failslab, interval 1, probability 0, space 0, times 0 [ 312.293403][T16485] CPU: 0 UID: 0 PID: 16485 Comm: syz.3.4728 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 312.293437][T16485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 312.293454][T16485] Call Trace: [ 312.293462][T16485] [ 312.293473][T16485] __dump_stack+0x1d/0x30 [ 312.293501][T16485] dump_stack_lvl+0xe8/0x140 [ 312.293527][T16485] dump_stack+0x15/0x1b [ 312.293544][T16485] should_fail_ex+0x265/0x280 [ 312.293668][T16485] should_failslab+0x8c/0xb0 [ 312.293697][T16485] kmem_cache_alloc_node_noprof+0x57/0x320 [ 312.293735][T16485] ? __alloc_skb+0x101/0x320 [ 312.293823][T16485] __alloc_skb+0x101/0x320 [ 312.293864][T16485] netlink_ack+0xfd/0x500 [ 312.293888][T16486] loop0: detected capacity change from 0 to 2048 [ 312.293942][T16485] netlink_rcv_skb+0x192/0x220 [ 312.293972][T16485] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 312.294022][T16485] rtnetlink_rcv+0x1c/0x30 [ 312.294115][T16485] netlink_unicast+0x5a1/0x670 [ 312.294191][T16485] netlink_sendmsg+0x58b/0x6b0 [ 312.294227][T16485] ? __pfx_netlink_sendmsg+0x10/0x10 [ 312.294259][T16485] __sock_sendmsg+0x142/0x180 [ 312.294338][T16485] ____sys_sendmsg+0x31e/0x4e0 [ 312.294384][T16485] ___sys_sendmsg+0x17b/0x1d0 [ 312.294505][T16485] __x64_sys_sendmsg+0xd4/0x160 [ 312.294542][T16485] x64_sys_call+0x2999/0x2fb0 [ 312.294574][T16485] do_syscall_64+0xd2/0x200 [ 312.294605][T16485] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 312.294636][T16485] ? clear_bhb_loop+0x40/0x90 [ 312.294729][T16485] ? clear_bhb_loop+0x40/0x90 [ 312.294793][T16485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.294825][T16485] RIP: 0033:0x7f2aee09e929 [ 312.294848][T16485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.294875][T16485] RSP: 002b:00007f2aec707038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 312.294903][T16485] RAX: ffffffffffffffda RBX: 00007f2aee2c5fa0 RCX: 00007f2aee09e929 [ 312.294998][T16485] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 312.295016][T16485] RBP: 00007f2aec707090 R08: 0000000000000000 R09: 0000000000000000 [ 312.295035][T16485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 312.295051][T16485] R13: 0000000000000000 R14: 00007f2aee2c5fa0 R15: 00007ffdceae32d8 [ 312.295081][T16485] [ 312.563140][T16486] EXT4-fs (loop0): failed to initialize system zone (-117) [ 312.572709][T16486] EXT4-fs (loop0): mount failed [ 313.161901][T16512] loop0: detected capacity change from 0 to 512 [ 313.171996][T16512] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 313.192233][T16512] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 313.200961][T16512] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002] [ 313.211184][T16512] System zones: 0-1, 15-15, 18-18, 34-34 [ 313.217842][T16512] EXT4-fs (loop0): orphan cleanup on readonly fs [ 313.225037][T16512] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 313.241751][T16512] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 313.252086][T16512] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.4737: bg 0: block 40: padding at end of block bitmap is not set [ 313.271540][T16512] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 313.286819][T16512] EXT4-fs (loop0): 1 truncate cleaned up [ 313.294140][T16512] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 313.367095][T11448] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 314.410376][T16533] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4744'. [ 314.652632][ T29] kauditd_printk_skb: 458 callbacks suppressed [ 314.652647][ T29] audit: type=1326 audit(1749614748.315:31124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16539 comm="syz.3.4747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 314.654048][T16542] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4748'. [ 314.698325][ T29] audit: type=1326 audit(1749614748.315:31125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16539 comm="syz.3.4747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 314.726341][ T29] audit: type=1326 audit(1749614748.315:31126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16539 comm="syz.3.4747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 314.756467][ T29] audit: type=1326 audit(1749614748.315:31127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16539 comm="syz.3.4747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 314.756888][T16544] FAULT_INJECTION: forcing a failure. [ 314.756888][T16544] name failslab, interval 1, probability 0, space 0, times 0 [ 314.782341][ T29] audit: type=1326 audit(1749614748.315:31128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16539 comm="syz.3.4747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2aee09e929 code=0x7ffc0000 [ 314.796741][T16544] CPU: 0 UID: 0 PID: 16544 Comm: syz.5.4749 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 314.796798][T16544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 314.796816][T16544] Call Trace: [ 314.796828][T16544] [ 314.796840][T16544] __dump_stack+0x1d/0x30 [ 314.796873][T16544] dump_stack_lvl+0xe8/0x140 [ 314.796904][T16544] dump_stack+0x15/0x1b [ 314.796949][T16544] should_fail_ex+0x265/0x280 [ 314.797001][T16544] should_failslab+0x8c/0xb0 [ 314.797036][T16544] kmem_cache_alloc_lru_noprof+0x55/0x310 [ 314.797076][T16544] ? __d_alloc+0x3d/0x350 [ 314.797147][T16544] __d_alloc+0x3d/0x350 [ 314.797182][T16544] ? mpol_shared_policy_init+0xbd/0x4c0 [ 314.797233][T16544] d_alloc_pseudo+0x1e/0x80 [ 314.797321][T16544] alloc_file_pseudo+0x71/0x160 [ 314.797424][T16544] ? __se_sys_memfd_create+0x1cc/0x590 [ 314.797474][T16544] __shmem_file_setup+0x1de/0x210 [ 314.797597][T16544] shmem_file_setup+0x3b/0x50 [ 314.797639][T16544] __se_sys_memfd_create+0x2c3/0x590 [ 314.797718][T16544] __x64_sys_memfd_create+0x31/0x40 [ 314.797766][T16544] x64_sys_call+0x122f/0x2fb0 [ 314.797797][T16544] do_syscall_64+0xd2/0x200 [ 314.797829][T16544] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 314.797941][T16544] ? clear_bhb_loop+0x40/0x90 [ 314.798012][T16544] ? clear_bhb_loop+0x40/0x90 [ 314.798046][T16544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.798076][T16544] RIP: 0033:0x7f12d038e929 [ 314.798100][T16544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.798172][T16544] RSP: 002b:00007f12ce9f6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 314.798198][T16544] RAX: ffffffffffffffda RBX: 0000000000000a00 RCX: 00007f12d038e929 [ 314.798217][T16544] RDX: 00007f12ce9f6ef0 RSI: 0000000000000000 RDI: 00007f12d04114cc [ 314.798235][T16544] RBP: 0000200000000240 R08: 00007f12ce9f6bb7 R09: 00007f12ce9f6e40 [ 314.798254][T16544] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000002380 [ 314.798272][T16544] R13: 00007f12ce9f6ef0 R14: 00007f12ce9f6eb0 R15: 0000200000000100 [ 314.798332][T16544] [ 315.099396][T16547] 9pnet: p9_errstr2errno: server reported unknown error @L NAMIC now [ 315.151812][ T29] audit: type=1326 audit(1749614748.775:31129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16553 comm="syz.0.4753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f492087e929 code=0x7ffc0000 [ 315.178299][ T29] audit: type=1326 audit(1749614748.775:31130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16553 comm="syz.0.4753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f492087e929 code=0x7ffc0000 [ 315.204998][ T29] audit: type=1326 audit(1749614748.775:31131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16553 comm="syz.0.4753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f492087e929 code=0x7ffc0000 [ 315.231918][ T29] audit: type=1326 audit(1749614748.775:31132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16553 comm="syz.0.4753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f492087e929 code=0x7ffc0000 [ 315.259475][ T29] audit: type=1326 audit(1749614748.775:31133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16553 comm="syz.0.4753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f492087e929 code=0x7ffc0000 [ 315.290063][T16562] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4755'. [ 315.312587][T16562] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 315.332653][T16562] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 315.345803][T16568] ipvlan2: entered promiscuous mode [ 315.356253][T16568] bridge0: port 1(ipvlan2) entered blocking state [ 315.363262][T16568] bridge0: port 1(ipvlan2) entered disabled state [ 315.372768][T16568] ipvlan2: entered allmulticast mode [ 315.378665][T16568] bridge0: entered allmulticast mode [ 315.386640][T16568] ipvlan2: left allmulticast mode [ 315.392433][T16568] bridge0: left allmulticast mode [ 315.525107][T16577] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4761'. [ 315.630044][T16592] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4765'. [ 315.687975][T16595] FAULT_INJECTION: forcing a failure. [ 315.687975][T16595] name failslab, interval 1, probability 0, space 0, times 0 [ 315.703231][T16595] CPU: 1 UID: 0 PID: 16595 Comm: syz.4.4768 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 315.703261][T16595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 315.703274][T16595] Call Trace: [ 315.703289][T16595] [ 315.703374][T16595] __dump_stack+0x1d/0x30 [ 315.703402][T16595] dump_stack_lvl+0xe8/0x140 [ 315.703470][T16595] dump_stack+0x15/0x1b [ 315.703492][T16595] should_fail_ex+0x265/0x280 [ 315.703539][T16595] should_failslab+0x8c/0xb0 [ 315.703570][T16595] kmem_cache_alloc_node_noprof+0x57/0x320 [ 315.703648][T16595] ? __alloc_skb+0x101/0x320 [ 315.703698][T16595] __alloc_skb+0x101/0x320 [ 315.703805][T16595] ? audit_log_start+0x365/0x6c0 [ 315.703866][T16595] audit_log_start+0x380/0x6c0 [ 315.703912][T16595] audit_seccomp+0x48/0x100 [ 315.704013][T16595] ? __seccomp_filter+0x68c/0x10d0 [ 315.704046][T16595] __seccomp_filter+0x69d/0x10d0 [ 315.704138][T16595] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 315.704161][T16595] ? vfs_write+0x75e/0x8e0 [ 315.704186][T16595] __secure_computing+0x82/0x150 [ 315.704227][T16595] syscall_trace_enter+0xcf/0x1e0 [ 315.704258][T16595] do_syscall_64+0xac/0x200 [ 315.704335][T16595] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 315.704363][T16595] ? clear_bhb_loop+0x40/0x90 [ 315.704445][T16595] ? clear_bhb_loop+0x40/0x90 [ 315.704473][T16595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.704502][T16595] RIP: 0033:0x7f3d6151e929 [ 315.704522][T16595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.704546][T16595] RSP: 002b:00007f3d5fb87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 315.704611][T16595] RAX: ffffffffffffffda RBX: 00007f3d61745fa0 RCX: 00007f3d6151e929 [ 315.704628][T16595] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 315.704749][T16595] RBP: 00007f3d5fb87090 R08: 0000000000000000 R09: 0000000000000000 [ 315.704766][T16595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.704783][T16595] R13: 0000000000000000 R14: 00007f3d61745fa0 R15: 00007ffd21b95f98 [ 315.704859][T16595] [ 315.994901][T16604] vlan0: entered promiscuous mode [ 316.000588][T16604] vlan0: entered allmulticast mode [ 316.000609][T16604] hsr_slave_1: entered allmulticast mode [ 316.008062][T16606] xt_TPROXY: Can be used only with -p tcp or -p udp [ 316.047452][T16599] netlink: 52 bytes leftover after parsing attributes in process `syz.6.4770'. [ 316.065691][T16608] netlink: 48 bytes leftover after parsing attributes in process `syz.5.4771'. [ 316.099164][T16604] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4771'. [ 316.228955][T16621] pim6reg1: entered promiscuous mode [ 316.235123][T16621] pim6reg1: entered allmulticast mode [ 316.314844][T16624] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4778'. [ 316.334403][T16626] syzkaller1: entered promiscuous mode [ 316.340616][T16626] syzkaller1: entered allmulticast mode [ 316.548712][T16642] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4781'. [ 316.587509][T16646] xt_connbytes: Forcing CT accounting to be enabled [ 316.595396][T16646] Cannot find set identified by id 0 to match [ 316.663580][T16653] SELinux: failed to load policy [ 316.675260][T16653] ref_ctr_offset mismatch. inode: 0x3e5 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x1000000 [ 316.879564][T16662] FAULT_INJECTION: forcing a failure. [ 316.879564][T16662] name failslab, interval 1, probability 0, space 0, times 0 [ 316.893549][T16662] CPU: 1 UID: 0 PID: 16662 Comm: syz.3.4793 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 316.893584][T16662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 316.893647][T16662] Call Trace: [ 316.893657][T16662] [ 316.893668][T16662] __dump_stack+0x1d/0x30 [ 316.893695][T16662] dump_stack_lvl+0xe8/0x140 [ 316.893718][T16662] dump_stack+0x15/0x1b [ 316.893751][T16662] should_fail_ex+0x265/0x280 [ 316.893832][T16662] should_failslab+0x8c/0xb0 [ 316.893866][T16662] kmem_cache_alloc_node_noprof+0x57/0x320 [ 316.893899][T16662] ? __alloc_skb+0x101/0x320 [ 316.893998][T16662] __alloc_skb+0x101/0x320 [ 316.894059][T16662] netlink_alloc_large_skb+0xba/0xf0 [ 316.894104][T16662] netlink_sendmsg+0x3cf/0x6b0 [ 316.894152][T16662] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.894181][T16662] __sock_sendmsg+0x142/0x180 [ 316.894219][T16662] ____sys_sendmsg+0x31e/0x4e0 [ 316.894266][T16662] ___sys_sendmsg+0x17b/0x1d0 [ 316.894313][T16662] __x64_sys_sendmsg+0xd4/0x160 [ 316.894348][T16662] x64_sys_call+0x2999/0x2fb0 [ 316.894438][T16662] do_syscall_64+0xd2/0x200 [ 316.894539][T16662] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 316.894571][T16662] ? clear_bhb_loop+0x40/0x90 [ 316.894599][T16662] ? clear_bhb_loop+0x40/0x90 [ 316.894636][T16662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.894664][T16662] RIP: 0033:0x7f2aee09e929 [ 316.894685][T16662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.894708][T16662] RSP: 002b:00007f2aec707038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 316.894756][T16662] RAX: ffffffffffffffda RBX: 00007f2aee2c5fa0 RCX: 00007f2aee09e929 [ 316.894768][T16662] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000007 [ 316.894898][T16662] RBP: 00007f2aec707090 R08: 0000000000000000 R09: 0000000000000000 [ 316.894909][T16662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 316.894931][T16662] R13: 0000000000000000 R14: 00007f2aee2c5fa0 R15: 00007ffdceae32d8 [ 316.894948][T16662] [ 317.182072][T12197] ================================================================== [ 317.191020][T12197] BUG: KCSAN: data-race in pollwake / pollwake [ 317.198862][T12197] [ 317.202088][T12197] write to 0xffffc9000143f9e0 of 4 bytes by interrupt on cpu 1: [ 317.209935][T12197] pollwake+0xb6/0x100 [ 317.214564][T12197] __wake_up_sync_key+0x52/0x80 [ 317.220224][T12197] sock_def_readable+0x70/0x190 [ 317.225825][T12197] tcp_data_ready+0x1ae/0x290 [ 317.231588][T12197] tcp_data_queue+0x15b0/0x3270 [ 317.236716][T12197] tcp_rcv_established+0xa0f/0xef0 [ 317.242416][T12197] tcp_v4_do_rcv+0x672/0x740 [ 317.248206][T12197] tcp_v4_rcv+0x1bd7/0x1f60 [ 317.253652][T12197] ip_protocol_deliver_rcu+0x397/0x780 [ 317.259608][T12197] ip_local_deliver_finish+0x184/0x220 [ 317.265693][T12197] ip_local_deliver+0xe8/0x1c0 [ 317.271078][T12197] ip_sublist_rcv+0x56b/0x650 [ 317.276586][T12197] ip_list_rcv+0x261/0x290 [ 317.281578][T12197] __netif_receive_skb_list_core+0x4dc/0x500 [ 317.288079][T12197] netif_receive_skb_list_internal+0x487/0x600 [ 317.295746][T12197] napi_complete_done+0x1a3/0x410 [ 317.301292][T12197] virtnet_poll+0x189f/0x1d10 [ 317.306957][T12197] __napi_poll+0x66/0x3a0 [ 317.311930][T12197] net_rx_action+0x391/0x830 [ 317.316725][T12197] handle_softirqs+0xb7/0x290 [ 317.322219][T12197] __irq_exit_rcu+0x3a/0xc0 [ 317.327090][T12197] common_interrupt+0x43/0x90 [ 317.332482][T12197] asm_common_interrupt+0x26/0x40 [ 317.337796][T12197] [ 317.340249][T12197] write to 0xffffc9000143f9e0 of 4 bytes by task 12197 on cpu 0: [ 317.348515][T12197] pollwake+0xb6/0x100 [ 317.353057][T12197] __wake_up_sync_key+0x52/0x80 [ 317.358195][T12197] anon_pipe_write+0x8ba/0xaa0 [ 317.363339][T12197] vfs_write+0x49d/0x8e0 [ 317.368093][T12197] ksys_write+0xda/0x1a0 [ 317.373167][T12197] __x64_sys_write+0x40/0x50 [ 317.378687][T12197] x64_sys_call+0x2cdd/0x2fb0 [ 317.384572][T12197] do_syscall_64+0xd2/0x200 [ 317.389936][T12197] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.396281][T12197] [ 317.398908][T12197] value changed: 0x00000000 -> 0x00000001 [ 317.405164][T12197] [ 317.408010][T12197] Reported by Kernel Concurrency Sanitizer on: [ 317.414702][T12197] CPU: 0 UID: 0 PID: 12197 Comm: syz-executor Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 317.429258][T12197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 317.440138][T12197] ==================================================================