last executing test programs:

5.598878435s ago: executing program 3 (id=8761):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_access(r2, &(0x7f0000000800)=ANY=[@ANYBLOB="7379730f74656d5f753a6f626a6563743a723a6367726f75705f743a7330202f7573722f6c6962b5c9656c6570617468792f6d697373696f6e2d636f6e74726f6c2d352030"], 0x58) (fail_nth: 6)

5.314966243s ago: executing program 3 (id=8766):
r0 = socket(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r2, 0x0, 0x10007ffffffff}, 0x18)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
sendmmsg$inet(r0, &(0x7f0000000000)=[{{&(0x7f0000000080)={0x2, 0x4c21, @private=0xa01fdff}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000300)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f00000002c0)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000ac0)="6cb76def2c36dab0f366cf47ad785ed2fb5e1fa5fb56d566acdc377060c4ba50a58104620df72c3004bfbc77173110e163f7d8ad60c34cdb064852353438fea809e390e392afbf35311690cd8286a6c49668aee29b7537078dba77963d15c085d7343c1012135d361ac15c082b7ac8db87cc10fe3ffc374c8be18fc53437100a11dddb9981072ec036d513870a5bbf62ce9e39f790f61ef997af390b9f5fc8a699e001c59077c459eb40ee80a3ffeb35737da668ef974592faf129325cd9ad0dc5663950a329804c9f5d261f71165b05dac212cc2afc40f980ddef8773f1045e75de4ec606aef87052e9ac784bb0f5a43f9cac5e44ae1a6dd575ce17a4749dc7cd4d7f76a40676e792e5b31a25703b1f35b48a89ed84582ef8f4ac046695f402c25da1fa6bc732a7016edf093b4c31193130b3bc143702e2b1d23743ca797b24495dc4979b81413701c0597dcd5e3bcc9c2050c18cfe03814d358e0f795e990dc44d2c1b9890514bd5ea94a3f3a1e25a8cdc67133e9176d76dc54c31274cff0101d8a42c103bad1b8b57362446f2c2ed8a69daf3d7306ef3fa2015e4ee1ef3392120b82671d73b07f3082ea69ffa0ebc7b53c78862a3e1ece518c1f0abbe4053b4dfafe815c1fe4b0d079446e80d13af972e00644a0188605d7309812e24cd1158677f94a16a5eb0c5d48b60329fc522026efa596ac913540f2a9b0345f279329bfba29a7dfc8894e6a08eeee3dd974c3de9e0602cfd1e3e584b10dd26cd13f7fb432e72ea85fd1d3a872061bc967d7a67a3a7f09f34cc825db5d9ef3ce0ff9873f8eff342eb30fa970007e2f591f07dc9bc5141a9679a2f7c69aa50894353a7830a0f7cf766aff6e81d7c3b88d730946ce3f327716ef6fd270d5bf467aef288db903f740b6ac27b962a3c6462372e63f8da8505f05d17b364dd8c6b5d449accd01b4c6da297669f098bee986b95e389a2d003539ca9dec8c26b9f6bbb5f7fe6f0b764d99bc0dafcad4121ed6a749ac71fc5deeee54d0e8a2d9dccc87df818258d73c8816b78c1be3670fb14dded879caf925e0f8abf63f55ffee02bbffb465f0303338bd12e22fe94fdaa3f033127ecaf41649232c38e83850fd3ebc890ea5db2763a8389ac49bd9b7f6b81f381d3eeb90d0f596e2b7f7dfa2a0e9453c1f5f359b56aae9e97a51f6c092d25a031843e351f5733a25c5905706618ab569359bdca4932f6471f4f2d152f84cfc0c563885b0d93fd015095a8eb9422e3d17ddaf3f20dde5eeea415f76c0617964198c824b98f4d53ab0d4d734dcd6d07dddd5b77c1bd71208632941973bd5b5aca981137ec21dcd86ba518b3d4979b68f704a2a7d7cfeb9be3edf4b4b3560e930d9dba0bc358cba36a129748c1fa73483a69759ba0c4f2ee2a936899e163c213bb3fe5a28e68669fb2da6bbcdf4c55e933d127a8bc68b8d0e6c6c757fe8ea47f26ceb7c1b3ca8b962eb31a081756ed56fe4385dccc5e2a7a53300e9c8a1a55bcf8db3f828cb3db8485110da631a50199a5c1932b5538a2b1c3cddb4451868a413418e3f761530fd477b2ebb449070c73171964203ad7bad4302af13fa6fe55fb88ede096a7aba95ef3665da778250daa9dd4bd5ecb8a807d83fe6dcf2f0cf5de7a4ef742979afd7d93bb2672ad45f6537640313b1ca8838f3fdc08e57455af6398ce5b253312fe1a88206210831e0de59d1e3f9442fb9dd43f1b9c00d151d3234028990f8bcaf65c0ad9ea1bc20e4b7641ff26969b02ccd60d2d8d2d72fe5fd58068cd6d7525c9e24c4246cd776ecf1f57550bb6bddad5093618797547cde5c07e165bc979bfbb5479c58e89c29efa5fdfa5b4a87917a4275609afc849384458ca980ba5a2aa4d10c761bb3b3a57e3d3b41001cdf6", 0x541}], 0x1}}], 0x2, 0x0)
pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RWSTAT(r3, &(0x7f0000000140)={0x7, 0x7f, 0x2}, 0x7)

5.069177326s ago: executing program 3 (id=8768):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="060000"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000080)={r3, r0}, 0xc)

4.935072259s ago: executing program 3 (id=8774):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
recvfrom$rxrpc(0xffffffffffffffff, &(0x7f00000004c0)=""/237, 0xed, 0x0, 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, 0x0)
r2 = socket(0x8000000010, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x61780, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r4}, 0x10)
write(r2, &(0x7f00000002c0)="fc0000001c000704ab5b2509b86803000aab087a0400000001481193210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r5}, 0x20)

2.951784083s ago: executing program 2 (id=8802):
r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x18)
r3 = socket(0x10, 0x3, 0x0)
connect$netlink(r3, &(0x7f0000000280)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000940)=@newtaction={0x18, 0x32, 0x829, 0x0, 0x0, {0x0, 0x0, 0x2}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x46, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4}, 0x10)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000500)=@abs, 0x6e)
sendmmsg$unix(r6, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b707000008000000850000006900000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
unshare(0x62040200)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x11e)
renameat2(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0x0)
write$UHID_CREATE2(r0, 0x0, 0x8)

2.110714334s ago: executing program 4 (id=8815):
r0 = socket$inet6(0xa, 0x800, 0x0)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x1000, 0x10ffff, 0xfffffffd})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0xc0a85320, &(0x7f00000005c0)={{0x80, 0xfd}, 'port0\x00', 0x72, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x582e, 0x0, 0x7cce8c743ee810df})
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c000000020601030000000000000000000000000900020073797a300000000005000100060000000500050000000000050004000000000014000780080011400000000005121500038b4d6102024913f0747bd40000000d000300686173683a6d616300000000"], 0x5c}}, 0x4000000)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r4, 0x1, 0x31, &(0x7f0000000040), 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaa230180c20000000800450000b000be8ee0f18575694d000000ffffffff00004e20009c907801000000000000007b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424dbcfd56f1375461caaa2f19935e6996c7096ffeeb03000000000000649a3bfbc1f39cb307b3472edae5b042d2643fcbb2c5a57df67d544af6e8dafe09"], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYRES64=r2, @ANYRESHEX=r0], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffff5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x7, 0xe, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36}, 0x94)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000680)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x48001}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000340)=0xfffffffc, 0x0, 0x4)
r7 = socket(0x2a, 0x2, 0x6)
getsockname$packet(r7, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x23457})
io_uring_enter(0xffffffffffffffff, 0x46bc, 0x3, 0x20, 0x0, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYRES8=r4], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffdfd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)

2.018399093s ago: executing program 4 (id=8817):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r3}, 0x18)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd, 0x400000, 0x0, 0xffffffffffffff1b, 0x7a}, 0x0, &(0x7f0000000280)={0x3fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r0, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x16}, 0x3}, {{0x0, 0x0, 0x0}, 0xa1}], 0x40000000000020a, 0x0, 0x0)

1.686741415s ago: executing program 1 (id=8821):
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1813000007000000eab4040000000000001000000000", @ANYRES32, @ANYBLOB="827400"/19, @ANYRES32, @ANYRES32], 0x50)
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
r3 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000040)={0x43, 0x1}, 0x10)
bind$tipc(r3, 0x0, 0x0)
close(r3)
openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2(&(0x7f0000001cc0)={<r5=>0xffffffffffffffff}, 0x800)
write$selinux_create(r5, &(0x7f0000000100)=@access={'system_u:object_r:udev_tbl_t:s0', 0x20, 'unconfined', 0x20, 0x9}, 0x40)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, &(0x7f0000000280)}, 0x20)
r6 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x40)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r6, 0x58, &(0x7f00000002c0)}, 0x10)

1.621796292s ago: executing program 1 (id=8822):
r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
ioctl$PPPIOCSNPMODE(r0, 0x4008744b, &(0x7f0000000240)={0x21, 0x1})
r1 = socket(0xa, 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f0000000a00)=ANY=[@ANYRESOCT=r2, @ANYBLOB="fcf36e1b4ae8a3ffa4489e1e3a235f4c64bbdb5bd23e0ecd3ec29d65baba65273cd02633209f525d087ea35c0c9ed99f3e4a9a101c29a6888e0f899cb8b9aee8742f1958f989a5b4ef50b1fb5389a2ec83d16e4ba5044df53d12011f74fe6d991d3b2c539b4962b70b866686fa3245460202f7a6078191adb3f4bda66d004f6292db661dafab994d1cf0e57c6483308842c256610d307089f80d2a19203bba32c2385d7528e606e0afa25ec26745542b1f3390f5b5b277aa06bb4f58ce70aadabefcb1531d32926c86cf8d2d6389a4f1b8f96dc078047624f6892a50026973b536d75238366b", @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4044)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d1a3a700080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)
connect$inet6(r2, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28)
write$binfmt_script(r2, &(0x7f0000000500)={'#! ', './file0'}, 0xb)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b000000000000000000000000800000000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000001ac0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x7, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x18)
syz_usb_connect$hid(0x2, 0xfffffe85, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000400), &(0x7f0000000480)=0xe)

1.591384755s ago: executing program 2 (id=8823):
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300001d000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r2, &(0x7f0000000040), 0x10)
listen(r2, 0x0)
r3 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r3, 0x0, 0x0)
sendmmsg(r3, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)

1.519041262s ago: executing program 2 (id=8824):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd, 0x400000, 0x0, 0xffffffffffffff1b, 0x7a}, 0x0, &(0x7f0000000280)={0x3fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x16}, 0x3}, {{0x0, 0x0, 0x0}, 0xa1}], 0x40000000000020a, 0x0, 0x0)

1.414821892s ago: executing program 0 (id=8826):
pipe(&(0x7f00000007c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000180)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000800"], 0x50}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) (fail_nth: 6)

1.298811253s ago: executing program 0 (id=8827):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
gettid() (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) (async)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r1, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000b40)=""/67}, {&(0x7f0000000400)=""/8}, {&(0x7f0000000680)=""/188}, {&(0x7f0000000bc0)=""/241}, {&(0x7f0000000940)=""/221}], 0x0, &(0x7f0000000a40)=""/192}, 0x8}], 0x3fffffffffffedd, 0x10002, 0x0) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB], 0x50) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000080)='kfree\x00', r5}, 0x18) (async)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000)={<r7=>0xffffffffffffffff}, 0x111, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000340)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7ee, @empty, 0x1}, {0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, '\x00', 0x37}, 0x108}, r7, 0xb}}, 0x48) (async)
write$RDMA_USER_CM_CMD_DESTROY_ID(r6, &(0x7f0000000f80)={0x1, 0x10, 0xfa00, {0x0, r7}}, 0x18) (async)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), 0x0}, 0x20) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r9 = syz_io_uring_setup(0x371d, &(0x7f0000000740)={0x0, 0x4, 0x40, 0x2, 0xffffff}, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r9, 0x9, 0x0, 0x0)

1.078550254s ago: executing program 4 (id=8828):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f0000001580)=ANY=[@ANYBLOB='map=off,session=0x0000000000000017\x00sbsector=0x0000000100000001,sbsector=0x0000000000000005,session=0x0000000000000062,nojolietAiocharset=cp865,iocharset=cp737,session=0x0000000000000058,showassoc,mode=0xffffffaffffffffe,norock,\x00'], 0xfa, 0x69f, &(0x7f0000000840)="$eJzs3c9v2+Ydx/EP5V+yOwTFNhRBkB9PkhVwsEyR5MaBkQEtR1E2N0kUSHmwgQFF1thFEDndkg5YfOl82Q+gA3berZcddts/MKDn/he7bUCx3QZsBw4kRVmyRMlqHLdZ3y8jEUV++Txfkgq/oSU+EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkOXUyuWKpYbX2t4x+Zxa4DcnLE9bW9CtdOLW1H4lK/6jYlEX01kXv328+I34rxu6nD67rGL8UNTha2+8fv9b84Vs/QkJfRGatcFnzw8fP+h2956eInZOMzf/ZVLhFEGbbssLfa9pb7rGC32zsb5evrNVD03da7jhbthxm8YJ3ELHD8yqc8tUNjbWjFva9bdbmzW74WYz732vWi6vmx8upQdaUil0trxGw2ttJjHx4jjmnvn4J2mAazeN2X/U3VublmQcVMlbWBgIqk5rqVquViuVarWyfnfj7r1yeX5kRjlmlfs0EnHmL1q8Ys7u5A28oEJc//9mSQ0V1dK2dmTG/jiqKZCvZs7ynqz+v3nHndjvYP3PqvxF6e3e4ktK6v/V9NnVvPqfk4uRSVYYt8TKmT/bz0KSkdEzPdehHuuBuupqT0/PoG0jc+1MWjmHn025aslTKF+emrKTOaY3x2hD61pXWe9qS3WFMqrLU0OuQu0qVEdu8opyFMiVrY58BTJalaNbMqpoQxtak5Grknbla1stbaomW/+Oomhfj5L9vjYhR2VBlZyApcGg6oSW8ur/Tz9KX6e9+l+m/n9dpa+DpfThs0kxwFdA1Lv+n9G1l5MNAAAAAAB4Gazkt+9W8t79FUmR6l7DLeevsHie2QEAAAAAgLNgKVrSZVnx9b+kK7KmXP8DAAAAAIBXjpXcY2dJWkk+1G8d3wl1ml8CzJ1DigAAAAAA4AUld/5fXZSiZNCKa7Jmuv4HAAAAAACvgN8OjLE/n42xG2Vv6xckhe0l66//XFKwYB21d75jHdjxEvtgrpCEjHwCoFO/ZIV/SAfqTcbrXZSUPHPcy1avt94gmP1xBz/fnzbWvxWcSGBxbrCBEwlc6K1txT2vz/ee6WNdf3so9uFhQcmStJeVutdwS47fuF+RbV8odNydzi+ePPqlFPS3c/9Rd6/03gfdh0kuR/Gso4M4j4+ydP6y2Nt1w7kkD/1c/hulpCtjt3hZ9azL37WaK1bSbznb/jnZB4XjY5S7/cN96te6kR6zGytp7Mphf8T9ePuL8fZXSskhG9r6YME6zqJycsvHHYicLIpJFjfTmJurN9OHLL+4nYJV/O6cVC2NHoOhLKqDWUzfF9a/RvbFpCx6+2ItzuLTuKGcLNZmy2LkiADAl2U/GfUnufMvGcR8pO5m5SE7qX2hujO9ur8zXN0//GNcGdP/Xsz33puY2EtR8Rl91Urq0KKSE+v8pZEzerY19oWics7o5ReobnFffz7+DqRe2iNZ/CeKovuVpN/fn6iqn8QrfJLbb9hId/udDw9+lgyAH3t/7/29J9Xq2nr5rXL5blULyWb0HuZE7QEAjJj+HTtTI6y3dD2NuP7wH2+mU0MV75v9jxSU9J4+UFcPtZB9hcC18a2uDHwM4XZ61aqBq1bzxuv3l6WTsRXdzr2qS2rpQGy1H7ugbJXhSn0cu/aSjwIAAOfrxpQ6PL7+F4fq/22tphGrl8Zedw/X8t7Vcf+SPi+2Mj35d856bwAA8PXgBp9bK53fWEHgtd+tbGxU7M6WawLf+ZEJvNqma7xWxw2cLbu16Zp24Hd8x2+YdqAlr+aGJtxut/2gY+p+YNp+6O0k3/xuel/9HrpNu9XxnLDdcO3QNY7f6thOx9S80DHt7R80vHDLDZKVw7breHXPsTue3zKhvx04bsmY0HUHAr2a2+p4dS+ebJl24DXtYNf82G9sN11Tc0Mn8NodP20w68tr1f2gmTRbUjTzFx0CAPD/6Nnzw8cPut29pycnluNL83TOkXJiRicWxzTIGEEAAHzFHJfrGVYq9qc+jV5KVgAAAAAAAAAAAAAAAAAAAAAAYND0W/pmnFgYd7Og1J/z8wu9OfqVjm8xHGnH0lknNstEYda1slsiDh9/NiF4uT8n2/2DMUfntoF//4b0WjJH6Zz5ccHF/Has6X0tTzi4p5yYi3fQaYO/v5/u0dyYeOHYRUv9YzF/9v8c4oknf8pZFEVRNHn1peF9uDhpA4cn5iU9XXyBQ3D+5yIA5+t/AQAA//+xxzz3")
syz_open_procfs(0x0, &(0x7f00000001c0)='environ\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
acct(&(0x7f0000000100)='./file1\x00')

1.031214879s ago: executing program 0 (id=8829):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
r4 = accept4(r2, 0x0, 0x0, 0x0)
sendto(r4, &(0x7f0000000000)="00c8", 0x2, 0x0, 0x0, 0x0)
recvfrom(r3, &(0x7f00000001c0)=""/62, 0x3e, 0x10120, 0x0, 0x0)

1.004317182s ago: executing program 4 (id=8830):
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x0, 0x10002, 0x0)
socket$kcm(0x2c, 0x3, 0x0)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x4001, 0x3, 0x228, 0xf8, 0x720d, 0x148, 0xf8, 0x148, 0x1d0, 0x240, 0x240, 0x1d0, 0x240, 0x7fffffe, 0x0, {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0x0, 'veth1_macvtap\x00', 'veth0_to_batadv\x00', {}, {0xff}, 0x1d, 0x3, 0x49}, 0x0, 0x98, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x5}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x5, 0x0, 0x5, 0x1, 0x3], 0x2}, {0xffffffffffffffff, [0x4, 0x0, 0x7, 0x2, 0x2]}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x288)
syz_emit_ethernet(0x76, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000002480)=[{0x0}], 0x1}, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01')
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000013c0)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0}, &(0x7f0000000140)=0x40)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r7}, 0x18)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
fsetxattr$system_posix_acl(r8, &(0x7f00000000c0)='system.posix_acl_default\x00', 0x0, 0x0, 0x1)

890.637963ms ago: executing program 1 (id=8831):
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1813000007000000eab4040000000000001000000000", @ANYRES32, @ANYBLOB="82740000000000000000", @ANYRES32, @ANYRES32], 0x50)
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
pipe2(&(0x7f0000001cc0)={<r4=>0xffffffffffffffff}, 0x800)
write$selinux_create(r4, &(0x7f0000000100)=@access={'system_u:object_r:udev_tbl_t:s0', 0x20, 'unconfined', 0x20, 0x9}, 0x40)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, &(0x7f0000000280)}, 0x20)
r5 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x40)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r5, 0x58, &(0x7f00000002c0)}, 0x10)

763.043345ms ago: executing program 1 (id=8832):
syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000200)='rxrpc_call\x00', r1, 0x0, 0x3fc}, 0x18)
r2 = socket$kcm(0x21, 0x2, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x584, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000100100000100000014e200000000000010"], 0x28}, 0x0)

762.890665ms ago: executing program 3 (id=8775):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0)

762.605336ms ago: executing program 3 (id=8833):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0500000004000000080000000b"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', r2, 0x0, 0x7fffffffffffffff}, 0x18)
r3 = socket$kcm(0x10, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r4=>0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000c40)=ANY=[@ANYBLOB="993b972bf7e4b64b3e102589970b43b82e2e15d1fcf90548751106d02393741f13ebef9c8fcdce6b8653bab9c3cebbd444d50177c886cd421d72b64c63c3e1af4ac299b450a5954b5538f88897e1b008024954a7865926eb620a3f7318a314fc7912d5cb5486d920ccb8e5592b80ae916eb16aff373c097df7037f54d6b1760b6dee1a725129bb2e89cc804b3d864e11a0ab2a6169431b5234cf52dfcfb487d04e734a7470eddda688fddb84d2b0ab99c1731da488b2a1a3e2243cdf683ad4c0aba9f146d53560fa708ab11f2df7e8f0226b6527efe780a399b0686175", @ANYRES16=r6, @ANYBLOB="00022abd7000fedbdf250600000006001a004e2400000c001000000000000000000014001f00fe8000000000000000000000000000bb08000b000200000006001b004e2400000c000f000600000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x8064}, 0x4000000)
r7 = socket$netlink(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r8, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)={0x114, r8, 0x8, 0x70bd26, 0x25dfdbff, {}, [@handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xa1, 0xa8, @random="c6e23c65e696ebe27508605d8ed7e6faf112121b5d1b11dbaa544c4b63e0ada669539e51e5ee0bb8955ea5668e8f06090ec0dab5d81264cff6220139c7490fc179a31c313998cd7c6918a48ea25f41d180d345605db6e6e53959bf01c04d69cee09ed694ab80e52caa8cd1904d1b1b99056918749c085ebd3e72b692db4413d14c9cb979ea84ca64fb6e9501993a1249a07cc443d297e1e3f645d26e05"}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x114}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008014)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000c00)={0x1ff}, 0x8)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r10, 0x0, 0x3}, 0x18)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000100)={0x5, 0x8d, 0x3d, 0x8001, 0x1, "71feaf337e88b3e57800"})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000600)=@bpf_tracing={0x1a, 0x5, &(0x7f0000000180)=@raw=[@map_idx_val={0x18, 0x9, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3}, @generic={0x7, 0xa, 0x3, 0x5, 0xdc1e}, @map_fd={0x18, 0xa, 0x1, 0x0, r1}], &(0x7f0000000340)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x8, '\x00', r4, 0x17, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x5, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x5fc1, r2, 0x2, &(0x7f0000000440)=[r1, 0xffffffffffffffff, r0, r1, r1], &(0x7f00000004c0)=[{0x2, 0x4, 0x10, 0x7}, {0x4, 0x4, 0x10, 0x1}], 0x10, 0x3}, 0x94)
sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="d800000018007b7be00212ba0d1605040a003f00000f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b3162700e06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5005ccca262f3d40fad95667e04adcdf63cc1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e0700000004000000", 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0)

760.781146ms ago: executing program 1 (id=8834):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00'}, 0x10) (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
r2 = dup2(r0, r1) (async)
r3 = socket$inet6(0xa, 0x2, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000)=0x10, 0x4) (async)
r4 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) (async)
r5 = openat$cgroup_ro(r2, &(0x7f00000003c0)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000005c0)={r5, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) (async)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000080)}, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2, 0xa, 0x0, 0xfffffffe, 0x0, 0x2}, 0xffffffffffffffff, 0x0, r5, 0x0) (async)
syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x208a022, 0x0, 0x1, 0x0, &(0x7f0000000000))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0006}]}) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000180)='sys_enter\x00', r7, 0x0, 0x6}, 0x18)
r8 = syz_clone(0x80, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r8, 0x0, 0x80000000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x2000016c, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000380)='syzkaller\x00', 0x3e1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0xffffff48) (async)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
chroot(&(0x7f0000000000)='./file0/../file0\x00')
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='./file0\x00') (async)
r9 = openat$cgroup_ro(r1, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
r10 = syz_open_dev$vcsn(&(0x7f0000000300), 0x3, 0x40000)
linkat(r2, &(0x7f0000000280)='./file0\x00', r10, &(0x7f0000000340)='./file0/../file0\x00', 0x1000) (async)
write$P9_RGETLOCK(r2, &(0x7f0000000500)=ANY=[@ANYBLOB='df'], 0x2c) (async)
mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x2800004, 0x110, r9, 0x4522e000)

739.331847ms ago: executing program 2 (id=8835):
r0 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000000)=0x4)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r2 = openat$cgroup_devices(r1, &(0x7f00000000c0)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r2, &(0x7f0000000600)=ANY=[@ANYBLOB='c *:4\t\n~'], 0xa)
ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0})
read(0xffffffffffffffff, 0x0, 0xff40)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCMIWAIT(r3, 0x545c, 0x0) (fail_nth: 1)

479.084813ms ago: executing program 1 (id=8836):
r0 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'rose0\x00', 0x7116f40f8d8a71ce})
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000080)={'syzkaller0\x00', 0x400})
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000000)=0x4)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r3 = openat$cgroup_devices(r2, &(0x7f00000000c0)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r3, &(0x7f0000000600)=ANY=[@ANYBLOB='c *:4\t\n~'], 0xa)
ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0})
read(0xffffffffffffffff, 0x0, 0xff40)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCMIWAIT(r4, 0x545c, 0x0)

435.046277ms ago: executing program 2 (id=8837):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80080a, &(0x7f0000001c80)={[{@barrier_val}, {@resuid}, {@mblk_io_submit}, {@usrjquota}]}, 0x1, 0x7b8, &(0x7f0000000980)="$eJzs3c1rXFUbAPDnTj6b9m3zwgtv66bBhRZKJ22NrYJgxIUIFgq6tg2TaYiZZEpmUpqQhUUEQQQtLgTduPaj7tyKrv0b3IhIS9W0WHEhI3c+kkkmH5M2H23z+8FNzpl775zz3DNz7rlzDzMB7FkD6Z9MxJGI+DCJOFR/PImIrmqqM2K4tt29hflcuiRRqbz+e1Ld5u7CfC6a9kntr2cOR8T370Ycz7SWW5qdmxgpFLoa+cHy5OXB0uzcifHJkbH8WH7qzKmhodNnnz17Zuti/fPHuQO3Pnrl6a+H/37n/zc++CGJ4ThQX9ccx1YZiIH6MelKD+EyL291Ybss2WB95w7Vg81J35od9fY5EoeiQ0sBwGMvPf9XAIA9JnH+B4A9pvE5wN2F+Vxjaf58YN+ufCqxc26/FBG9tfgb9zdrazrr9+x6q/dB++4m0RmLtys3vN/VroGI+OzbN79Ml9im+5AAq3n7WkRc7B9o7f+TljkLm3WyjW0GVuT1f7BzvkvHP8+tNv7LLI5/YnH8k3YLtfkhPau8d+/HQER3c771/Z+5ueqOL25B4fXx3wu1uW1poE3jv8VJa/0d9dx/0szRiBgv5NO+7WBEHIuunkvjhfypdco4duefO2utax7//XH9rS/S8tP/S1tkbnb2LN9ndKQ88iAxN7t9LeKJzqW5ffda+v/e6lh3sf2jsTbifPMT3VrxxEeXkq8+/96na5Wfxp/G21ha499elc8jnorV429I1p2fOJg2/8na39XL+ObnT/rWKr+5/dMlLb9xLbCG7vuPtlXa/n3rx9+fLM3XzE+XtrL0duJf/fXfnbxRTTcOxtWRcnn6VER38lrr46eX9m3kG9un8dciXRl/Zt3Xf3oleLHNGDtv/fZVxJMH7y/+RVt1yblMGv/optp/84kb9yY61iq/vfYfqqaO1R9pp/9rt4IPcuwAAAAAAAAAAAAAAAAAAAAAAAAAoF2ZiDgQSSa7mM5kstnab3j/L/oyhWKpfPxScWZqNKq/ld0fXZnGV10equWTxvef9jflT6/IPxMR/42Ij3v2VfPZXLEwutvBAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDd/jV+/z/1a89u1w4A2Da9G25xJ78sW6lUKttYHwBg+218/gcAHjfrnP/37WQ9AICd4/ofAPYe538A2Huc/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhm58+dS5fKXwvzuTQ/emV2ZqJ45cRovjSRnZzJZXPF6cvZsWJxrJDP5oqTGz1foVi8PBRTM1cHy/lSebA0O3dhsjgzVb4wPjkylr+Q79qRqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgc0qzcxMjhUJ++rFIvB8RD0E1tiORxENRjV1J/HLip8PrbXN9g5fx8EMRxSOW2O2eCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODR8G8AAAD//21CJgc=")
rmdir(0x0)

240.188886ms ago: executing program 2 (id=8838):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r3}, 0x18)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd, 0x400000, 0x0, 0xffffffffffffff1b, 0x7a}, 0x0, &(0x7f0000000280)={0x3fc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r0, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x16}, 0x3}, {{0x0, 0x0, 0x0}, 0xa1}], 0x40000000000020a, 0x0, 0x0)

213.489759ms ago: executing program 0 (id=8839):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f0000001580)=ANY=[@ANYBLOB='map=off,session=0x0000000000000017\x00sbsector=0x0000000100000001,sbsector=0x0000000000000005,session=0x0000000000000062,nojolietAiocharset=cp865,iocharset=cp737,session=0x0000000000000058,showassoc,mode=0xffffffaffffffffe,norock,\x00'], 0xfa, 0x69f, &(0x7f0000000840)="$eJzs3c9v2+Ydx/EP5V+yOwTFNhRBkB9PkhVwsEyR5MaBkQEtR1E2N0kUSHmwgQFF1thFEDndkg5YfOl82Q+gA3berZcddts/MKDn/he7bUCx3QZsBw4kRVmyRMlqHLdZ3y8jEUV++Txfkgq/oSU+EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkOXUyuWKpYbX2t4x+Zxa4DcnLE9bW9CtdOLW1H4lK/6jYlEX01kXv328+I34rxu6nD67rGL8UNTha2+8fv9b84Vs/QkJfRGatcFnzw8fP+h2956eInZOMzf/ZVLhFEGbbssLfa9pb7rGC32zsb5evrNVD03da7jhbthxm8YJ3ELHD8yqc8tUNjbWjFva9bdbmzW74WYz732vWi6vmx8upQdaUil0trxGw2ttJjHx4jjmnvn4J2mAazeN2X/U3VublmQcVMlbWBgIqk5rqVquViuVarWyfnfj7r1yeX5kRjlmlfs0EnHmL1q8Ys7u5A28oEJc//9mSQ0V1dK2dmTG/jiqKZCvZs7ynqz+v3nHndjvYP3PqvxF6e3e4ktK6v/V9NnVvPqfk4uRSVYYt8TKmT/bz0KSkdEzPdehHuuBuupqT0/PoG0jc+1MWjmHn025aslTKF+emrKTOaY3x2hD61pXWe9qS3WFMqrLU0OuQu0qVEdu8opyFMiVrY58BTJalaNbMqpoQxtak5Grknbla1stbaomW/+Oomhfj5L9vjYhR2VBlZyApcGg6oSW8ur/Tz9KX6e9+l+m/n9dpa+DpfThs0kxwFdA1Lv+n9G1l5MNAAAAAAB4Gazkt+9W8t79FUmR6l7DLeevsHie2QEAAAAAgLNgKVrSZVnx9b+kK7KmXP8DAAAAAIBXjpXcY2dJWkk+1G8d3wl1ml8CzJ1DigAAAAAA4AUld/5fXZSiZNCKa7Jmuv4HAAAAAACvgN8OjLE/n42xG2Vv6xckhe0l66//XFKwYB21d75jHdjxEvtgrpCEjHwCoFO/ZIV/SAfqTcbrXZSUPHPcy1avt94gmP1xBz/fnzbWvxWcSGBxbrCBEwlc6K1txT2vz/ee6WNdf3so9uFhQcmStJeVutdwS47fuF+RbV8odNydzi+ePPqlFPS3c/9Rd6/03gfdh0kuR/Gso4M4j4+ydP6y2Nt1w7kkD/1c/hulpCtjt3hZ9azL37WaK1bSbznb/jnZB4XjY5S7/cN96te6kR6zGytp7Mphf8T9ePuL8fZXSskhG9r6YME6zqJycsvHHYicLIpJFjfTmJurN9OHLL+4nYJV/O6cVC2NHoOhLKqDWUzfF9a/RvbFpCx6+2ItzuLTuKGcLNZmy2LkiADAl2U/GfUnufMvGcR8pO5m5SE7qX2hujO9ur8zXN0//GNcGdP/Xsz33puY2EtR8Rl91Urq0KKSE+v8pZEzerY19oWics7o5ReobnFffz7+DqRe2iNZ/CeKovuVpN/fn6iqn8QrfJLbb9hId/udDw9+lgyAH3t/7/29J9Xq2nr5rXL5blULyWb0HuZE7QEAjJj+HTtTI6y3dD2NuP7wH2+mU0MV75v9jxSU9J4+UFcPtZB9hcC18a2uDHwM4XZ61aqBq1bzxuv3l6WTsRXdzr2qS2rpQGy1H7ugbJXhSn0cu/aSjwIAAOfrxpQ6PL7+F4fq/22tphGrl8Zedw/X8t7Vcf+SPi+2Mj35d856bwAA8PXgBp9bK53fWEHgtd+tbGxU7M6WawLf+ZEJvNqma7xWxw2cLbu16Zp24Hd8x2+YdqAlr+aGJtxut/2gY+p+YNp+6O0k3/xuel/9HrpNu9XxnLDdcO3QNY7f6thOx9S80DHt7R80vHDLDZKVw7breHXPsTue3zKhvx04bsmY0HUHAr2a2+p4dS+ebJl24DXtYNf82G9sN11Tc0Mn8NodP20w68tr1f2gmTRbUjTzFx0CAPD/6Nnzw8cPut29pycnluNL83TOkXJiRicWxzTIGEEAAHzFHJfrGVYq9qc+jV5KVgAAAAAAAAAAAAAAAAAAAAAAYND0W/pmnFgYd7Og1J/z8wu9OfqVjm8xHGnH0lknNstEYda1slsiDh9/NiF4uT8n2/2DMUfntoF//4b0WjJH6Zz5ccHF/Has6X0tTzi4p5yYi3fQaYO/v5/u0dyYeOHYRUv9YzF/9v8c4oknf8pZFEVRNHn1peF9uDhpA4cn5iU9XXyBQ3D+5yIA5+t/AQAA//+xxzz3")
syz_open_procfs(0x0, &(0x7f00000001c0)='environ\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
acct(&(0x7f0000000100)='./file1\x00')

141.447176ms ago: executing program 4 (id=8840):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}, {&(0x7f0000000580)="5a0b5196720d167ae97859803b2d3c8ca38326bf010b369f844dab5a1bbd67c32bdc9ac31f99afcdc8da28eb6a32f75f5b601ac640620175b0caf130adccf01d42908c52f96b2d10cb5d884838538dca5493e41f9cfa631b5ede63e3c33bead7e532c54f9500b7ed50dd0bebc9c0ca987772c7cce896a70ae5969614447293", 0x7f}, {&(0x7f0000000340)="6b13808f4ef48077f1bc6753101b92926c47f336d3e822dec812487ce83ebddb31add1e241cc81e1614fe277dc09d2f16932", 0x32}, {&(0x7f00000006c0)="0bf4318f5f25beb697df6e15fc6d798d5a7d4a1cb0bf3f9263c4b6bc37a0f708523733f2a00a11ab2cf66bddc9b03480d66661da9585a6c9cbf57f3a88093fdcb43cd18f2a779b49935287e5cc3502946d", 0x51}], 0x4}, 0x40)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x4008084)
getpeername(r1, &(0x7f0000000140)=@xdp, &(0x7f0000000000)=0x80)
bind$l2tp6(r0, &(0x7f0000000040)={0xa, 0x0, 0xfffffffe, @empty}, 0x20)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8949, &(0x7f0000000cc0)='lo:\x96o8\x14d\xa1\xba\xda\xd1\xa0J\x12tQ\xb16\xe3\xd7\\b\x8b\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\xe0\xff\xff\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xeb\xe1\xde\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xfc\xfa 6(%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc5<J\x1f\xba\xfc\x90(\x985\x93\xa8\xd4\xf0\xbdTy\x18\xc8\xa0\xbb\x99\x8c\xe0Q\xffCl\xbdX~3\xa1\xa2\xf4\xd9\xf7\xc7\xfb\xce\x959x\xfeW\r\xf0{\xcaT\xecp)=\x9d\xdfG8\xa1\xe3=\xa6\x00\x98\xc1\xb3\x91-\xab\'W\x8al?d<JN\xcb\xd4H\xb0_jO\xf3\x90\xe8/l\xdfg)\x8d#\xfdo\xa9L\xdeA*\xec\xa1\x14,\xe8\x8d^\xb9r=\xc0\x18\xd4\x11dU[Ry\xed\xd6\x97\x8a\xe8\xca\x99\x10\x8e\xc8P\xa3\xae/\xdaof\x06\x7f\xf7\x80$f\b\x92\xae\xeb\xdd\"\x89\xb8\xf0\xc3\b\x00\x00\x00\x00\a\xf6\xfc\x1d\xd4\x893\xeb)\xc1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00O!\xd2q\xda}\xe2\xa2\xfe\xfd)\\\xdf\x9aN\\\xaeyc\xe4g\xc0\x8a\n\v{\xa9H\\\xd1\x9d')
connect$l2tp6(r0, &(0x7f0000000080)={0xa, 0x0, 0x5, @ipv4={'\x00', '\xff\xff', @empty}, 0xd188, 0x3}, 0x20)

140.993686ms ago: executing program 0 (id=8841):
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1813000007000000eab4040000000000001000000000", @ANYRES32, @ANYBLOB="82740000000000000000", @ANYRES32, @ANYRES32], 0x50)
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
pipe2(&(0x7f0000001cc0)={<r4=>0xffffffffffffffff}, 0x800)
write$selinux_create(r4, &(0x7f0000000100)=@access={'system_u:object_r:udev_tbl_t:s0', 0x20, 'unconfined', 0x20, 0x9}, 0x40)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, 0x0, &(0x7f0000000280)}, 0x20)
r5 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x40)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r5, 0x58, &(0x7f00000002c0)}, 0x10)

321.92µs ago: executing program 0 (id=8842):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x40f00}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
recvmmsg(r0, &(0x7f0000000600)=[{{0x0, 0x9494, 0x0, 0x0, 0x0, 0x0, 0x94}, 0x40}], 0x1, 0x2, 0x0)

0s ago: executing program 4 (id=8843):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$UHID_CREATE2(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="0b00000073790101000000000000000000000000000af7f4f0c55de8ca0000000000000000000000000000000000000000f3c800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000020000000000000030000000000000000000000004119202532aeecfcdbb73887feb3f14db126c935954a335f6469a793"], 0x138)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$UHID_DESTROY(r2, &(0x7f0000000340), 0x4)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x152, 0x152, 0x6, [@const={0x10, 0x0, 0x0, 0xa, 0x3}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x2, 0x5}}, @ptr={0xf, 0x0, 0x0, 0x2, 0x2}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x2, [{0xa, 0x2, 0x7}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x1, 0x80000001}}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x3, 0x5}}, @enum64={0x1, 0x4, 0x0, 0x13, 0x1, 0xcaa125a9033737b3, [{0x7, 0x8, 0x9}, {0x9, 0xa5b, 0x9ac}, {0x10, 0x1, 0x8}, {0xc, 0x7, 0xcd3}]}, @union={0x7, 0x9, 0x0, 0x5, 0x1, 0x1, [{0x4, 0x0, 0x9f}, {0x6, 0x3, 0x400}, {0xe, 0x3, 0x6}, {0xe, 0x5, 0xa}, {0xd, 0x3, 0x209e}, {0x9, 0x5, 0x9}, {0x6, 0x1, 0x6}, {0x3, 0x4}, {0xa, 0x3, 0x4}]}, @datasec={0x3, 0x2, 0x0, 0xf, 0x2, [{0x3, 0xffff0000, 0x5}, {0x1, 0x7, 0xe05}], '/W'}]}, {0x0, [0x61, 0x30, 0x30, 0x61]}}, &(0x7f0000000000)=""/23, 0x172, 0x17, 0x2, 0x3, 0x10000}, 0x28)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b0000000100faaa000000000000511da45bac2ff44fb7dc64e720649a03eb053d3cec0fd0baae16700e6b37ff974b83b362a47ce98e3a8fa2c91698d26dc406d778ed99979f17e1a86eee608f7fd88a554444500260f8575e695777f8bfa6fc75550840bda2653022132d8fffd30ba875cfa89a546f663e8c2a31560f0732a961170aa60ae9a6dcf7b4e4a9b8aa37ffa5c9a4d83c59fbf1cf5eab068837580e5adf4e35aa9556c43b280efe2d650bf8c161c5800ac232c74f5f3d8824a1ed82a16615dbfc77ecb4392deda5769ff1e5996da8a7b5dcce2e091471a3cfc45e46cbcdd4fcf3e59904c18ac4bd0479770c148d8d174be7476d12a6b8904674acb1958d9579cd72cd8a2a1c223c7d3ecd34570178ef3f", @ANYRES32=r0, @ANYBLOB="0300"/20, @ANYRES32=r5, @ANYRES32=r7, @ANYBLOB="010000000100"/28], 0x50)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setresuid(0x0, 0xee01, 0x0)
bind$inet(r8, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10)
setsockopt$sock_int(r8, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r9, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
setsockopt$sock_int(r9, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
listen(r8, 0xb5d6)
bind$inet6(r9, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c)
r10 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r10, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r10, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)

kernel console output (not intermixed with test programs):

0000000000
[  444.437734][T25372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  444.437775][T25372] R13: 00007f2dd92e6038 R14: 00007f2dd92e5fa0 R15: 00007fff38bedc68
[  444.437901][T25372]  </TASK>
[  444.483054][T25370] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8213'.
[  444.658093][T25366] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  444.666176][T25366] EXT4-fs (loop0): orphan cleanup on readonly fs
[  444.673446][T25366] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.8211: Failed to acquire dquot type 1
[  444.686785][T25366] EXT4-fs (loop0): Remounting filesystem read-only
[  444.693417][T25366] EXT4-fs (loop0): 1 truncate cleaned up
[  444.699889][T25366] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  444.713663][T25366] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  444.775920][T25384] loop1: detected capacity change from 0 to 164
[  444.784056][T25384] iso9660: Corrupted directory entry in block 2 of inode 1792
[  444.868822][T25392] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8222'.
[  444.970053][T25393] wg1 speed is unknown, defaulting to 1000
[  444.976602][T25393] lo speed is unknown, defaulting to 1000
[  444.983193][T25393] lo speed is unknown, defaulting to 1000
[  445.104269][T25392] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  445.240134][T25403] loop1: detected capacity change from 0 to 2048
[  445.256007][T25403] EXT4-fs: Ignoring removed mblk_io_submit option
[  445.283140][T25403] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  445.325053][T25403] EXT4-fs error (device loop1): ext4_find_extent:939: inode #2: comm syz.1.8226: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  445.470459][T19993] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  445.491912][T25411] loop2: detected capacity change from 0 to 512
[  445.506909][T25411] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  445.527808][T25411] EXT4-fs (loop2): 1 truncate cleaned up
[  445.534075][T25411] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  445.550812][T25411] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  445.578792][T25415] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8229'.
[  445.588210][T25415] FAULT_INJECTION: forcing a failure.
[  445.588210][T25415] name failslab, interval 1, probability 0, space 0, times 0
[  445.600905][T25415] CPU: 0 UID: 0 PID: 25415 Comm: syz.0.8229 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  445.600948][T25415] Tainted: [W]=WARN
[  445.601017][T25415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  445.601030][T25415] Call Trace:
[  445.601036][T25415]  <TASK>
[  445.601043][T25415]  __dump_stack+0x1d/0x30
[  445.601072][T25415]  dump_stack_lvl+0x95/0xd0
[  445.601172][T25415]  dump_stack+0x15/0x1b
[  445.601200][T25415]  should_fail_ex+0x265/0x280
[  445.601231][T25415]  should_failslab+0x8c/0xb0
[  445.601316][T25415]  __kmalloc_node_track_caller_noprof+0xb9/0x5b0
[  445.601350][T25415]  ? nf_tables_dump_set_start+0x30/0x60
[  445.601390][T25415]  kmemdup_noprof+0x2b/0x70
[  445.601501][T25415]  nf_tables_dump_set_start+0x30/0x60
[  445.601557][T25415]  __netlink_dump_start+0x334/0x520
[  445.601599][T25415]  nf_tables_getsetelem_reset+0x1e8/0x4a0
[  445.601628][T25415]  ? __pfx_nf_tables_dump_set_start+0x10/0x10
[  445.601664][T25415]  ? __pfx_nf_tables_dumpreset_set+0x10/0x10
[  445.601711][T25415]  ? __pfx_nf_tables_dump_set_done+0x10/0x10
[  445.601744][T25415]  ? __pfx_nf_tables_getsetelem_reset+0x10/0x10
[  445.601766][T25415]  nfnetlink_rcv_msg+0x3c3/0x590
[  445.601798][T25415]  ? __rcu_read_unlock+0x4f/0x70
[  445.601839][T25415]  netlink_rcv_skb+0x123/0x220
[  445.601904][T25415]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  445.601943][T25415]  nfnetlink_rcv+0x167/0x16c0
[  445.602008][T25415]  ? kmem_cache_free+0xe3/0x3a0
[  445.602062][T25415]  ? __kfree_skb+0x109/0x150
[  445.602086][T25415]  ? nlmon_xmit+0x4f/0x60
[  445.602105][T25415]  ? consume_skb+0x49/0x150
[  445.602208][T25415]  ? nlmon_xmit+0x4f/0x60
[  445.602228][T25415]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  445.602326][T25415]  ? __dev_queue_xmit+0x13a6/0x1ee0
[  445.602362][T25415]  ? __dev_queue_xmit+0x148/0x1ee0
[  445.602391][T25415]  ? ref_tracker_free+0x37d/0x3e0
[  445.602430][T25415]  ? __netlink_deliver_tap+0x4dc/0x500
[  445.602476][T25415]  netlink_unicast+0x5c0/0x690
[  445.602516][T25415]  netlink_sendmsg+0x58b/0x6b0
[  445.602607][T25415]  ? __pfx_netlink_sendmsg+0x10/0x10
[  445.602648][T25415]  __sock_sendmsg+0x145/0x180
[  445.602712][T25415]  ____sys_sendmsg+0x31e/0x4a0
[  445.602807][T25415]  ___sys_sendmsg+0x17b/0x1d0
[  445.602897][T25415]  __x64_sys_sendmsg+0xd4/0x160
[  445.602941][T25415]  x64_sys_call+0x17ba/0x3000
[  445.602969][T25415]  do_syscall_64+0xca/0x2b0
[  445.603080][T25415]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  445.603104][T25415] RIP: 0033:0x7f111ce6f749
[  445.603120][T25415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  445.603138][T25415] RSP: 002b:00007f111b8d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  445.603196][T25415] RAX: ffffffffffffffda RBX: 00007f111d0c5fa0 RCX: 00007f111ce6f749
[  445.603213][T25415] RDX: 0000000000008000 RSI: 0000200000000100 RDI: 0000000000000004
[  445.603230][T25415] RBP: 00007f111b8d7090 R08: 0000000000000000 R09: 0000000000000000
[  445.603250][T25415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  445.603262][T25415] R13: 00007f111d0c6038 R14: 00007f111d0c5fa0 R15: 00007fffdbb65948
[  445.603327][T25415]  </TASK>
[  445.923419][T18738] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  445.974620][T25417] loop1: detected capacity change from 0 to 2048
[  445.990827][T25417] EXT4-fs: Ignoring removed mblk_io_submit option
[  446.017140][T25417] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  446.030811][T25417] EXT4-fs error (device loop1): ext4_find_extent:939: inode #2: comm syz.1.8228: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  446.138696][T19993] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  446.181499][T25451] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8239'.
[  446.264477][T25456] IPv6: sit1: Disabled Multicast RS
[  446.325588][T25459] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8242'.
[  446.428006][T25470] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8245'.
[  446.481509][T25478] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8250'.
[  446.494246][T25478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8250'.
[  446.799539][T25491] No such timeout policy "syz1"
[  446.820469][T25491] bond0 (unregistering): Released all slaves
[  446.867672][T25494] loop4: detected capacity change from 0 to 512
[  446.875671][T25494] journal_path: Lookup failure for './file1'
[  446.881886][T25494] EXT4-fs: error: could not find journal device path
[  447.094900][T25518] SELinux:  Context system_u:object_r:adjtime_t:s0 is not valid (left unmapped).
[  447.115421][T25520] loop2: detected capacity change from 0 to 128
[  447.127941][T25520] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  447.146118][T25520] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  447.250081][ T7044] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  447.483511][T25566] wg1 speed is unknown, defaulting to 1000
[  447.489924][T25566] lo speed is unknown, defaulting to 1000
[  447.496263][T25566] lo speed is unknown, defaulting to 1000
[  447.552465][T25570] wg1 speed is unknown, defaulting to 1000
[  447.558872][T25570] lo speed is unknown, defaulting to 1000
[  447.565141][T25570] lo speed is unknown, defaulting to 1000
[  447.853074][T25592] loop2: detected capacity change from 0 to 164
[  447.862561][T25592] iso9660: Corrupted directory entry in block 2 of inode 1792
[  448.119270][T25605] loop2: detected capacity change from 0 to 2048
[  448.126032][T25605] EXT4-fs: Ignoring removed mblk_io_submit option
[  448.138710][T25605] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  448.153025][T25605] EXT4-fs error (device loop2): ext4_find_extent:939: inode #2: comm syz.2.8293: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  448.196896][T18738] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  448.394263][T25644] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  448.587382][T25663] loop3: detected capacity change from 0 to 512
[  448.606884][T25663] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  448.619812][T25663] ext4 filesystem being mounted at /513/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  448.619863][   T29] kauditd_printk_skb: 580 callbacks suppressed
[  448.619918][   T29] audit: type=1326 audit(2000001840.342:64315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25468 comm="syz.1.8245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  448.714167][T25672] loop1: detected capacity change from 0 to 128
[  448.723925][   T29] audit: type=1326 audit(2000001840.447:64316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25671 comm="syz.1.8317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  448.792811][   T29] audit: type=1326 audit(2000001840.447:64317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25671 comm="syz.1.8317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  448.803476][T25676] loop4: detected capacity change from 0 to 1024
[  448.818905][   T29] audit: type=1326 audit(2000001840.447:64318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25671 comm="syz.1.8317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  448.847516][   T29] audit: type=1326 audit(2000001840.447:64319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25671 comm="syz.1.8317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  448.861427][T25676] Quota error (device loop4): do_check_range: Getting block 64 out of range 1-5
[  448.873319][   T29] audit: type=1326 audit(2000001840.447:64320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25671 comm="syz.1.8317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  448.880309][T25676] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  448.880334][T25676] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.8318: Failed to acquire dquot type 0
[  448.892643][T25676] EXT4-fs error (device loop4): mb_free_blocks:2037: group 0, 
[  448.905927][   T29] audit: type=1326 audit(2000001840.447:64321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25671 comm="syz.1.8317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  448.913542][T25676] inode 13: block 144:
[  448.924881][   T29] audit: type=1326 audit(2000001840.447:64322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25671 comm="syz.1.8317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  448.932449][T25676] freeing already freed block (bit 9); block bitmap corrupt.
[  448.932862][T25676] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #13: comm syz.4.8318: corrupted inode contents
[  448.995894][T25676] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #13: comm syz.4.8318: mark_inode_dirty error
[  449.017939][T25676] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #13: comm syz.4.8318: corrupted inode contents
[  449.030642][T25676] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #13: comm syz.4.8318: mark_inode_dirty error
[  449.045945][T25676] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #13: comm syz.4.8318: corrupted inode contents
[  449.062458][T25676] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem
[  449.073435][T25676] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #13: comm syz.4.8318: corrupted inode contents
[  449.085715][T25676] EXT4-fs error (device loop4): ext4_truncate:4635: inode #13: comm syz.4.8318: mark_inode_dirty error
[  449.097194][T25676] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem
[  449.108432][T25676] EXT4-fs (loop4): 1 truncate cleaned up
[  449.117116][T25676] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  449.172635][T17765] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  449.186605][T25693] __nla_validate_parse: 13 callbacks suppressed
[  449.186626][T25693] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8326'.
[  449.234253][T25699] netlink: 830 bytes leftover after parsing attributes in process `syz.4.8327'.
[  449.251221][T25704] netlink: 40 bytes leftover after parsing attributes in process `syz.1.8329'.
[  449.265055][T25699] FAULT_INJECTION: forcing a failure.
[  449.265055][T25699] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  449.279113][T25699] CPU: 0 UID: 0 PID: 25699 Comm: syz.4.8327 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  449.279155][T25699] Tainted: [W]=WARN
[  449.279165][T25699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  449.279182][T25699] Call Trace:
[  449.279240][T25699]  <TASK>
[  449.279250][T25699]  __dump_stack+0x1d/0x30
[  449.279281][T25699]  dump_stack_lvl+0x95/0xd0
[  449.279331][T25699]  dump_stack+0x15/0x1b
[  449.279357][T25699]  should_fail_ex+0x265/0x280
[  449.279388][T25699]  should_fail+0xb/0x20
[  449.279458][T25699]  should_fail_usercopy+0x1a/0x20
[  449.279484][T25699]  _copy_from_user+0x1c/0xb0
[  449.279519][T25699]  get_timespec64+0x4c/0x100
[  449.279549][T25699]  futex2_setup_timeout+0x6e/0x1f0
[  449.279625][T25699]  __se_sys_futex_waitv+0xc6/0x1c0
[  449.279725][T25699]  __x64_sys_futex_waitv+0x67/0x80
[  449.279765][T25699]  x64_sys_call+0x204/0x3000
[  449.279847][T25699]  do_syscall_64+0xca/0x2b0
[  449.279927][T25699]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.279954][T25699] RIP: 0033:0x7f837d02f749
[  449.280018][T25699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  449.280084][T25699] RSP: 002b:00007f837ba97038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c1
[  449.280107][T25699] RAX: ffffffffffffffda RBX: 00007f837d285fa0 RCX: 00007f837d02f749
[  449.280124][T25699] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000001080
[  449.280141][T25699] RBP: 00007f837ba97090 R08: 0000000000000001 R09: 0000000000000000
[  449.280153][T25699] R10: 0000200000001100 R11: 0000000000000246 R12: 0000000000000001
[  449.280165][T25699] R13: 00007f837d286038 R14: 00007f837d285fa0 R15: 00007ffff1defaf8
[  449.280185][T25699]  </TASK>
[  449.505325][T25711] loop2: detected capacity change from 0 to 2048
[  449.515471][T25711] EXT4-fs: Ignoring removed mblk_io_submit option
[  449.555074][T25711] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  449.573358][T25711] EXT4-fs error (device loop2): ext4_find_extent:939: inode #2: comm syz.2.8332: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  449.633648][T19004] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  449.656827][T25718] loop4: detected capacity change from 0 to 164
[  449.671185][T18738] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  449.702702][T25718] iso9660: Corrupted directory entry in block 2 of inode 1792
[  449.750649][T25729] netlink: 830 bytes leftover after parsing attributes in process `syz.2.8338'.
[  449.797694][T25737] netlink: 40 bytes leftover after parsing attributes in process `syz.4.8341'.
[  449.815675][T25739] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8342'.
[  449.832922][T25740] IPv6: sit1: Disabled Multicast RS
[  449.900970][T25745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8343'.
[  449.914826][T25745] bridge: RTM_NEWNEIGH with invalid ether address
[  449.976531][T25757] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8348'.
[  449.985784][T25757] FAULT_INJECTION: forcing a failure.
[  449.985784][T25757] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  449.999944][T25757] CPU: 0 UID: 0 PID: 25757 Comm: syz.2.8348 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  450.000041][T25757] Tainted: [W]=WARN
[  450.000049][T25757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  450.000061][T25757] Call Trace:
[  450.000067][T25757]  <TASK>
[  450.000079][T25757]  __dump_stack+0x1d/0x30
[  450.000109][T25757]  dump_stack_lvl+0x95/0xd0
[  450.000211][T25757]  dump_stack+0x15/0x1b
[  450.000260][T25757]  should_fail_ex+0x265/0x280
[  450.000328][T25757]  should_fail+0xb/0x20
[  450.000401][T25757]  should_fail_usercopy+0x1a/0x20
[  450.000432][T25757]  _copy_from_user+0x1c/0xb0
[  450.000532][T25757]  kstrtouint_from_user+0x69/0xf0
[  450.000568][T25757]  ? 0xffffffff81000000
[  450.000586][T25757]  ? selinux_file_permission+0x1e2/0x320
[  450.000638][T25757]  proc_fail_nth_write+0x50/0x160
[  450.000684][T25757]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  450.000817][T25757]  vfs_write+0x269/0x960
[  450.000839][T25757]  ? vfs_read+0x4e6/0x770
[  450.000878][T25757]  ? __rcu_read_unlock+0x4f/0x70
[  450.000904][T25757]  ? __fget_files+0x184/0x1c0
[  450.000942][T25757]  ? mutex_lock+0x58/0x90
[  450.000982][T25757]  ksys_write+0xda/0x1a0
[  450.001014][T25757]  __x64_sys_write+0x40/0x50
[  450.001062][T25757]  x64_sys_call+0x2847/0x3000
[  450.001115][T25757]  do_syscall_64+0xca/0x2b0
[  450.001165][T25757]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.001264][T25757] RIP: 0033:0x7fb73aa8e1ff
[  450.001295][T25757] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  450.001320][T25757] RSP: 002b:00007fb7394f7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  450.001345][T25757] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb73aa8e1ff
[  450.001367][T25757] RDX: 0000000000000001 RSI: 00007fb7394f70a0 RDI: 0000000000000005
[  450.001452][T25757] RBP: 00007fb7394f7090 R08: 0000000000000000 R09: 0000000000000000
[  450.001473][T25757] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  450.001490][T25757] R13: 00007fb73ace6038 R14: 00007fb73ace5fa0 R15: 00007ffdaeab1398
[  450.001527][T25757]  </TASK>
[  450.234708][T25755] loop3: detected capacity change from 0 to 512
[  450.264899][T25755] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  450.274644][T25755] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  450.303448][T25755] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4215: comm syz.3.8347: Allocating blocks 41-42 which overlap fs metadata
[  450.317725][T25755] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4215: comm syz.3.8347: Allocating blocks 41-42 which overlap fs metadata
[  450.332243][T25755] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.8347: Failed to acquire dquot type 1
[  450.343911][T25755] EXT4-fs error (device loop3): mb_free_blocks:2037: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  450.350228][ T2969] hid-generic 0000:0000:FFFFFFFC.0005: unknown main item tag 0x0
[  450.358775][T25755] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.8347: corrupted inode contents
[  450.376148][T25755] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #12: comm syz.3.8347: mark_inode_dirty error
[  450.379030][ T2969] hid-generic 0000:0000:FFFFFFFC.0005: unknown main item tag 0x1
[  450.399034][ T2969] hid-generic 0000:0000:FFFFFFFC.0005: unknown main item tag 0x0
[  450.406838][ T2969] hid-generic 0000:0000:FFFFFFFC.0005: unknown main item tag 0x0
[  450.415646][ T2969] hid-generic 0000:0000:FFFFFFFC.0005: unknown main item tag 0x0
[  450.423520][ T2969] hid-generic 0000:0000:FFFFFFFC.0005: unknown main item tag 0x2
[  450.431341][ T2969] hid-generic 0000:0000:FFFFFFFC.0005: unknown main item tag 0x0
[  450.439153][ T2969] hid-generic 0000:0000:FFFFFFFC.0005: unknown main item tag 0x0
[  450.448014][ T2969] hid-generic 0000:0000:FFFFFFFC.0005: unknown main item tag 0x0
[  450.455849][ T2969] hid-generic 0000:0000:FFFFFFFC.0005: unknown main item tag 0x0
[  450.463736][ T2969] hid-generic 0000:0000:FFFFFFFC.0005: item fetching failed at offset 20/43
[  450.464060][T25755] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.8347: corrupted inode contents
[  450.499413][T25755] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #12: comm syz.3.8347: mark_inode_dirty error
[  450.511006][T25755] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.8347: corrupted inode contents
[  450.523238][T25755] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem
[  450.537467][ T2969] hid-generic 0000:0000:FFFFFFFC.0005: probe with driver hid-generic failed with error -22
[  450.552659][T25755] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.8347: corrupted inode contents
[  450.594852][T25755] EXT4-fs error (device loop3): ext4_truncate:4635: inode #12: comm syz.3.8347: mark_inode_dirty error
[  450.626994][T25784] tmpfs: Bad value for 'mpol'
[  450.631984][T25755] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem
[  450.641483][T25784] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=25784 comm=syz.2.8357
[  450.661583][T25755] EXT4-fs (loop3): 1 truncate cleaned up
[  450.667744][T25755] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  450.692419][T25768] EXT4-fs: Ignoring removed mblk_io_submit option
[  450.703185][T25755] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  450.717479][T25786] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8358'.
[  450.737983][T25768] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  450.782410][T19004] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  450.792205][T25768] EXT4-fs error (device loop1): ext4_find_extent:939: inode #2: comm syz.1.8353: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  450.973383][T25790] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8358'.
[  450.990858][T19993] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  451.093272][T25801] netlink: 'syz.4.8362': attribute type 1 has an invalid length.
[  451.139272][T25801] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  451.147613][T25801] EXT4-fs (loop4): orphan cleanup on readonly fs
[  451.155826][T25801] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.8362: corrupted inode contents
[  451.169212][T25801] EXT4-fs (loop4): Remounting filesystem read-only
[  451.176168][T25801] EXT4-fs (loop4): 1 truncate cleaned up
[  451.215220][T22582] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  451.225877][T22582] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  451.237056][T22582] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  451.268858][T25801] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  451.543944][T25824] SELinux:  policydb table sizes (0,0) do not match mine (6,7)
[  451.553042][T25824] SELinux: failed to load policy
[  451.571127][T17765] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  451.593645][T25828] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.633656][T25834] set_capacity_and_notify: 2 callbacks suppressed
[  451.633741][T25834] loop4: detected capacity change from 0 to 2048
[  451.648183][T25834] EXT4-fs: Ignoring removed mblk_io_submit option
[  451.658598][T25828] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.686315][T25834] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  451.700786][T25834] EXT4-fs error (device loop4): ext4_find_extent:939: inode #2: comm syz.4.8372: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  451.738230][T25839] IPv6: Can't replace route, no match found
[  451.747907][T17765] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  451.764006][T25828] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.835279][T25828] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.870583][T25832] loop2: detected capacity change from 0 to 2048
[  451.879241][T25832] EXT4-fs: Ignoring removed mblk_io_submit option
[  451.903679][T25832] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  451.949417][ T7042] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  451.964799][ T7042] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  451.982607][T25832] EXT4-fs error (device loop2): ext4_find_extent:939: inode #2: comm syz.2.8371: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  451.999767][ T7042] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  452.015083][ T7042] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  452.032078][T25854] netlink: '+}[@': attribute type 12 has an invalid length.
[  452.039456][T25854] netlink: '+}[@': attribute type 29 has an invalid length.
[  452.047915][T18738] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  452.227114][T25871] netlink: 'syz.1.8383': attribute type 4 has an invalid length.
[  452.253181][T25871] IPVS: Error connecting to the multicast addr
[  452.409035][T25882] netlink: 'gtp': attribute type 1 has an invalid length.
[  453.068277][T25919] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  453.136595][T25919] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  453.202627][T25919] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  453.302933][T25919] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  453.359687][T25938] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  453.373707][T25938] loop2: detected capacity change from 0 to 512
[  453.380845][ T7048] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  453.396134][T25938] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  453.408313][ T7048] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  453.436189][ T7048] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  453.445158][T25938] EXT4-fs (loop2): 1 truncate cleaned up
[  453.452669][ T7048] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  453.462001][T25938] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  453.507942][T18738] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  453.509613][   T29] kauditd_printk_skb: 311 callbacks suppressed
[  453.509654][   T29] audit: type=1326 audit(2000001845.466:64624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25945 comm="syz.0.8408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f111ce6f749 code=0x7ffc0000
[  453.561173][   T29] audit: type=1326 audit(2000001845.518:64625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25945 comm="syz.0.8408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f111ce6f749 code=0x7ffc0000
[  453.585970][   T29] audit: type=1326 audit(2000001845.518:64626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25945 comm="syz.0.8408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f111ce6f749 code=0x7ffc0000
[  453.609589][   T29] audit: type=1326 audit(2000001845.518:64627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25945 comm="syz.0.8408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f111ce6f749 code=0x7ffc0000
[  453.634364][   T29] audit: type=1326 audit(2000001845.518:64628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25945 comm="syz.0.8408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f111ce6f749 code=0x7ffc0000
[  453.658103][   T29] audit: type=1326 audit(2000001845.518:64629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25945 comm="syz.0.8408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f111ce6f749 code=0x7ffc0000
[  453.682777][   T29] audit: type=1326 audit(2000001845.518:64630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25945 comm="syz.0.8408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f111ce6f749 code=0x7ffc0000
[  453.707070][   T29] audit: type=1326 audit(2000001845.518:64631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25945 comm="syz.0.8408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f111ce6f749 code=0x7ffc0000
[  453.732282][   T29] audit: type=1326 audit(2000001845.518:64632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25945 comm="syz.0.8408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f111ce6f749 code=0x7ffc0000
[  453.755981][   T29] audit: type=1326 audit(2000001845.518:64633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25945 comm="syz.0.8408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f111ce6f749 code=0x7ffc0000
[  453.790736][T25953] loop2: detected capacity change from 0 to 512
[  453.798228][T25953] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  453.818807][T25953] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.8409: iget: bad i_size value: 38620345925642
[  453.847274][T25953] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.8409: couldn't read orphan inode 15 (err -117)
[  453.868594][T25953] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  453.903535][T25953] 9p: Bad value for 'rfdno'
[  453.948894][ T7042] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm kworker/u8:13: bg 0: block 5: invalid block bitmap
[  453.966015][ T7042] EXT4-fs (loop2): Delayed block allocation failed for inode 19 at logical offset 3 with max blocks 65 with error 28
[  453.979488][ T7042] EXT4-fs (loop2): This should not happen!! Data will be lost
[  453.979488][ T7042] 
[  453.989222][ T7042] EXT4-fs (loop2): Total free blocks count 0
[  453.995278][ T7042] EXT4-fs (loop2): Free/Dirty block details
[  454.001202][ T7042] EXT4-fs (loop2): free_blocks=0
[  454.007098][ T7042] EXT4-fs (loop2): dirty_blocks=65
[  454.012340][ T7042] EXT4-fs (loop2): Block reservation details
[  454.018410][ T7042] EXT4-fs (loop2): i_reserved_data_blocks=65
[  454.040958][T18738] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  454.230110][T25974] loop2: detected capacity change from 0 to 2048
[  454.271185][T25974]  loop2: p1 p3
[  454.275475][T25974] loop2: p3 start 8388352 is beyond EOD, truncated
[  454.357046][T25986] __nla_validate_parse: 19 callbacks suppressed
[  454.357065][T25986] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8421'.
[  454.465211][T25992] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  454.540052][T25992] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  454.552255][T25979] loop4: detected capacity change from 0 to 2048
[  454.559589][T25979] EXT4-fs: Ignoring removed mblk_io_submit option
[  454.569109][T25997] IPv6: Can't replace route, no match found
[  454.584279][T25979] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  454.621672][T25979] EXT4-fs error (device loop4): ext4_find_extent:939: inode #2: comm syz.4.8420: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  454.641563][T25992] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  454.705449][T25992] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  454.752300][T17765] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  455.104753][ T5879] Bluetooth: hci0: Frame reassembly failed (-84)
[  455.111726][T26021] Bluetooth: hci0: Frame reassembly failed (-90)
[  455.193102][T26028] loop2: detected capacity change from 0 to 512
[  455.228736][T26028] EXT4-fs error (device loop2): ext4_ext_check_inode:523: inode #3: comm syz.2.8434: pblk 24 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0)
[  455.252137][T26028] EXT4-fs error (device loop2): ext4_quota_enable:7180: comm syz.2.8434: Bad quota inode: 3, type: 0
[  455.263362][T26028] EXT4-fs warning (device loop2): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[  455.279497][T26028] EXT4-fs (loop2): mount failed
[  455.325455][T26037] ªªªªªª: renamed from wg2
[  455.330880][T26033] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8435'.
[  455.370485][T26041] loop2: detected capacity change from 0 to 764
[  455.422042][T26049] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  455.428550][T26049] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  455.448460][T26042] wg1 speed is unknown, defaulting to 1000
[  455.455244][T26042] lo speed is unknown, defaulting to 1000
[  455.461496][T26042] lo speed is unknown, defaulting to 1000
[  455.474169][T26049] loop4: detected capacity change from 0 to 1024
[  455.480924][T26049] EXT4-fs: Ignoring removed orlov option
[  455.487953][T26053] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  455.491314][T26043] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=26043 comm=syz.2.8438
[  455.509922][T26049] EXT4-fs error (device loop4): ext4_quota_enable:7177: inode #3: comm syz.4.8441: iget: bad extended attribute block 140733193388032
[  455.527057][T26049] EXT4-fs (loop4): Remounting filesystem read-only
[  455.535182][T26049] EXT4-fs warning (device loop4): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[  455.550749][T26049] EXT4-fs (loop4): mount failed
[  455.604451][T26061] loop4: detected capacity change from 0 to 164
[  455.617720][T26063] netlink: 'syz.0.8446': attribute type 10 has an invalid length.
[  455.654084][T26063] 8021q: adding VLAN 0 to HW filter on device batadv0
[  455.654930][T26061] iso9660: Corrupted directory entry in block 2 of inode 1792
[  455.664136][T26063] batadv0: entered promiscuous mode
[  455.674903][T26063] batadv0: entered allmulticast mode
[  455.681601][T26063] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  455.743107][T26069] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8448'.
[  455.854630][T22582] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  455.878718][T22582] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  455.901739][T22582] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  455.930513][T22582] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  455.948822][T26092] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8457'.
[  455.968020][T26092] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8457'.
[  456.074631][T26107] netlink: 'syz.0.8465': attribute type 7 has an invalid length.
[  456.082584][T26107] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8465'.
[  456.181706][T26123] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8472'.
[  456.192169][T26127] netlink: 'syz.0.8473': attribute type 5 has an invalid length.
[  456.200094][T26127] netlink: 'syz.0.8473': attribute type 3 has an invalid length.
[  456.207912][T26127] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8473'.
[  456.334672][T26152] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8476'.
[  456.350175][T26152] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8476'.
[  456.454233][T26167] FAULT_INJECTION: forcing a failure.
[  456.454233][T26167] name failslab, interval 1, probability 0, space 0, times 0
[  456.467075][T26167] CPU: 0 UID: 0 PID: 26167 Comm: syz.1.8482 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  456.467119][T26167] Tainted: [W]=WARN
[  456.467128][T26167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  456.467146][T26167] Call Trace:
[  456.467154][T26167]  <TASK>
[  456.467164][T26167]  __dump_stack+0x1d/0x30
[  456.467230][T26167]  dump_stack_lvl+0x95/0xd0
[  456.467258][T26167]  dump_stack+0x15/0x1b
[  456.467284][T26167]  should_fail_ex+0x265/0x280
[  456.467313][T26167]  should_failslab+0x8c/0xb0
[  456.467341][T26167]  __kmalloc_cache_noprof+0x65/0x4c0
[  456.467380][T26167]  ? nft_trans_table_add+0x36/0x190
[  456.467409][T26167]  nft_trans_table_add+0x36/0x190
[  456.467448][T26167]  nf_tables_newtable+0x955/0xea0
[  456.467494][T26167]  nfnetlink_rcv+0xbc9/0x16c0
[  456.467555][T26167]  netlink_unicast+0x5c0/0x690
[  456.467696][T26167]  netlink_sendmsg+0x58b/0x6b0
[  456.467731][T26167]  ? __pfx_netlink_sendmsg+0x10/0x10
[  456.467765][T26167]  __sock_sendmsg+0x145/0x180
[  456.467786][T26167]  ____sys_sendmsg+0x31e/0x4a0
[  456.467952][T26167]  ___sys_sendmsg+0x17b/0x1d0
[  456.468044][T26167]  __x64_sys_sendmsg+0xd4/0x160
[  456.468144][T26167]  x64_sys_call+0x17ba/0x3000
[  456.468172][T26167]  do_syscall_64+0xca/0x2b0
[  456.468208][T26167]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.468286][T26167] RIP: 0033:0x7f33b48ff749
[  456.468302][T26167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  456.468321][T26167] RSP: 002b:00007f33b3367038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  456.468341][T26167] RAX: ffffffffffffffda RBX: 00007f33b4b55fa0 RCX: 00007f33b48ff749
[  456.468384][T26167] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  456.468396][T26167] RBP: 00007f33b3367090 R08: 0000000000000000 R09: 0000000000000000
[  456.468409][T26167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  456.468422][T26167] R13: 00007f33b4b56038 R14: 00007f33b4b55fa0 R15: 00007ffec83d4598
[  456.468442][T26167]  </TASK>
[  456.876432][T26200] FAULT_INJECTION: forcing a failure.
[  456.876432][T26200] name failslab, interval 1, probability 0, space 0, times 0
[  456.889575][T26200] CPU: 0 UID: 0 PID: 26200 Comm: syz.4.8493 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  456.889617][T26200] Tainted: [W]=WARN
[  456.889627][T26200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  456.889716][T26200] Call Trace:
[  456.889722][T26200]  <TASK>
[  456.889731][T26200]  __dump_stack+0x1d/0x30
[  456.889755][T26200]  dump_stack_lvl+0x95/0xd0
[  456.889777][T26200]  dump_stack+0x15/0x1b
[  456.889800][T26200]  should_fail_ex+0x265/0x280
[  456.889833][T26200]  should_failslab+0x8c/0xb0
[  456.889880][T26200]  kmem_cache_alloc_noprof+0x69/0x4b0
[  456.889908][T26200]  ? alloc_empty_file+0x76/0x200
[  456.889938][T26200]  alloc_empty_file+0x76/0x200
[  456.889999][T26200]  path_openat+0x63/0x23b0
[  456.890033][T26200]  ? _parse_integer_limit+0x170/0x190
[  456.890055][T26200]  ? _parse_integer+0x27/0x40
[  456.890074][T26200]  ? kstrtoull+0x111/0x140
[  456.890093][T26200]  ? kstrtouint+0x76/0xc0
[  456.890162][T26200]  do_filp_open+0x109/0x230
[  456.890252][T26200]  do_sys_openat2+0xa6/0x150
[  456.890283][T26200]  __x64_sys_openat+0xf2/0x120
[  456.890314][T26200]  x64_sys_call+0x2b07/0x3000
[  456.890340][T26200]  do_syscall_64+0xca/0x2b0
[  456.890418][T26200]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.890513][T26200] RIP: 0033:0x7f837d02f749
[  456.890529][T26200] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  456.890549][T26200] RSP: 002b:00007f837ba76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  456.890570][T26200] RAX: ffffffffffffffda RBX: 00007f837d286090 RCX: 00007f837d02f749
[  456.890583][T26200] RDX: 000000000000c100 RSI: 0000200000000180 RDI: ffffffffffffff9c
[  456.890635][T26200] RBP: 00007f837ba76090 R08: 0000000000000000 R09: 0000000000000000
[  456.890648][T26200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  456.890661][T26200] R13: 00007f837d286128 R14: 00007f837d286090 R15: 00007ffff1defaf8
[  456.890681][T26200]  </TASK>
[  457.088705][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  457.094835][T26022] Bluetooth: hci0: command 0x1003 tx timeout
[  457.127063][T26203] loop3: detected capacity change from 0 to 1024
[  457.134336][T26203] EXT4-fs (loop3): invalid inodes per group: 50331680
[  457.134336][T26203] 
[  457.164129][T26204] bridge: RTM_NEWNEIGH with invalid ether address
[  457.180922][T26206] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  457.354943][T26209] loop3: detected capacity change from 0 to 2048
[  457.371887][T26209] EXT4-fs: Ignoring removed mblk_io_submit option
[  457.398349][T26209] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  457.411507][T26209] EXT4-fs error (device loop3): ext4_find_extent:939: inode #2: comm syz.3.8498: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  457.452821][T19004] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  457.563839][T26240] can0: slcan on ttyS3.
[  457.572284][T26226] loop3: detected capacity change from 0 to 512
[  457.579106][T26226] ext4: Bad value for 'barrier'
[  457.625042][T26234] can0 (unregistered): slcan off ttyS3.
[  457.637853][T26253] macvtap0: refused to change device tx_queue_len
[  457.774014][T26273] macvtap0: refused to change device tx_queue_len
[  457.799966][T26275] netlink: 'syz.3.8523': attribute type 1 has an invalid length.
[  457.814981][T26275] bond2: entered promiscuous mode
[  457.820351][T26275] 8021q: adding VLAN 0 to HW filter on device bond2
[  457.832054][T26275] netlink: 'syz.3.8523': attribute type 1 has an invalid length.
[  457.846540][T26275] bond2: (slave bridge3): making interface the new active one
[  457.855207][T26275] bridge3: entered promiscuous mode
[  457.862492][T26275] bond2: (slave bridge3): Enslaving as an active interface with an up link
[  457.878463][T26275] macsec0: entered promiscuous mode
[  457.884807][T26275] team0: entered promiscuous mode
[  457.890053][T26275] macsec0: entered allmulticast mode
[  457.895398][T26275] team0: entered allmulticast mode
[  457.900534][T26275] bond1: entered allmulticast mode
[  457.907140][T26275] team0: left allmulticast mode
[  457.913073][T26275] bond1: left allmulticast mode
[  457.918065][T26275] team0: left promiscuous mode
[  457.997124][T26282] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.059979][T26282] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.102339][T26284] IPv6: Can't replace route, no match found
[  458.113246][T26282] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.149263][T26289] FAULT_INJECTION: forcing a failure.
[  458.149263][T26289] name failslab, interval 1, probability 0, space 0, times 0
[  458.162241][T26289] CPU: 0 UID: 0 PID: 26289 Comm: syz.2.8527 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  458.162352][T26289] Tainted: [W]=WARN
[  458.162361][T26289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  458.162379][T26289] Call Trace:
[  458.162387][T26289]  <TASK>
[  458.162398][T26289]  __dump_stack+0x1d/0x30
[  458.162428][T26289]  dump_stack_lvl+0x95/0xd0
[  458.162456][T26289]  dump_stack+0x15/0x1b
[  458.162523][T26289]  should_fail_ex+0x265/0x280
[  458.162553][T26289]  should_failslab+0x8c/0xb0
[  458.162576][T26289]  __kmalloc_node_track_caller_noprof+0xb9/0x5b0
[  458.162601][T26289]  ? __request_module+0x1df/0x3e0
[  458.162650][T26289]  ? should_failslab+0x8c/0xb0
[  458.162677][T26289]  kstrdup+0x3e/0xd0
[  458.162716][T26289]  __request_module+0x1df/0x3e0
[  458.162812][T26289]  ? capable+0x7c/0xb0
[  458.162869][T26289]  dev_load+0x61/0xc0
[  458.163031][T26289]  dev_ioctl+0x6f4/0x960
[  458.163072][T26289]  sock_do_ioctl+0x197/0x220
[  458.163102][T26289]  sock_ioctl+0x41b/0x610
[  458.163147][T26289]  ? __pfx_sock_ioctl+0x10/0x10
[  458.163193][T26289]  __se_sys_ioctl+0xce/0x140
[  458.163235][T26289]  __x64_sys_ioctl+0x43/0x50
[  458.163293][T26289]  x64_sys_call+0x14b0/0x3000
[  458.163394][T26289]  do_syscall_64+0xca/0x2b0
[  458.163438][T26289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.163465][T26289] RIP: 0033:0x7fb73aa8f749
[  458.163483][T26289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  458.163505][T26289] RSP: 002b:00007fb7394f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  458.163595][T26289] RAX: ffffffffffffffda RBX: 00007fb73ace5fa0 RCX: 00007fb73aa8f749
[  458.163612][T26289] RDX: 0000200000000100 RSI: 0000000000008943 RDI: 0000000000000004
[  458.163634][T26289] RBP: 00007fb7394f7090 R08: 0000000000000000 R09: 0000000000000000
[  458.163649][T26289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  458.163661][T26289] R13: 00007fb73ace6038 R14: 00007fb73ace5fa0 R15: 00007ffdaeab1398
[  458.163682][T26289]  </TASK>
[  458.164731][T26282] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.425321][T26143] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  458.441866][T26143] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  458.468769][T26287] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  458.470326][T26143] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  458.516021][T26143] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  458.547823][T26309] netlink: 'syz.1.8534': attribute type 6 has an invalid length.
[  458.547923][T26310] netlink: 'syz.1.8534': attribute type 6 has an invalid length.
[  458.656932][T26324] netlink: 'syz.1.8538': attribute type 1 has an invalid length.
[  458.677956][T26324] 8021q: adding VLAN 0 to HW filter on device bond0
[  458.697934][T26320] macvlan2: entered promiscuous mode
[  458.703316][T26320] macvlan2: entered allmulticast mode
[  458.709157][T26320] bond0: entered allmulticast mode
[  458.714367][T26320] bond0: entered promiscuous mode
[  458.719875][T26320] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  458.728137][T26320] team0: Port device macvlan2 added
[  458.746085][T26320] bond0: (slave ip6gretap1): making interface the new active one
[  458.753910][T26320] ip6gretap1: entered promiscuous mode
[  458.759525][T26320] ip6gretap1: entered allmulticast mode
[  458.766127][T26320] bond0: (slave ip6gretap1): Enslaving as an active interface with an up link
[  458.814440][T26331] bond1: option resend_igmp: invalid value (1024)
[  458.821173][T26331] bond1: option resend_igmp: allowed values 0 - 255
[  458.829800][T26331] bond1 (unregistering): Released all slaves
[  458.910194][T26338] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.950346][T26338] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.963658][T26339] IPv6: Can't replace route, no match found
[  459.007367][T26338] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.055113][T26338] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.182294][   T10] hid_parser_main: 10 callbacks suppressed
[  459.182317][   T10] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  459.197520][T26352] netlink: 'syz.4.8550': attribute type 32 has an invalid length.
[  459.207229][   T10] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  459.226343][T26352] loop4: detected capacity change from 0 to 2048
[  459.248610][   T29] kauditd_printk_skb: 574 callbacks suppressed
[  459.248624][   T29] audit: type=1400 audit(2000001851.503:65208): avc:  denied  { unmount } for  pid=17765 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  459.330365][T26363] loop4: detected capacity change from 0 to 164
[  459.339450][T26363] iso9660: Corrupted directory entry in block 2 of inode 1792
[  459.365809][   T29] audit: type=1326 audit(2000001851.618:65209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26364 comm="syz.4.8556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f837d02f749 code=0x7ffc0000
[  459.390410][   T29] audit: type=1326 audit(2000001851.618:65210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26364 comm="syz.4.8556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f837d02f749 code=0x7ffc0000
[  459.418466][T26365] FAULT_INJECTION: forcing a failure.
[  459.418466][T26365] name failslab, interval 1, probability 0, space 0, times 0
[  459.431371][T26365] CPU: 1 UID: 0 PID: 26365 Comm: syz.4.8556 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  459.431412][T26365] Tainted: [W]=WARN
[  459.431464][T26365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  459.431478][T26365] Call Trace:
[  459.431486][T26365]  <TASK>
[  459.431496][T26365]  __dump_stack+0x1d/0x30
[  459.431563][   T29] audit: type=1326 audit(2000001851.650:65211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26364 comm="syz.4.8556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f837d02f749 code=0x7ffc0000
[  459.431567][T26365]  dump_stack_lvl+0x95/0xd0
[  459.431597][T26365]  dump_stack+0x15/0x1b
[  459.431654][T26365]  should_fail_ex+0x265/0x280
[  459.431758][T26365]  should_failslab+0x8c/0xb0
[  459.431839][T26365]  kmem_cache_alloc_noprof+0x69/0x4b0
[  459.431971][T26365]  ? audit_log_start+0x342/0x720
[  459.432044][T26365]  audit_log_start+0x342/0x720
[  459.432108][T26365]  ? should_fail_ex+0xdb/0x280
[  459.432187][T26365]  audit_seccomp+0x48/0x100
[  459.432359][T26365]  ? __seccomp_filter+0x832/0x1260
[  459.432393][T26365]  __seccomp_filter+0x843/0x1260
[  459.432459][T26365]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  459.432591][T26365]  ? vfs_read+0x4e6/0x770
[  459.432638][T26365]  ? __rcu_read_unlock+0x4f/0x70
[  459.432703][T26365]  ? __fget_files+0x184/0x1c0
[  459.432787][T26365]  __secure_computing+0x82/0x150
[  459.432909][T26365]  syscall_trace_enter+0xcf/0x1e0
[  459.433066][T26365]  do_syscall_64+0xa4/0x2b0
[  459.433245][T26365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.433311][T26365] RIP: 0033:0x7f837d02e1ff
[  459.433403][T26365] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  459.433525][T26365] RSP: 002b:00007f837ba97030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  459.433639][T26365] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f837d02e1ff
[  459.433682][T26365] RDX: 0000000000000001 RSI: 00007f837ba970a0 RDI: 0000000000000006
[  459.433794][T26365] RBP: 00007f837ba97090 R08: 0000000000000000 R09: 0000000000000000
[  459.433842][T26365] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  459.433894][T26365] R13: 00007f837d286038 R14: 00007f837d285fa0 R15: 00007ffff1defaf8
[  459.433959][T26365]  </TASK>
[  459.434031][T26365] audit: audit_lost=4 audit_rate_limit=0 audit_backlog_limit=64
[  459.445506][   T29] audit: type=1326 audit(2000001851.681:65212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26364 comm="syz.4.8556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f837d02f749 code=0x7ffc0000
[  459.446826][T26365] audit: out of memory in audit_log_start
[  459.456967][   T29] audit: type=1326 audit(2000001851.681:65213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26364 comm="syz.4.8556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f837d02f749 code=0x7ffc0000
[  459.543511][T26368] FAULT_INJECTION: forcing a failure.
[  459.543511][T26368] name failslab, interval 1, probability 0, space 0, times 0
[  459.546289][   T29] audit: type=1326 audit(2000001851.681:65214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26364 comm="syz.4.8556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f837d02f749 code=0x7ffc0000
[  459.552299][T26368] CPU: 1 UID: 0 PID: 26368 Comm: syz.4.8558 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  459.552339][T26368] Tainted: [W]=WARN
[  459.552347][T26368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  459.552362][T26368] Call Trace:
[  459.552373][T26368]  <TASK>
[  459.552449][T26368]  __dump_stack+0x1d/0x30
[  459.552481][T26368]  dump_stack_lvl+0x95/0xd0
[  459.552554][T26368]  dump_stack+0x15/0x1b
[  459.552578][T26368]  should_fail_ex+0x265/0x280
[  459.552685][T26368]  should_failslab+0x8c/0xb0
[  459.552770][T26368]  kmem_cache_alloc_noprof+0x69/0x4b0
[  459.552798][T26368]  ? security_file_alloc+0x32/0x100
[  459.552834][T26368]  security_file_alloc+0x32/0x100
[  459.553073][T26368]  init_file+0x5c/0x1c0
[  459.553157][T26368]  alloc_empty_file+0x8b/0x200
[  459.553241][T26368]  path_openat+0x63/0x23b0
[  459.553342][T26368]  ? search_extable+0x53/0x80
[  459.553441][T26368]  ? rep_movs_alternative+0xf/0x90
[  459.553514][T26368]  ? rep_movs_alternative+0xf/0x90
[  459.553597][T26368]  ? fixup_exception+0x742/0xcf0
[  459.553724][T26368]  ? path_openat+0x1e82/0x23b0
[  459.553819][T26368]  ? do_user_addr_fault+0xd9e/0x1080
[  459.553944][T26368]  ? _parse_integer_limit+0x170/0x190
[  459.554077][T26368]  do_filp_open+0x109/0x230
[  459.554208][T26368]  do_open_execat+0xd8/0x260
[  459.554434][T26368]  alloc_bprm+0x25/0x350
[  459.554586][T26368]  do_execveat_common+0x12e/0x750
[  459.554800][T26368]  __x64_sys_execve+0x5c/0x70
[  459.554907][T26368]  x64_sys_call+0x271d/0x3000
[  459.554988][T26368]  do_syscall_64+0xca/0x2b0
[  459.555093][T26368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.555245][T26368] RIP: 0033:0x7f837d02f749
[  459.555296][T26368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  459.555351][T26368] RSP: 002b:00007f837ba97038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[  459.555413][T26368] RAX: ffffffffffffffda RBX: 00007f837d285fa0 RCX: 00007f837d02f749
[  459.555456][T26368] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000003040
[  459.555507][T26368] RBP: 00007f837ba97090 R08: 0000000000000000 R09: 0000000000000000
[  459.555590][T26368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  459.555645][T26368] R13: 00007f837d286038 R14: 00007f837d285fa0 R15: 00007ffff1defaf8
[  459.555716][T26368]  </TASK>
[  460.006443][   T29] audit: type=1326 audit(2000001851.681:65215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26364 comm="syz.4.8556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f837d02f749 code=0x7ffc0000
[  460.032493][T26379] FAULT_INJECTION: forcing a failure.
[  460.032493][T26379] name failslab, interval 1, probability 0, space 0, times 0
[  460.045280][T26379] CPU: 1 UID: 0 PID: 26379 Comm: syz.2.8561 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  460.045360][T26379] Tainted: [W]=WARN
[  460.045368][T26379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  460.045380][T26379] Call Trace:
[  460.045388][T26379]  <TASK>
[  460.045396][T26379]  __dump_stack+0x1d/0x30
[  460.045421][T26379]  dump_stack_lvl+0x95/0xd0
[  460.045513][T26379]  dump_stack+0x15/0x1b
[  460.045675][T26379]  should_fail_ex+0x265/0x280
[  460.045698][T26379]  should_failslab+0x8c/0xb0
[  460.045721][T26379]  __kvmalloc_node_noprof+0x149/0x6b0
[  460.045748][T26379]  ? alloc_netdev_mqs+0x873/0xa40
[  460.045789][T26379]  alloc_netdev_mqs+0x873/0xa40
[  460.045828][T26379]  rtnl_create_link+0x239/0x6e0
[  460.045860][T26379]  rtnl_newlink_create+0x14c/0x620
[  460.046029][T26379]  ? security_capable+0x83/0x90
[  460.046064][T26379]  ? netlink_ns_capable+0x86/0xa0
[  460.046118][T26379]  rtnl_newlink+0xf5b/0x1360
[  460.046147][T26379]  ? xas_load+0x413/0x430
[  460.046179][T26379]  ? xas_load+0x413/0x430
[  460.046241][T26379]  ? __rcu_read_unlock+0x4f/0x70
[  460.046266][T26379]  ? __rcu_read_unlock+0x4f/0x70
[  460.046286][T26379]  ? avc_has_perm_noaudit+0xab/0x130
[  460.046324][T26379]  ? cred_has_capability+0x210/0x280
[  460.046359][T26379]  ? selinux_capable+0x31/0x40
[  460.046424][T26379]  ? security_capable+0x83/0x90
[  460.046457][T26379]  ? ns_capable+0x7d/0xb0
[  460.046487][T26379]  ? __pfx_rtnl_newlink+0x10/0x10
[  460.046572][T26379]  rtnetlink_rcv_msg+0x5fe/0x6d0
[  460.046592][T26379]  ? avc_has_perm_noaudit+0xab/0x130
[  460.046630][T26379]  netlink_rcv_skb+0x123/0x220
[  460.046684][T26379]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  460.046711][T26379]  rtnetlink_rcv+0x1c/0x30
[  460.046743][T26379]  netlink_unicast+0x5c0/0x690
[  460.046789][T26379]  netlink_sendmsg+0x58b/0x6b0
[  460.046829][T26379]  ? __pfx_netlink_sendmsg+0x10/0x10
[  460.046956][T26379]  __sock_sendmsg+0x145/0x180
[  460.046977][T26379]  ____sys_sendmsg+0x31e/0x4a0
[  460.047057][T26379]  ___sys_sendmsg+0x17b/0x1d0
[  460.047103][T26379]  __x64_sys_sendmsg+0xd4/0x160
[  460.047137][T26379]  x64_sys_call+0x17ba/0x3000
[  460.047232][T26379]  do_syscall_64+0xca/0x2b0
[  460.047312][T26379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  460.047455][T26379] RIP: 0033:0x7fb73aa8f749
[  460.047470][T26379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  460.047489][T26379] RSP: 002b:00007fb7394f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  460.047514][T26379] RAX: ffffffffffffffda RBX: 00007fb73ace5fa0 RCX: 00007fb73aa8f749
[  460.047590][T26379] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[  460.047669][T26379] RBP: 00007fb7394f7090 R08: 0000000000000000 R09: 0000000000000000
[  460.047755][T26379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  460.047768][T26379] R13: 00007fb73ace6038 R14: 00007fb73ace5fa0 R15: 00007ffdaeab1398
[  460.047793][T26379]  </TASK>
[  460.396749][T26385] __nla_validate_parse: 15 callbacks suppressed
[  460.396770][T26385] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8565'.
[  460.415221][T26385] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8565'.
[  460.464584][T26387] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8564'.
[  460.476934][T26391] 8021q: adding VLAN 0 to HW filter on device bond0
[  460.495471][T26391] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  460.527245][T26146] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  460.548893][T26146] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  460.565492][T26391] loop2: detected capacity change from 0 to 1024
[  460.567647][T26146] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  460.591611][T26146] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  460.625471][T26381] loop3: detected capacity change from 0 to 2048
[  460.632331][T26381] EXT4-fs: Ignoring removed mblk_io_submit option
[  460.644381][T26391] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  460.658228][T26402] netlink: 60 bytes leftover after parsing attributes in process `syz.1.8568'.
[  460.668271][T26397] netlink: 60 bytes leftover after parsing attributes in process `syz.1.8568'.
[  460.679168][T26381] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  460.699956][T26381] EXT4-fs error (device loop3): ext4_find_extent:939: inode #2: comm syz.3.8562: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  460.798169][T19004] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  460.897486][T18738] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  460.922284][T26421] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.937203][T26426] netlink: 36 bytes leftover after parsing attributes in process `syz.4.8577'.
[  460.968132][T26433] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8579'.
[  460.981777][T26433] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8579'.
[  461.001680][T26421] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  461.054682][T26421] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  461.115817][T26421] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  461.229997][T26443] wg1 speed is unknown, defaulting to 1000
[  461.236406][T26443] lo speed is unknown, defaulting to 1000
[  461.242554][T26443] lo speed is unknown, defaulting to 1000
[  461.375582][T26443] chnl_net:caif_netlink_parms(): no params data found
[  461.397534][T26455] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8584'.
[  461.427807][T26443] bridge0: port 1(bridge_slave_0) entered blocking state
[  461.434959][T26443] bridge0: port 1(bridge_slave_0) entered disabled state
[  461.442454][T26443] bridge_slave_0: entered allmulticast mode
[  461.449210][T26443] bridge_slave_0: entered promiscuous mode
[  461.456597][T26443] bridge0: port 2(bridge_slave_1) entered blocking state
[  461.463838][T26443] bridge0: port 2(bridge_slave_1) entered disabled state
[  461.471596][T26443] bridge_slave_1: entered allmulticast mode
[  461.478769][T26443] bridge_slave_1: entered promiscuous mode
[  461.502433][T26443] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  461.518486][T26443] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  461.549978][T26443] team0: Port device team_slave_0 added
[  461.564031][T26443] team0: Port device team_slave_1 added
[  461.582722][T26443] batman_adv: batadv0: Adding interface: batadv_slave_0
[  461.589828][T26443] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  461.602702][T26472] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8591'.
[  461.615907][T26443] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  461.625020][T26443] batman_adv: batadv0: Adding interface: batadv_slave_1
[  461.643247][T26443] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  461.669340][T26443] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  461.682569][T26474] FAULT_INJECTION: forcing a failure.
[  461.682569][T26474] name failslab, interval 1, probability 0, space 0, times 0
[  461.695444][T26474] CPU: 0 UID: 0 PID: 26474 Comm: syz.2.8592 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  461.695521][T26474] Tainted: [W]=WARN
[  461.695531][T26474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  461.695548][T26474] Call Trace:
[  461.695556][T26474]  <TASK>
[  461.695567][T26474]  __dump_stack+0x1d/0x30
[  461.695599][T26474]  dump_stack_lvl+0x95/0xd0
[  461.695707][T26474]  dump_stack+0x15/0x1b
[  461.695745][T26474]  should_fail_ex+0x265/0x280
[  461.695831][T26474]  should_failslab+0x8c/0xb0
[  461.695854][T26474]  kmem_cache_alloc_node_noprof+0x6b/0x4c0
[  461.695887][T26474]  ? __alloc_skb+0x2ff/0x4b0
[  461.695917][T26474]  __alloc_skb+0x2ff/0x4b0
[  461.695987][T26474]  ? __alloc_skb+0x228/0x4b0
[  461.696018][T26474]  pfkey_sendmsg+0x7e4/0x900
[  461.696067][T26474]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  461.696103][T26474]  __sock_sendmsg+0x145/0x180
[  461.696128][T26474]  ____sys_sendmsg+0x31e/0x4a0
[  461.696225][T26474]  ___sys_sendmsg+0x17b/0x1d0
[  461.696307][T26474]  __x64_sys_sendmsg+0xd4/0x160
[  461.696426][T26474]  x64_sys_call+0x17ba/0x3000
[  461.696451][T26474]  do_syscall_64+0xca/0x2b0
[  461.696487][T26474]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.696515][T26474] RIP: 0033:0x7fb73aa8f749
[  461.696595][T26474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  461.696620][T26474] RSP: 002b:00007fb7394f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  461.696639][T26474] RAX: ffffffffffffffda RBX: 00007fb73ace5fa0 RCX: 00007fb73aa8f749
[  461.696657][T26474] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  461.696673][T26474] RBP: 00007fb7394f7090 R08: 0000000000000000 R09: 0000000000000000
[  461.696689][T26474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  461.696706][T26474] R13: 00007fb73ace6038 R14: 00007fb73ace5fa0 R15: 00007ffdaeab1398
[  461.696741][T26474]  </TASK>
[  461.967685][T26443] hsr_slave_0: entered promiscuous mode
[  461.974137][T26443] hsr_slave_1: entered promiscuous mode
[  461.980254][T26443] debugfs: 'hsr0' already exists in 'hsr'
[  461.986194][T26443] Cannot create hsr debugfs directory
[  462.080575][T26443] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  462.140845][T26496] SELinux: failed to load policy
[  462.141536][T26443] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  462.206985][T26443] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  462.254006][T26443] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  462.326568][T26443] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  462.335625][T26443] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  462.344907][T26443] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  462.353732][T26443] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  462.394769][T26443] 8021q: adding VLAN 0 to HW filter on device bond0
[  462.409093][T26443] 8021q: adding VLAN 0 to HW filter on device team0
[  462.419203][T26136] bridge0: port 1(bridge_slave_0) entered blocking state
[  462.426423][T26136] bridge0: port 1(bridge_slave_0) entered forwarding state
[  462.439053][T26146] bridge0: port 2(bridge_slave_1) entered blocking state
[  462.446264][T26146] bridge0: port 2(bridge_slave_1) entered forwarding state
[  462.516462][T26443] 8021q: adding VLAN 0 to HW filter on device batadv0
[  462.631277][T26443] veth0_vlan: entered promiscuous mode
[  462.640573][T26443] veth1_vlan: entered promiscuous mode
[  462.657680][T26443] veth0_macvtap: entered promiscuous mode
[  462.666060][T26443] veth1_macvtap: entered promiscuous mode
[  462.677967][T26443] batman_adv: batadv0: Interface activated: batadv_slave_0
[  462.689533][T26443] batman_adv: batadv0: Interface activated: batadv_slave_1
[  462.700795][T26137] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  462.713161][T26136] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  462.723422][T26136] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  462.737914][T26136] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  462.787085][T26529] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  462.876486][T26529] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  462.903608][T26531] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  462.925399][T26533] IPv6: Can't replace route, no match found
[  462.961785][T26529] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  463.021930][T26529] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  463.867965][T26590] loop2: detected capacity change from 0 to 512
[  463.883024][T26590] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  463.898220][T26590] ext4 filesystem being mounted at /540/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  463.988260][T18738] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  464.007447][T26596] loop2: detected capacity change from 0 to 128
[  464.017658][T26596] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  464.030017][T26596] ext4 filesystem being mounted at /541/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  464.051412][T18738] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  464.202203][T26607] loop3: detected capacity change from 0 to 128
[  464.384710][   T29] kauditd_printk_skb: 114 callbacks suppressed
[  464.384772][   T29] audit: type=1326 audit(2000001856.889:65330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26621 comm="syz.3.8637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dd908f749 code=0x7ffc0000
[  464.472469][   T29] audit: type=1326 audit(2000001856.931:65331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26621 comm="syz.3.8637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2dd908df90 code=0x7ffc0000
[  464.496691][   T29] audit: type=1326 audit(2000001856.931:65332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26621 comm="syz.3.8637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f2dd9090f77 code=0x7ffc0000
[  464.521168][   T29] audit: type=1326 audit(2000001856.931:65333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26621 comm="syz.3.8637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2dd908f749 code=0x7ffc0000
[  464.544869][   T29] audit: type=1326 audit(2000001856.931:65334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26621 comm="syz.3.8637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f2dd9090f77 code=0x7ffc0000
[  464.569482][   T29] audit: type=1326 audit(2000001856.931:65335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26621 comm="syz.3.8637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f2dd908e3aa code=0x7ffc0000
[  464.592960][   T29] audit: type=1326 audit(2000001856.931:65336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26621 comm="syz.3.8637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dd908f749 code=0x7ffc0000
[  464.617499][   T29] audit: type=1326 audit(2000001856.931:65337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26621 comm="syz.3.8637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f2dd90915dc code=0x7ffc0000
[  464.641197][   T29] audit: type=1326 audit(2000001856.931:65338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26621 comm="syz.3.8637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f2dd9091514 code=0x7ffc0000
[  464.665673][   T29] audit: type=1326 audit(2000001856.931:65339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26621 comm="syz.3.8637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f2dd9091514 code=0x7ffc0000
[  464.696232][T26141] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  464.717748][T26141] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  464.757079][T26141] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  464.778469][T26141] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  464.795121][T26141] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  464.808540][T26141] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  464.817592][T26141] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  464.826397][T26141] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  464.895514][T26640] veth1_macvtap: left promiscuous mode
[  465.131199][T26646] loop2: detected capacity change from 0 to 512
[  465.150570][T26646] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  465.163388][T26646] ext4 filesystem being mounted at /546/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  465.245768][T26654] __nla_validate_parse: 11 callbacks suppressed
[  465.245788][T26654] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8647'.
[  465.359722][T26660] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  465.366295][T26660] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  465.373962][T26660] vhci_hcd vhci_hcd.0: Device attached
[  465.381080][T26661] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(10)
[  465.387723][T26661] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  465.395396][T26661] vhci_hcd vhci_hcd.0: Device attached
[  465.402282][T26669] vhci_hcd: connection closed
[  465.402549][T26668] vhci_hcd: connection closed
[  465.408364][T26141] vhci_hcd vhci_hcd.0: stop threads
[  465.418343][T26141] vhci_hcd vhci_hcd.0: release socket
[  465.423733][T26141] vhci_hcd vhci_hcd.0: disconnect device
[  465.430187][T26141] vhci_hcd vhci_hcd.0: stop threads
[  465.436387][T26141] vhci_hcd vhci_hcd.0: release socket
[  465.441816][T26141] vhci_hcd vhci_hcd.0: disconnect device
[  465.470540][T18738] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  465.509526][T26673] loop2: detected capacity change from 0 to 512
[  465.519642][T26673] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  465.528072][T26673] EXT4-fs (loop2): orphan cleanup on readonly fs
[  465.535354][T26673] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.8651: invalid indirect mapped block 256 (level 2)
[  465.550448][T26673] EXT4-fs (loop2): 2 truncates cleaned up
[  465.556885][T26673] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  465.598864][T18738] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  466.035491][T26690] loop2: detected capacity change from 0 to 2048
[  466.042375][T26690] EXT4-fs: Ignoring removed mblk_io_submit option
[  466.054748][T26690] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  466.068051][T26690] EXT4-fs error (device loop2): ext4_find_extent:939: inode #2: comm syz.2.8657: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  466.096326][T26706] SELinux:  policydb version 1953507643 does not match my version range 15-35
[  466.105439][T26706] SELinux: failed to load policy
[  466.111235][T18738] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  466.187489][T26715] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.236725][T26715] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.238560][T26719] IPv6: Can't replace route, no match found
[  466.283748][T26715] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.341076][T26715] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  467.050778][T26731] wg1 speed is unknown, defaulting to 1000
[  467.057334][T26731] lo speed is unknown, defaulting to 1000
[  467.063808][T26731] lo speed is unknown, defaulting to 1000
[  467.113879][T26732] wg1 speed is unknown, defaulting to 1000
[  467.129306][T26732] lo speed is unknown, defaulting to 1000
[  467.143111][T26732] lo speed is unknown, defaulting to 1000
[  467.308915][T26739] FAULT_INJECTION: forcing a failure.
[  467.308915][T26739] name failslab, interval 1, probability 0, space 0, times 0
[  467.322745][T26739] CPU: 0 UID: 0 PID: 26739 Comm: syz.3.8675 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  467.322775][T26739] Tainted: [W]=WARN
[  467.322781][T26739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  467.322793][T26739] Call Trace:
[  467.322798][T26739]  <TASK>
[  467.322805][T26739]  __dump_stack+0x1d/0x30
[  467.322827][T26739]  dump_stack_lvl+0x95/0xd0
[  467.322889][T26739]  dump_stack+0x15/0x1b
[  467.322907][T26739]  should_fail_ex+0x265/0x280
[  467.322976][T26739]  should_failslab+0x8c/0xb0
[  467.322998][T26739]  __kmalloc_cache_node_noprof+0x6a/0x4d0
[  467.323076][T26739]  ? __get_vm_area_node+0x106/0x1d0
[  467.323099][T26739]  __get_vm_area_node+0x106/0x1d0
[  467.323121][T26739]  __vmalloc_node_range_noprof+0x28e/0x1310
[  467.323145][T26739]  ? xt_copy_counters+0x1dc/0x2d0
[  467.323203][T26739]  ? cred_has_capability+0x210/0x280
[  467.323267][T26739]  ? xt_copy_counters+0x1dc/0x2d0
[  467.323297][T26739]  vmalloc_noprof+0x82/0xc0
[  467.323319][T26739]  ? xt_copy_counters+0x1dc/0x2d0
[  467.323366][T26739]  xt_copy_counters+0x1dc/0x2d0
[  467.323426][T26739]  ? security_capable+0x83/0x90
[  467.323459][T26739]  do_ipt_set_ctl+0xb3/0x820
[  467.323478][T26739]  ? _raw_spin_unlock_bh+0x36/0x40
[  467.323544][T26739]  ? tcp_release_cb+0xf1/0x370
[  467.323600][T26739]  ? sockopt_release_sock+0x42/0x50
[  467.323634][T26739]  nf_setsockopt+0x199/0x1b0
[  467.323706][T26739]  ip_setsockopt+0x102/0x110
[  467.323750][T26739]  tcp_setsockopt+0x98/0xb0
[  467.323775][T26739]  sock_common_setsockopt+0x69/0x80
[  467.323808][T26739]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  467.323838][T26739]  __sys_setsockopt+0x184/0x200
[  467.323887][T26739]  __x64_sys_setsockopt+0x64/0x80
[  467.323913][T26739]  x64_sys_call+0x21d5/0x3000
[  467.323960][T26739]  do_syscall_64+0xca/0x2b0
[  467.324010][T26739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.324081][T26739] RIP: 0033:0x7f2dd908f749
[  467.324095][T26739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  467.324111][T26739] RSP: 002b:00007f2dd7aef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  467.324128][T26739] RAX: ffffffffffffffda RBX: 00007f2dd92e5fa0 RCX: 00007f2dd908f749
[  467.324140][T26739] RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003
[  467.324167][T26739] RBP: 00007f2dd7aef090 R08: 0000000000000048 R09: 0000000000000000
[  467.324178][T26739] R10: 0000200000000fc0 R11: 0000000000000246 R12: 0000000000000001
[  467.324280][T26739] R13: 00007f2dd92e6038 R14: 00007f2dd92e5fa0 R15: 00007fff38bedc68
[  467.324330][T26739]  </TASK>
[  467.324337][T26739] syz.3.8675: vmalloc error: size 32, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0
[  467.602408][T26739] CPU: 0 UID: 0 PID: 26739 Comm: syz.3.8675 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  467.602438][T26739] Tainted: [W]=WARN
[  467.602496][T26739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  467.602558][T26739] Call Trace:
[  467.602565][T26739]  <TASK>
[  467.602573][T26739]  __dump_stack+0x1d/0x30
[  467.602595][T26739]  dump_stack_lvl+0x95/0xd0
[  467.602615][T26739]  dump_stack+0x15/0x1b
[  467.602696][T26739]  warn_alloc+0x12b/0x1a0
[  467.602723][T26739]  __vmalloc_node_range_noprof+0x2b3/0x1310
[  467.602790][T26739]  ? cred_has_capability+0x210/0x280
[  467.602847][T26739]  ? xt_copy_counters+0x1dc/0x2d0
[  467.602933][T26739]  vmalloc_noprof+0x82/0xc0
[  467.602965][T26739]  ? xt_copy_counters+0x1dc/0x2d0
[  467.603041][T26739]  xt_copy_counters+0x1dc/0x2d0
[  467.603145][T26739]  ? security_capable+0x83/0x90
[  467.603176][T26739]  do_ipt_set_ctl+0xb3/0x820
[  467.603248][T26739]  ? _raw_spin_unlock_bh+0x36/0x40
[  467.603268][T26739]  ? tcp_release_cb+0xf1/0x370
[  467.603301][T26739]  ? sockopt_release_sock+0x42/0x50
[  467.603326][T26739]  nf_setsockopt+0x199/0x1b0
[  467.603349][T26739]  ip_setsockopt+0x102/0x110
[  467.603377][T26739]  tcp_setsockopt+0x98/0xb0
[  467.603410][T26739]  sock_common_setsockopt+0x69/0x80
[  467.603429][T26739]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  467.603448][T26739]  __sys_setsockopt+0x184/0x200
[  467.603474][T26739]  __x64_sys_setsockopt+0x64/0x80
[  467.603528][T26739]  x64_sys_call+0x21d5/0x3000
[  467.603550][T26739]  do_syscall_64+0xca/0x2b0
[  467.603582][T26739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.603601][T26739] RIP: 0033:0x7f2dd908f749
[  467.603614][T26739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  467.603746][T26739] RSP: 002b:00007f2dd7aef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  467.603763][T26739] RAX: ffffffffffffffda RBX: 00007f2dd92e5fa0 RCX: 00007f2dd908f749
[  467.603775][T26739] RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003
[  467.603786][T26739] RBP: 00007f2dd7aef090 R08: 0000000000000048 R09: 0000000000000000
[  467.603837][T26739] R10: 0000200000000fc0 R11: 0000000000000246 R12: 0000000000000001
[  467.603849][T26739] R13: 00007f2dd92e6038 R14: 00007f2dd92e5fa0 R15: 00007fff38bedc68
[  467.603866][T26739]  </TASK>
[  467.603873][T26739] Mem-Info:
[  467.845424][T26739] active_anon:80182 inactive_anon:24211 isolated_anon:0
[  467.845424][T26739]  active_file:15893 inactive_file:12680 isolated_file:0
[  467.845424][T26739]  unevictable:0 dirty:220 writeback:0
[  467.845424][T26739]  slab_reclaimable:4121 slab_unreclaimable:42649
[  467.845424][T26739]  mapped:29632 shmem:100056 pagetables:1568
[  467.845424][T26739]  sec_pagetables:0 bounce:0
[  467.845424][T26739]  kernel_misc_reclaimable:0
[  467.845424][T26739]  free:1756315 free_pcp:4066 free_cma:0
[  467.892007][T26739] Node 0 active_anon:320728kB inactive_anon:96844kB active_file:63572kB inactive_file:50720kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118528kB dirty:880kB writeback:0kB shmem:400224kB kernel_stack:5104kB pagetables:6272kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  467.921002][T26739] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  467.951581][T26739] lowmem_reserve[]: 0 2880 7859 7859
[  467.956902][T26739] Node 0 DMA32 free:2945992kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2949520kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:3528kB free_cma:0kB
[  467.989172][T26739] lowmem_reserve[]: 0 0 4978 4978
[  467.994306][T26739] Node 0 Normal free:4063908kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:320728kB inactive_anon:96844kB active_file:63572kB inactive_file:50720kB unevictable:0kB writepending:880kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:12736kB local_pcp:9576kB free_cma:0kB
[  468.029351][T26739] lowmem_reserve[]: 0 0 0 0
[  468.034312][T26739] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  468.047048][T26739] Node 0 DMA32: 2*4kB (M) 2*8kB (M) 3*16kB (M) 4*32kB (M) 4*64kB (M) 2*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (M) 3*2048kB (M) 716*4096kB (M) = 2945992kB
[  468.064076][T26739] Node 0 Normal: 3591*4kB (UME) 5414*8kB (UM) 2293*16kB (UME) 1085*32kB (UME) 811*64kB (UME) 493*128kB (UME) 269*256kB (UM) 196*512kB (UME) 169*1024kB (UM) 60*2048kB (UME) 819*4096kB (UM) = 4063868kB
[  468.084239][T26739] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  468.094474][T26739] 128621 total pagecache pages
[  468.099256][T26739] 1 pages in swap cache
[  468.103462][T26739] Free swap  = 124992kB
[  468.107629][T26739] Total swap = 124996kB
[  468.111889][T26739] 2097051 pages RAM
[  468.115733][T26739] 0 pages HighMem/MovableOnly
[  468.121351][T26739] 81271 pages reserved
[  468.268291][T26756] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8683'.
[  468.299000][T26758] netlink: 372 bytes leftover after parsing attributes in process `syz.0.8684'.
[  468.309586][T26758] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8684'.
[  468.319470][T26758] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8684'.
[  468.572589][T26142] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  468.585678][T26136] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  468.597382][T26136] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  468.610057][T26136] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  469.112184][T26786] loop4: detected capacity change from 0 to 164
[  469.122175][T26786] iso9660: Corrupted directory entry in block 2 of inode 1792
[  469.161785][   T29] kauditd_printk_skb: 29 callbacks suppressed
[  469.161884][   T29] audit: type=1326 audit(2000001861.907:65369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26791 comm="syz.2.8695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb73aa8f749 code=0x7ffc0000
[  469.219171][   T29] audit: type=1326 audit(2000001861.949:65370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26791 comm="syz.2.8695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb73aa8f749 code=0x7ffc0000
[  469.242963][   T29] audit: type=1326 audit(2000001861.949:65371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26791 comm="syz.2.8695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb73aa8f749 code=0x7ffc0000
[  469.267551][   T29] audit: type=1326 audit(2000001861.949:65372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26791 comm="syz.2.8695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb73aa8f749 code=0x7ffc0000
[  469.292193][   T29] audit: type=1326 audit(2000001861.949:65373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26791 comm="syz.2.8695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb73aa8f749 code=0x7ffc0000
[  469.315949][   T29] audit: type=1326 audit(2000001861.949:65374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26791 comm="syz.2.8695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb73aa8f749 code=0x7ffc0000
[  469.340728][   T29] audit: type=1326 audit(2000001861.949:65375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26791 comm="syz.2.8695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb73aa8f749 code=0x7ffc0000
[  469.364356][   T29] audit: type=1326 audit(2000001861.949:65376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26791 comm="syz.2.8695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb73aa8f749 code=0x7ffc0000
[  469.388978][   T29] audit: type=1326 audit(2000001861.949:65377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26791 comm="syz.2.8695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb73aa8f749 code=0x7ffc0000
[  469.412719][   T29] audit: type=1326 audit(2000001861.949:65378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26791 comm="syz.2.8695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb73aa8f749 code=0x7ffc0000
[  469.452713][T26798] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8700'.
[  469.462758][T26798] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  469.477576][T26802] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  469.526817][T26808] IPv6: Can't replace route, no match found
[  469.542396][T26802] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  469.588417][T26802] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  469.611089][T26812] loop4: detected capacity change from 0 to 512
[  469.625636][T26812] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #2: comm syz.4.8705: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  469.646234][T26812] EXT4-fs (loop4): get root inode failed
[  469.648573][T26802] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  469.651972][T26812] EXT4-fs (loop4): mount failed
[  469.802525][T26829] netlink: 64 bytes leftover after parsing attributes in process `syz.4.8710'.
[  470.160864][T26831] IPv6: NLM_F_CREATE should be specified when creating new route
[  470.401258][T26841] SET target dimension over the limit!
[  470.482941][T26844] FAULT_INJECTION: forcing a failure.
[  470.482941][T26844] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  470.496190][T26844] CPU: 1 UID: 0 PID: 26844 Comm: syz.2.8716 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  470.496233][T26844] Tainted: [W]=WARN
[  470.496242][T26844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  470.496255][T26844] Call Trace:
[  470.496263][T26844]  <TASK>
[  470.496271][T26844]  __dump_stack+0x1d/0x30
[  470.496341][T26844]  dump_stack_lvl+0x95/0xd0
[  470.496428][T26844]  dump_stack+0x15/0x1b
[  470.496448][T26844]  should_fail_ex+0x265/0x280
[  470.496470][T26844]  should_fail+0xb/0x20
[  470.496489][T26844]  should_fail_usercopy+0x1a/0x20
[  470.496557][T26844]  _copy_from_user+0x1c/0xb0
[  470.496614][T26844]  do_ipt_set_ctl+0x3a0/0x820
[  470.496644][T26844]  ? _raw_spin_unlock_bh+0x36/0x40
[  470.496682][T26844]  ? tcp_release_cb+0xf1/0x370
[  470.496727][T26844]  nf_setsockopt+0x199/0x1b0
[  470.496753][T26844]  ip_setsockopt+0x102/0x110
[  470.496785][T26844]  tcp_setsockopt+0x98/0xb0
[  470.496811][T26844]  sock_common_setsockopt+0x69/0x80
[  470.496841][T26844]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  470.496882][T26844]  __sys_setsockopt+0x184/0x200
[  470.496914][T26844]  __x64_sys_setsockopt+0x64/0x80
[  470.496965][T26844]  x64_sys_call+0x21d5/0x3000
[  470.497000][T26844]  do_syscall_64+0xca/0x2b0
[  470.497046][T26844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.497153][T26844] RIP: 0033:0x7fb73aa8f749
[  470.497173][T26844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  470.497191][T26844] RSP: 002b:00007fb7394d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  470.497215][T26844] RAX: ffffffffffffffda RBX: 00007fb73ace6090 RCX: 00007fb73aa8f749
[  470.497233][T26844] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004
[  470.497250][T26844] RBP: 00007fb7394d6090 R08: 0000000000000480 R09: 0000000000000000
[  470.497310][T26844] R10: 0000200000000480 R11: 0000000000000246 R12: 0000000000000001
[  470.497327][T26844] R13: 00007fb73ace6128 R14: 00007fb73ace6090 R15: 00007ffdaeab1398
[  470.497354][T26844]  </TASK>
[  470.745600][T26848] SET target dimension over the limit!
[  470.754674][T26852] loop2: detected capacity change from 0 to 512
[  470.769029][T26852] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  470.782819][T26852] ext4 filesystem being mounted at /564/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  470.834640][T26852] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #2: comm syz.2.8719: corrupted inode contents
[  470.847915][T26852] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #2: comm syz.2.8719: mark_inode_dirty error
[  470.859968][T26852] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #2: comm syz.2.8719: corrupted inode contents
[  470.873961][T26852] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.8719: mark_inode_dirty error
[  470.938865][T18738] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  471.121668][T26862] wg1 speed is unknown, defaulting to 1000
[  471.128317][T26862] lo speed is unknown, defaulting to 1000
[  471.135118][T26862] lo speed is unknown, defaulting to 1000
[  471.566791][T26869] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8724'.
[  471.577831][T26869] FAULT_INJECTION: forcing a failure.
[  471.577831][T26869] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  471.591805][T26869] CPU: 0 UID: 0 PID: 26869 Comm: syz.4.8724 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  471.591863][T26869] Tainted: [W]=WARN
[  471.591869][T26869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  471.591881][T26869] Call Trace:
[  471.591887][T26869]  <TASK>
[  471.591895][T26869]  __dump_stack+0x1d/0x30
[  471.591917][T26869]  dump_stack_lvl+0x95/0xd0
[  471.591937][T26869]  dump_stack+0x15/0x1b
[  471.591965][T26869]  should_fail_ex+0x265/0x280
[  471.592010][T26869]  should_fail+0xb/0x20
[  471.592073][T26869]  should_fail_usercopy+0x1a/0x20
[  471.592096][T26869]  _copy_from_user+0x1c/0xb0
[  471.592191][T26869]  ___sys_sendmsg+0xc1/0x1d0
[  471.592254][T26869]  __x64_sys_sendmsg+0xd4/0x160
[  471.592285][T26869]  x64_sys_call+0x17ba/0x3000
[  471.592312][T26869]  do_syscall_64+0xca/0x2b0
[  471.592412][T26869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.592431][T26869] RIP: 0033:0x7f4bf83ef749
[  471.592445][T26869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  471.592462][T26869] RSP: 002b:00007f4bf6e57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  471.592543][T26869] RAX: ffffffffffffffda RBX: 00007f4bf8645fa0 RCX: 00007f4bf83ef749
[  471.592555][T26869] RDX: 0000000000040814 RSI: 0000200000000240 RDI: 0000000000000009
[  471.592658][T26869] RBP: 00007f4bf6e57090 R08: 0000000000000000 R09: 0000000000000000
[  471.592670][T26869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  471.592681][T26869] R13: 00007f4bf8646038 R14: 00007f4bf8645fa0 R15: 00007fff921e8538
[  471.592699][T26869]  </TASK>
[  471.780828][T26872] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8725'.
[  472.128016][T26905] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8736'.
[  472.156418][T26905] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8736'.
[  472.226145][T26908] wg1 speed is unknown, defaulting to 1000
[  472.232503][T26908] lo speed is unknown, defaulting to 1000
[  472.248341][T26908] lo speed is unknown, defaulting to 1000
[  472.257780][T26907] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8737'.
[  472.331002][T26907] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=26907 comm=syz.3.8737
[  472.411540][T26915] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8739'.
[  472.653768][T26927] loop3: detected capacity change from 0 to 164
[  472.671103][T26927] iso9660: Corrupted directory entry in block 2 of inode 1792
[  472.889970][T26935] netlink: 32 bytes leftover after parsing attributes in process `syz.4.8747'.
[  472.959605][T26935] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8747'.
[  473.053100][T26933] vlan0: entered allmulticast mode
[  473.058371][T26933] bridge_slave_0: entered allmulticast mode
[  473.114552][T26947] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8751'.
[  473.262120][T26966] FAULT_INJECTION: forcing a failure.
[  473.262120][T26966] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  473.275406][T26966] CPU: 1 UID: 0 PID: 26966 Comm: syz.2.8755 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  473.275506][T26966] Tainted: [W]=WARN
[  473.275515][T26966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  473.275532][T26966] Call Trace:
[  473.275540][T26966]  <TASK>
[  473.275548][T26966]  __dump_stack+0x1d/0x30
[  473.275580][T26966]  dump_stack_lvl+0x95/0xd0
[  473.275608][T26966]  dump_stack+0x15/0x1b
[  473.275634][T26966]  should_fail_ex+0x265/0x280
[  473.275775][T26966]  should_fail+0xb/0x20
[  473.275796][T26966]  should_fail_usercopy+0x1a/0x20
[  473.275820][T26966]  _copy_from_user+0x1c/0xb0
[  473.275859][T26966]  copy_from_sockptr_offset+0x66/0xa0
[  473.275895][T26966]  tls_setsockopt+0xa76/0xe70
[  473.275962][T26966]  sock_common_setsockopt+0x69/0x80
[  473.276023][T26966]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  473.276052][T26966]  __sys_setsockopt+0x184/0x200
[  473.276135][T26966]  __x64_sys_setsockopt+0x64/0x80
[  473.276237][T26966]  x64_sys_call+0x21d5/0x3000
[  473.276347][T26966]  do_syscall_64+0xca/0x2b0
[  473.276408][T26966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.276437][T26966] RIP: 0033:0x7fb73aa8f749
[  473.276518][T26966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  473.276542][T26966] RSP: 002b:00007fb7394f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  473.276577][T26966] RAX: ffffffffffffffda RBX: 00007fb73ace5fa0 RCX: 00007fb73aa8f749
[  473.276594][T26966] RDX: 0000000000000001 RSI: 000000000000011a RDI: 0000000000000004
[  473.276608][T26966] RBP: 00007fb7394f7090 R08: 0000000000000028 R09: 0000000000000000
[  473.276620][T26966] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001
[  473.276632][T26966] R13: 00007fb73ace6038 R14: 00007fb73ace5fa0 R15: 00007ffdaeab1398
[  473.276651][T26966]  </TASK>
[  473.541814][T26971] loop4: detected capacity change from 0 to 164
[  473.571064][T26971] iso9660: Corrupted directory entry in block 2 of inode 1792
[  473.692106][T26977] SELinux:  policydb magic number 0x4c5047 does not match expected magic number 0xf97cff8c
[  473.702689][T26977] SELinux: failed to load policy
[  473.850583][T26144] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  473.863226][T26144] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  473.897276][T26144] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  473.897309][T26980] netlink: 'syz.0.8760': attribute type 30 has an invalid length.
[  473.913708][T26144] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  473.938936][T26983] FAULT_INJECTION: forcing a failure.
[  473.938936][T26983] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  473.952200][T26983] CPU: 1 UID: 0 PID: 26983 Comm: syz.3.8761 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  473.952291][T26983] Tainted: [W]=WARN
[  473.952299][T26983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  473.952312][T26983] Call Trace:
[  473.952324][T26983]  <TASK>
[  473.952332][T26983]  __dump_stack+0x1d/0x30
[  473.952397][T26983]  dump_stack_lvl+0x95/0xd0
[  473.952500][T26983]  dump_stack+0x15/0x1b
[  473.952521][T26983]  should_fail_ex+0x265/0x280
[  473.952559][T26983]  should_fail+0xb/0x20
[  473.952579][T26983]  should_fail_usercopy+0x1a/0x20
[  473.952604][T26983]  _copy_to_user+0x20/0xa0
[  473.952660][T26983]  simple_read_from_buffer+0xb5/0x130
[  473.952741][T26983]  proc_fail_nth_read+0x10e/0x150
[  473.952795][T26983]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  473.952823][T26983]  vfs_read+0x1a8/0x770
[  473.952879][T26983]  ? __rcu_read_unlock+0x4f/0x70
[  473.952899][T26983]  ? __fget_files+0x184/0x1c0
[  473.953025][T26983]  ? mutex_lock+0x58/0x90
[  473.953103][T26983]  ksys_read+0xda/0x1a0
[  473.953123][T26983]  __x64_sys_read+0x40/0x50
[  473.953142][T26983]  x64_sys_call+0x2889/0x3000
[  473.953230][T26983]  do_syscall_64+0xca/0x2b0
[  473.953266][T26983]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.953365][T26983] RIP: 0033:0x7f2dd908e15c
[  473.953381][T26983] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  473.953425][T26983] RSP: 002b:00007f2dd7aef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  473.953445][T26983] RAX: ffffffffffffffda RBX: 00007f2dd92e5fa0 RCX: 00007f2dd908e15c
[  473.953459][T26983] RDX: 000000000000000f RSI: 00007f2dd7aef0a0 RDI: 0000000000000007
[  473.953472][T26983] RBP: 00007f2dd7aef090 R08: 0000000000000000 R09: 0000000000000000
[  473.953493][T26983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  473.953506][T26983] R13: 00007f2dd92e6038 R14: 00007f2dd92e5fa0 R15: 00007fff38bedc68
[  473.953526][T26983]  </TASK>
[  473.955883][T26981] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8760'.
[  474.150854][   T29] kauditd_printk_skb: 399 callbacks suppressed
[  474.150906][   T29] audit: type=1326 audit(2000001867.105:65778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26990 comm="syz.1.8764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  474.194505][   T29] audit: type=1326 audit(2000001867.105:65779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26990 comm="syz.1.8764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  474.219194][   T29] audit: type=1326 audit(2000001867.105:65780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26990 comm="syz.1.8764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  474.243431][   T29] audit: type=1326 audit(2000001867.105:65781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26990 comm="syz.1.8764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  474.267052][   T29] audit: type=1326 audit(2000001867.105:65782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26990 comm="syz.1.8764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  474.291954][   T29] audit: type=1326 audit(2000001867.126:65783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26990 comm="syz.1.8764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f33b48fe1ff code=0x7ffc0000
[  474.315521][   T29] audit: type=1326 audit(2000001867.126:65784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26990 comm="syz.1.8764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  474.340312][   T29] audit: type=1326 audit(2000001867.126:65785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26990 comm="syz.1.8764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  474.363977][   T29] audit: type=1326 audit(2000001867.126:65786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26990 comm="syz.1.8764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  474.388554][   T29] audit: type=1326 audit(2000001867.126:65787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26990 comm="syz.1.8764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b48ff749 code=0x7ffc0000
[  474.487341][T27005] loop2: detected capacity change from 0 to 164
[  474.495686][T27005] iso9660: Corrupted directory entry in block 2 of inode 1792
[  474.562168][T27016] netlink: 'syz.3.8774': attribute type 12 has an invalid length.
[  474.892443][T27024] wg1 speed is unknown, defaulting to 1000
[  474.901556][T27024] lo speed is unknown, defaulting to 1000
[  474.907791][T27024] lo speed is unknown, defaulting to 1000
[  474.933612][T27045] FAULT_INJECTION: forcing a failure.
[  474.933612][T27045] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  474.947774][T27045] CPU: 0 UID: 0 PID: 27045 Comm: syz.0.8782 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  474.947850][T27045] Tainted: [W]=WARN
[  474.947859][T27045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  474.947876][T27045] Call Trace:
[  474.947885][T27045]  <TASK>
[  474.947959][T27045]  __dump_stack+0x1d/0x30
[  474.948110][T27045]  dump_stack_lvl+0x95/0xd0
[  474.948133][T27045]  dump_stack+0x15/0x1b
[  474.948152][T27045]  should_fail_ex+0x265/0x280
[  474.948259][T27045]  should_fail+0xb/0x20
[  474.948284][T27045]  should_fail_usercopy+0x1a/0x20
[  474.948312][T27045]  _copy_from_user+0x1c/0xb0
[  474.948405][T27045]  ___sys_sendmsg+0xc1/0x1d0
[  474.948465][T27045]  __x64_sys_sendmsg+0xd4/0x160
[  474.948569][T27045]  x64_sys_call+0x17ba/0x3000
[  474.948602][T27045]  do_syscall_64+0xca/0x2b0
[  474.948648][T27045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.948670][T27045] RIP: 0033:0x7f111ce6f749
[  474.948759][T27045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  474.948783][T27045] RSP: 002b:00007f111b8d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  474.948808][T27045] RAX: ffffffffffffffda RBX: 00007f111d0c5fa0 RCX: 00007f111ce6f749
[  474.948824][T27045] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004
[  474.948836][T27045] RBP: 00007f111b8d7090 R08: 0000000000000000 R09: 0000000000000000
[  474.948887][T27045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  474.948904][T27045] R13: 00007f111d0c6038 R14: 00007f111d0c5fa0 R15: 00007fffdbb65948
[  474.948928][T27045]  </TASK>
[  475.139794][T27043] bridge0: port 2(bridge_slave_1) entered disabled state
[  475.147043][T27043] bridge0: port 1(bridge_slave_0) entered disabled state
[  475.207451][T27043] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  475.217548][T27043] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  475.255154][T27043] bond0: left allmulticast mode
[  475.260119][T27043] ip6gretap1: left allmulticast mode
[  475.266411][T27043] bond0: left promiscuous mode
[  475.271216][T27043] ip6gretap1: left promiscuous mode
[  475.285638][T26139] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  475.308400][T26139] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  475.334036][T26139] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  475.342681][T26139] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  475.412027][T26139] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  475.466681][T26139] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  475.490728][T27024] chnl_net:caif_netlink_parms(): no params data found
[  475.513468][T27065] FAULT_INJECTION: forcing a failure.
[  475.513468][T27065] name failslab, interval 1, probability 0, space 0, times 0
[  475.526397][T27065] CPU: 1 UID: 0 PID: 27065 Comm: syz.1.8790 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  475.526437][T27065] Tainted: [W]=WARN
[  475.526443][T27065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  475.526455][T27065] Call Trace:
[  475.526531][T27065]  <TASK>
[  475.526539][T27065]  __dump_stack+0x1d/0x30
[  475.526582][T27065]  dump_stack_lvl+0x95/0xd0
[  475.526602][T27065]  dump_stack+0x15/0x1b
[  475.526620][T27065]  should_fail_ex+0x265/0x280
[  475.526641][T27065]  should_failslab+0x8c/0xb0
[  475.526662][T27065]  __kmalloc_noprof+0xb9/0x5a0
[  475.526682][T27065]  ? alloc_pipe_info+0x1c9/0x340
[  475.526699][T27065]  ? alloc_pipe_info+0xae/0x340
[  475.526718][T27065]  alloc_pipe_info+0x1c9/0x340
[  475.526736][T27065]  create_pipe_files+0x67/0x440
[  475.526836][T27065]  __do_pipe_flags+0x44/0x150
[  475.526854][T27065]  do_pipe2+0x61/0x130
[  475.526875][T27065]  __x64_sys_pipe2+0x30/0x40
[  475.526894][T27065]  x64_sys_call+0x1de2/0x3000
[  475.526996][T27065]  do_syscall_64+0xca/0x2b0
[  475.527057][T27065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  475.527077][T27065] RIP: 0033:0x7f33b48ff749
[  475.527091][T27065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  475.527108][T27065] RSP: 002b:00007f33b3367038 EFLAGS: 00000246 ORIG_RAX: 0000000000000125
[  475.527125][T27065] RAX: ffffffffffffffda RBX: 00007f33b4b55fa0 RCX: 00007f33b48ff749
[  475.527168][T27065] RDX: 0000000000000000 RSI: 0000000000080000 RDI: 0000200000000140
[  475.527180][T27065] RBP: 00007f33b3367090 R08: 0000000000000000 R09: 0000000000000000
[  475.527192][T27065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  475.527260][T27065] R13: 00007f33b4b56038 R14: 00007f33b4b55fa0 R15: 00007ffec83d4598
[  475.527284][T27065]  </TASK>
[  475.731138][T26139] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  475.755067][T27068] loop2: detected capacity change from 0 to 1024
[  475.778911][T27077] loop4: detected capacity change from 0 to 164
[  475.804124][T27077] iso9660: Corrupted directory entry in block 2 of inode 1792
[  475.835800][T26139] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  475.904757][T27024] bridge0: port 1(bridge_slave_0) entered blocking state
[  475.911943][T27024] bridge0: port 1(bridge_slave_0) entered disabled state
[  475.921079][T27024] bridge_slave_0: entered allmulticast mode
[  475.927809][T27024] bridge_slave_0: entered promiscuous mode
[  475.958860][T27024] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.966041][T27024] bridge0: port 2(bridge_slave_1) entered disabled state
[  475.981821][T27024] bridge_slave_1: entered allmulticast mode
[  475.988833][T27024] bridge_slave_1: entered promiscuous mode
[  476.033416][T27099] !yz!: rxe_newlink: already configured on team_slave_0
[  476.323663][T26139] bond2 (unregistering): (slave bridge3): Releasing backup interface
[  476.421758][T26139] bridge3 (unregistering): left promiscuous mode
[  476.455702][T27059] syz.0.8788 (27059) used greatest stack depth: 7072 bytes left
[  476.467952][T26139] bond0 (unregistering): Released all slaves
[  476.482750][T26139] team0: Port device bond1 removed
[  476.490368][T26139] bond1 (unregistering): Released all slaves
[  476.501838][T26139] bond2 (unregistering): Released all slaves
[  476.513229][T27024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  476.532694][T27024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  476.562893][T26139] tipc: Left network mode
[  476.588322][T27024] team0: Port device team_slave_0 added
[  476.608563][T27024] team0: Port device team_slave_1 added
[  476.691868][T27117] __nla_validate_parse: 10 callbacks suppressed
[  476.691887][T27117] netlink: 44 bytes leftover after parsing attributes in process `syz.0.8805'.
[  476.773361][T26139] veth0_macvtap: left promiscuous mode
[  476.779114][T26139] veth1_vlan: left promiscuous mode
[  476.886375][T26134] smc: removing ib device syz1
[  476.905030][T27024] batman_adv: batadv0: Adding interface: batadv_slave_0
[  476.912150][T27024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  476.938567][T27024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  477.033314][T27024] batman_adv: batadv0: Adding interface: batadv_slave_1
[  477.041224][T27024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  477.068128][T27024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  477.168306][T27119] wg1 speed is unknown, defaulting to 1000
[  477.174987][T27119] lo speed is unknown, defaulting to 1000
[  477.209487][T27024] hsr_slave_0: entered promiscuous mode
[  477.218537][T27024] hsr_slave_1: entered promiscuous mode
[  477.231642][T27024] debugfs: 'hsr0' already exists in 'hsr'
[  477.237506][T27024] Cannot create hsr debugfs directory
[  477.295202][T27141] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8813'.
[  477.338409][T27141] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8813'.
[  477.431493][T27145] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8814'.
[  477.472393][T27147] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8815'.
[  477.485466][T26139] IPVS: stop unused estimator thread 0...
[  477.567391][T27160] FAULT_INJECTION: forcing a failure.
[  477.567391][T27160] name failslab, interval 1, probability 0, space 0, times 0
[  477.581054][T27160] CPU: 0 UID: 0 PID: 27160 Comm: syz.1.8819 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  477.581092][T27160] Tainted: [W]=WARN
[  477.581100][T27160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  477.581112][T27160] Call Trace:
[  477.581118][T27160]  <TASK>
[  477.581128][T27160]  __dump_stack+0x1d/0x30
[  477.581173][T27160]  dump_stack_lvl+0x95/0xd0
[  477.581230][T27160]  dump_stack+0x15/0x1b
[  477.581264][T27160]  should_fail_ex+0x265/0x280
[  477.581293][T27160]  should_failslab+0x8c/0xb0
[  477.581321][T27160]  __kvmalloc_node_noprof+0x149/0x6b0
[  477.581382][T27160]  ? io_clone_buffers+0x323/0x750
[  477.581525][T27160]  io_clone_buffers+0x323/0x750
[  477.581553][T27160]  ? __fget_files+0x184/0x1c0
[  477.581580][T27160]  ? fget+0x36/0x40
[  477.581608][T27160]  io_register_clone_buffers+0x19f/0x200
[  477.581733][T27160]  __se_sys_io_uring_register+0x654/0xf20
[  477.581839][T27160]  ? fput+0x8f/0xc0
[  477.581873][T27160]  ? ksys_write+0x192/0x1a0
[  477.581899][T27160]  __x64_sys_io_uring_register+0x55/0x70
[  477.581926][T27160]  x64_sys_call+0x27ad/0x3000
[  477.582049][T27160]  do_syscall_64+0xca/0x2b0
[  477.582096][T27160]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  477.582123][T27160] RIP: 0033:0x7f33b48ff749
[  477.582144][T27160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  477.582245][T27160] RSP: 002b:00007f33b3367038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  477.582267][T27160] RAX: ffffffffffffffda RBX: 00007f33b4b55fa0 RCX: 00007f33b48ff749
[  477.582283][T27160] RDX: 0000200000000000 RSI: 000000000000001e RDI: 0000000000000003
[  477.582354][T27160] RBP: 00007f33b3367090 R08: 0000000000000000 R09: 0000000000000000
[  477.582371][T27160] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  477.582388][T27160] R13: 00007f33b4b56038 R14: 00007f33b4b55fa0 R15: 00007ffec83d4598
[  477.582488][T27160]  </TASK>
[  477.910932][T27024] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  477.928893][T27024] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  477.943151][T27024] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  477.952556][T27024] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  477.995549][T27024] 8021q: adding VLAN 0 to HW filter on device bond0
[  478.011148][T27024] 8021q: adding VLAN 0 to HW filter on device team0
[  478.021708][T26146] bridge0: port 1(bridge_slave_0) entered blocking state
[  478.028859][T26146] bridge0: port 1(bridge_slave_0) entered forwarding state
[  478.042552][T26146] bridge0: port 2(bridge_slave_1) entered blocking state
[  478.049673][T26146] bridge0: port 2(bridge_slave_1) entered forwarding state
[  478.124372][T27186] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8826'.
[  478.133794][T27186] FAULT_INJECTION: forcing a failure.
[  478.133794][T27186] name failslab, interval 1, probability 0, space 0, times 0
[  478.146653][T27186] CPU: 1 UID: 0 PID: 27186 Comm: syz.0.8826 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  478.146742][T27186] Tainted: [W]=WARN
[  478.146752][T27186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  478.146769][T27186] Call Trace:
[  478.146777][T27186]  <TASK>
[  478.146786][T27186]  __dump_stack+0x1d/0x30
[  478.146816][T27186]  dump_stack_lvl+0x95/0xd0
[  478.146847][T27186]  dump_stack+0x15/0x1b
[  478.146920][T27186]  should_fail_ex+0x265/0x280
[  478.146963][T27186]  should_failslab+0x8c/0xb0
[  478.146991][T27186]  kmem_cache_alloc_noprof+0x69/0x4b0
[  478.147020][T27186]  ? skb_clone+0x151/0x1f0
[  478.147058][T27186]  skb_clone+0x151/0x1f0
[  478.147123][T27186]  __netlink_deliver_tap+0x2c9/0x500
[  478.147192][T27186]  ? netlink_attachskb+0x2cc/0x650
[  478.147256][T27186]  netlink_sendskb+0x126/0x150
[  478.147284][T27186]  netlink_unicast+0x2a2/0x690
[  478.147315][T27186]  netlink_ack+0x4c8/0x500
[  478.147414][T27186]  netlink_rcv_skb+0x192/0x220
[  478.147449][T27186]  ? __pfx_genl_rcv_msg+0x10/0x10
[  478.147556][T27186]  genl_rcv+0x28/0x40
[  478.147582][T27186]  netlink_unicast+0x5c0/0x690
[  478.147641][T27186]  netlink_sendmsg+0x58b/0x6b0
[  478.147682][T27186]  ? __pfx_netlink_sendmsg+0x10/0x10
[  478.147714][T27186]  __sock_sendmsg+0x145/0x180
[  478.147787][T27186]  sock_sendmsg+0xc1/0x130
[  478.147812][T27186]  splice_to_socket+0x5f3/0x990
[  478.147882][T27186]  ? rw_verify_area+0x8d/0x160
[  478.147913][T27186]  ? __pfx_splice_to_socket+0x10/0x10
[  478.147939][T27186]  do_splice+0x972/0x10b0
[  478.147966][T27186]  ? proc_fail_nth_write+0x13b/0x160
[  478.148017][T27186]  ? __rcu_read_unlock+0x4f/0x70
[  478.148040][T27186]  ? __fget_files+0x184/0x1c0
[  478.148098][T27186]  __se_sys_splice+0x26c/0x3a0
[  478.148124][T27186]  __x64_sys_splice+0x78/0x90
[  478.148298][T27186]  x64_sys_call+0x2e82/0x3000
[  478.148330][T27186]  do_syscall_64+0xca/0x2b0
[  478.148446][T27186]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.148474][T27186] RIP: 0033:0x7f111ce6f749
[  478.148560][T27186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  478.148630][T27186] RSP: 002b:00007f111b8d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  478.148654][T27186] RAX: ffffffffffffffda RBX: 00007f111d0c5fa0 RCX: 00007f111ce6f749
[  478.148671][T27186] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[  478.148688][T27186] RBP: 00007f111b8d7090 R08: 000000000000fffd R09: 0000000000000000
[  478.148701][T27186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  478.148713][T27186] R13: 00007f111d0c6038 R14: 00007f111d0c5fa0 R15: 00007fffdbb65948
[  478.148815][T27186]  </TASK>
[  478.163020][T27024] 8021q: adding VLAN 0 to HW filter on device batadv0
[  478.482717][T27193] loop4: detected capacity change from 0 to 164
[  478.500184][T27193] iso9660: Corrupted directory entry in block 2 of inode 1792
[  478.558728][T27024] veth0_vlan: entered promiscuous mode
[  478.570942][T27024] veth1_vlan: entered promiscuous mode
[  478.589721][T27024] veth0_macvtap: entered promiscuous mode
[  478.598614][T27024] veth1_macvtap: entered promiscuous mode
[  478.612688][T27024] batman_adv: batadv0: Interface activated: batadv_slave_0
[  478.646546][T27024] batman_adv: batadv0: Interface activated: batadv_slave_1
[  478.666934][ T7048] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  478.676845][ T7048] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  478.687679][ T7048] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  478.697128][ T7048] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  478.789562][T27219] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  478.812153][T27222] FAULT_INJECTION: forcing a failure.
[  478.812153][T27222] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  478.825786][T27222] CPU: 1 UID: 0 PID: 27222 Comm: syz.2.8835 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  478.825821][T27222] Tainted: [W]=WARN
[  478.825827][T27222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  478.825841][T27222] Call Trace:
[  478.825846][T27222]  <TASK>
[  478.825854][T27222]  __dump_stack+0x1d/0x30
[  478.825992][T27222]  dump_stack_lvl+0x95/0xd0
[  478.826074][T27222]  dump_stack+0x15/0x1b
[  478.826092][T27222]  should_fail_ex+0x265/0x280
[  478.826113][T27222]  should_fail+0xb/0x20
[  478.826130][T27222]  should_fail_usercopy+0x1a/0x20
[  478.826164][T27222]  copy_fpstate_to_sigframe+0x628/0x7d0
[  478.826186][T27222]  ? copy_fpstate_to_sigframe+0xe6/0x7d0
[  478.826209][T27222]  ? x86_task_fpu+0x36/0x60
[  478.826239][T27222]  get_sigframe+0x34d/0x490
[  478.826317][T27222]  ? get_signal+0xdc7/0xf70
[  478.826344][T27222]  x64_setup_rt_frame+0xa8/0x580
[  478.826370][T27222]  arch_do_signal_or_restart+0x24c/0x450
[  478.826466][T27222]  exit_to_user_mode_loop+0x6a/0x740
[  478.826493][T27222]  ? __se_sys_ioctl+0x13a/0x140
[  478.826540][T27222]  do_syscall_64+0x1dd/0x2b0
[  478.826654][T27222]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.826675][T27222] RIP: 0033:0x7fb73aa8f747
[  478.826689][T27222] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  478.826707][T27222] RSP: 002b:00007fb7394f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  478.826725][T27222] RAX: 0000000000000010 RBX: 00007fb73ace5fa0 RCX: 00007fb73aa8f749
[  478.826736][T27222] RDX: 0000000000000000 RSI: 000000000000545c RDI: 0000000000000005
[  478.826748][T27222] RBP: 00007fb7394f7090 R08: 0000000000000000 R09: 0000000000000000
[  478.826816][T27222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  478.826831][T27222] R13: 00007fb73ace6038 R14: 00007fb73ace5fa0 R15: 00007ffdaeab1398
[  478.826854][T27222]  </TASK>
[  479.039088][T27223] IPv6: Can't replace route, no match found
[  479.229899][T27226] loop2: detected capacity change from 0 to 2048
[  479.236788][T27226] EXT4-fs: Ignoring removed mblk_io_submit option
[  479.256428][T27226] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  479.288114][T18738] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  479.403159][T27238] netlink: 'syz.4.8840': attribute type 10 has an invalid length.
[  479.430411][T27238] team0: Port device dummy0 added
[  479.450447][T27241] netlink: 'syz.4.8840': attribute type 10 has an invalid length.
[  479.466086][T27241] team0: Port device dummy0 removed
[  479.475373][T27241] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  479.518346][T27245] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8843'.
[  479.551741][T27245] 8021q: adding VLAN 0 to HW filter on device bond1
[  479.566283][T27245] wireguard0: entered promiscuous mode
[  479.571905][T27245] wireguard0: entered allmulticast mode
[  479.590148][T27245] 8021q: adding VLAN 0 to HW filter on device bond1
[  479.617166][T27245] bond1: (slave wireguard0): The slave device specified does not support setting the MAC address
[  479.642909][T27245] bond1: (slave wireguard0): Error -95 calling set_mac_address
[  479.670484][T27248] ==================================================================
[  479.678621][T27248] BUG: KCSAN: data-race in page_pool_put_unrefed_netmem / page_pool_refill_alloc_cache
[  479.688321][T27248] 
[  479.690648][T27248] write to 0xffff888176edbd80 of 8 bytes by task 27243 on cpu 0:
[  479.698374][T27248]  page_pool_refill_alloc_cache+0x2a5/0x3c0
[  479.704308][T27248]  page_pool_alloc_pages+0xd0/0x130
[  479.709542][T27248]  bpf_test_run_xdp_live+0x54d/0x11d0
[  479.714944][T27248]  bpf_prog_test_run_xdp+0x525/0x970
[  479.720268][T27248]  bpf_prog_test_run+0x204/0x340
[  479.725238][T27248]  __sys_bpf+0x4c0/0x7c0
[  479.729525][T27248]  __x64_sys_bpf+0x41/0x50
[  479.733965][T27248]  x64_sys_call+0x28e1/0x3000
[  479.738668][T27248]  do_syscall_64+0xca/0x2b0
[  479.743199][T27248]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.749109][T27248] 
[  479.751455][T27248] read to 0xffff888176edbd80 of 8 bytes by task 27248 on cpu 1:
[  479.759100][T27248]  page_pool_put_unrefed_netmem+0x38b/0x4b0
[  479.765031][T27248]  napi_pp_put_page+0xe9/0x200
[  479.769824][T27248]  skb_free_head+0x12c/0x150
[  479.774448][T27248]  skb_release_data+0x33b/0x370
[  479.779328][T27248]  __kfree_skb+0x44/0x150
[  479.783781][T27248]  sk_skb_reason_drop+0xbd/0x270
[  479.788750][T27248]  udpv6_recvmsg+0x1f7/0xca0
[  479.793380][T27248]  inet6_recvmsg+0x143/0x290
[  479.798009][T27248]  sock_recvmsg+0x95/0x170
[  479.802450][T27248]  ____sys_recvmsg+0xf5/0x280
[  479.807168][T27248]  ___sys_recvmsg+0x11f/0x370
[  479.811902][T27248]  do_recvmmsg+0x1ef/0x540
[  479.816448][T27248]  __x64_sys_recvmmsg+0xe5/0x170
[  479.821439][T27248]  x64_sys_call+0x2b75/0x3000
[  479.826244][T27248]  do_syscall_64+0xca/0x2b0
[  479.830786][T27248]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.836705][T27248] 
[  479.839048][T27248] value changed: 0xffffea00042bf400 -> 0x0000000000000000
[  479.846194][T27248] 
[  479.848538][T27248] Reported by Kernel Concurrency Sanitizer on:
[  479.854718][T27248] CPU: 1 UID: 0 PID: 27248 Comm: syz.0.8842 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  479.866204][T27248] Tainted: [W]=WARN
[  479.870019][T27248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  479.880277][T27248] ==================================================================
[  480.811236][T27219] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.304627][T27219] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.344079][T27219] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.403261][T26139] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  482.414560][T26139] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  482.426838][T26144] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  482.438488][T26144] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0