last executing test programs:

1.191803744s ago: executing program 4 (id=6083):
r0 = socket(0x1e, 0x805, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000000c0)=@req3={0x80000000, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0xffffff00}, 0x1c)
sendmsg$tipc(r0, &(0x7f0000000640)={&(0x7f0000000300)=@nameseq={0x1e, 0x3}, 0x28, 0x0}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x1f, 0x1fffffffffffff5f, &(0x7f0000001540)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000d2a4164a208c741cfd26d9871c9b2f4adb434dfcb32410e7acd326c45b56988fbd6e1ec4965940ad8fcdaee5951edc5c4b72243d4a74839cb279", @ANYRES16=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r2, 0x0, 0xf7}, 0x18)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000180))
memfd_create(&(0x7f0000000a80)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xd9\x19\x17\xb0\xed|\xb3\xc2\x017h\xe9kL\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f2\xf7]#\xed,\xc7\x03\x00\x00\x00\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4R$\xaa\x00U\x92\xd2\x99\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8\xfb\x16\x8e\x8b-W\xd4\xc9\xbc\x94CR[Du8U^\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xbd+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96', 0x5)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f0000"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team_slave_1\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000001240)='net/netfilter\x00')
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000"], 0x48)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000030605000000000000000010000000060500010007"], 0x1c}}, 0x8d0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)

1.134898288s ago: executing program 3 (id=6087):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='fdb_delete\x00', r1}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

1.127249209s ago: executing program 4 (id=6088):
r0 = creat(&(0x7f0000000080)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r0, &(0x7f0000000840)={'#! ', './file0'}, 0xb)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r2}, 0x10)
close(r0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

1.103845471s ago: executing program 4 (id=6089):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xc3ff, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848010000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x4058880)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x100, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x2}, 0x50)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_elf32(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c46fdc30003070000000000000002000300030000000903000038000000fcffffff0e000000000020000100050000000000000000000300000008000000f30000007f00000004"], 0x58)
close(r2)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'team0\x00', <r3=>0x0})
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x31, 0x31, 0x3, [@datasec={0x8, 0x1, 0x0, 0xf, 0x1, [{0x2, 0x5, 0x3}], 'e'}, @typedef={0x4, 0x0, 0x0, 0x8, 0x1}, @typedef={0x1, 0x0, 0x0, 0x8, 0x2}]}, {0x0, [0x30]}}, &(0x7f00000002c0)=""/251, 0x4f, 0xfb, 0x0, 0x1}, 0x28)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x5, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], <r5=>0x0, 0x29, &(0x7f0000000240)=[{}, {}], 0x10, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0xb, 0x8, 0x8, &(0x7f0000000340)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = openat$null(0xffffffffffffff9c, &(0x7f0000000480), 0x40001, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xf, 0x13, &(0x7f0000000100)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x81}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x28000000}, @map_fd={0x18, 0x6, 0x1, 0x0, r2}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', r3, @fallback=0x30, r4, 0x8, &(0x7f0000000400)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000440)={0x4, 0x8, 0x4, 0x81}, 0x10, r5, r6, 0x1, &(0x7f00000004c0)=[r7, r8, 0x1], &(0x7f0000000500)=[{0x2, 0x5, 0x3, 0x2}], 0x10, 0x9}, 0x94)
msgget$private(0x0, 0x790)

1.052237145s ago: executing program 3 (id=6090):
syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b2620df1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc561a62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x4, 0x26d, &(0x7f00000005c0)="$eJzs281OE18Yx/EfL/8/CMJUURSM8YludDOBegUNgcTYRIPU+JKYDDLVpkNLOg2mxgg7t14HcenOxHgDbLwCF+7YuGRhHMNMLS2UqAuZaL+fzXnI4deck+dMcxadnXuvV8vF0C16dfX3mQalTe1KGfVrQIm+5tgf1/+r3aauTeQ/Xbxz/8HNXD4/v2i2kFu6njWz8Uvvn714c/lDffTu2/F3Q9rOPNr5kv28Pbk9tfNt6WkptFJolWrdPFuuVuvecuDbSiksu2a3A98LfStVQr/WMV8MqmtrDfMqK2MjazU/DM2rNKzsN6xetXqtYd4Tr1Qx13VtbET4mcLW4qKXS3sV+LNqtZw3J2n60ExhK5UFAQCAVHH/72Xc/3vB3v3/YfP57cT9HwAAAAAAAAAAAAAAAAAAAACAv8FuFDlRFDk/xv+k+A2fqPn3CUkjkkYlnZQ0JmlckiMpI+mUpNOSJiSdkXRW0qSkc5LOS5pq+6y094rDjur/AP3vCTz/vY3+97a2F3eHpdVX64X1QjIm87miSgrka0aOvsa9bErqhRv5+RmLZXRhdaOZ31gvDHTmZ+XsHZhu+dkkb535ofjctfJZOXsHrFs+2zU/rKtX2vKuHH18rKoCrcRncj//ctZs7lb+QH46/r9/nWstXfvnukfNJ/lfOB/RTNf+DGp6MN29Qwobz8teEPg1CgoKilaR9jcTjsN+09NeCQAAAAAAAAAAAAAAAADgdxzHzwnT3iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd9DwAA//+TC2AL")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x275a, 0x0)
ftruncate(r0, 0x81ff)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0ef010095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000200)='kmem_cache_free\x00', r2}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x2, 0x300)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000100))
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0)={0x80, <r3=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x18, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000cf55c76ddb1511479ee45bf9d33975777977b17fbd34e27a12e6294da47420949c95f4cb55d3cdc2c5543e9276cdc01daa707fbbe283e4e60d40b32029f24da72eedcdd121a59a377053e98974ff6974d7d4ff90c61269b4c5d1f1db54f5afff0e0c5a4d418975f5d5cafcde241491b2717ee277e2d5c50d750bdb1aa38e818d2db54608b860c82c5211f7cf08c6cfb8962d9c8ca6d4438b11d2b65a9c496164dd14525644c5542fd6dc4683473f6f2fde11930bd6e51c606712b48d792400"/229, @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, 0x8)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)

1.040809406s ago: executing program 4 (id=6091):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x4, 0x7f, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000001300), &(0x7f00000011c0), 0x7, r0}, 0x38)
pipe2(&(0x7f00000004c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x60680, 0x0)
ioctl$TIOCPKT(r2, 0x5420, &(0x7f00000000c0)=0x3ff)
sendfile(r1, r2, 0x0, 0x110003)
ioctl$TCSETS(r2, 0x5402, &(0x7f0000000080)={0x768, 0x2, 0x100002, 0xf36, 0x8, "f494bfeba3160200160000000000006d004000"})
socket$inet6_icmp(0xa, 0x2, 0x3a)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x200c042, &(0x7f00000000c0), 0x1, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000006c0)='kmem_cache_free\x00', r3, 0x0, 0x2000}, 0x18)
creat(0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
stat(&(0x7f0000000cc0)='./file0\x00', &(0x7f0000001c80))

1.021972568s ago: executing program 3 (id=6092):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x0, &(0x7f0000000080)})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="c0020000100063d10000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa0000000000000000000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc01000000000000000000000000000000000000330000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000b000000000000000000000000000000ffffffffffffffff000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001600000000020000000000000000000000bf010100636d61632861657329"], 0x2c0}, 0x1, 0x0, 0x0, 0x40000}, 0x4004)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000340)={[{@debug}, {@discard}, {@quota}, {@nodiscard}, {@data_err_ignore}]}, 0x65, 0x536, &(0x7f0000000f40)="$eJzs3U9vI2cZAPBnHDtNstkmBQ5QiVJoUXYFaycNbSMOpUgITpWAckQqIXGiKE6yip12E1VsVnwAJIQAiRNcuCDxAZBQJS4cEVIlOIMAgRDswoEDdNDY42z+2LG7deI0+f2kybzvzDvzPK93ZzzjGc0EcGU9HREvR8Q7aZrejIipfHohH2K/NWTtHtx/cykbkkjTV/+RRJJPa68rycfX8sXGIuKrX4r4ZnIybn13b32xVqtu5/VKY+N2pb67d2ttY3G1ulrdnJ+fe2HhxYXnF2YH0s/rEfHSF/7y/e/89Isv/fLTb/zxtb/d+FaW1mQ+/3A/3qXiaTNbXS81P4vDC2w/YrCLqNjsYW68U4uRE1PunXFOAAB0lh3jfyAiPhERN2MqRk4/nAUAAADeh9LPTcZ/k4i0s9Eu0wEAAID3kULzHtikUM7vBZiMQqFcbt3D+6GYKNS26o1PrWztbC637pWdjlJhZa1Wnc3vFZ6OUpLV55rlh/XnjtXnI+KJiPje1HizXl7aqi0P+8cPAAAAuCKuHTv///dU6/y/7e4wkwMAAAAGZ3rYCQAAAABnrt/z/4kzzgMAAAA4O67/AwAAwKX25VdeyYa0/f7r5dd3d9a3Xr+1XK2vlzd2lspLX99ptWw+s2+j1/pqW1u3PxObO3cqjWq9UanvjsXG1s5m47W1I6/ABgAAAM7REx976/dJROx/drw5ZEb7W7TPZsBFVTwoJfm4w2b9h8db4z+fU1LAuRgZdgLA0BSHnQAwNKVhJwAMXdJjftebd36Tjz8+2HwAAIDBm/lI9+v/hVOX3D99NnDh2Yjh6nL9H66u5vX/fu/kdbAAl0qp1xHAqdv83QFnAwzDe77+31OavquEAACAgZtsDkmhXGzXC4VyOeJ687UApWRlrVadjYjHI+J3U6XHsvpcs2XS85wBAAAAAAAAAAAAAAAAAAAAAAAAAGhJ0yRSAAAA4FKLKPw1+VXrWf4zU89OHv99YDT5z1Tkrwh940ev/uDOYqOxPZdN/+fB9MYP8+nPDeMXDAAAALgSerzA/6j2eXr7PB4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABunB/TeX2sN5xv375yNiulP8Yow1x2NRioiJfyVRPLRcEhEjA4g/nv35cCt+ciR+kqV1ELJT/PEBxN+/9zD+g5PxYz//FDrFvzaA+HCVvZXtf17utP0V4unmuPP2V4w4Un9U3fd/cbD/G+my/V/vM8aTb/+80jX+vYgni0fjP3YsftIl/jN9xv/G1/b2us1Lfxwx0/H7J2k3yfaQUWls3K7Ud/durW0srlZXq5vz83MvLLy48PzCbGVlrVbN/3aM8d2P/uKd0/o/0SX+dI/+P3tibaMdY/zv7Tv3P9gqljrFv/FMh/i//kne4mT8Qv7d98m8nM2faZf3W+XDnvrZb586rf/LXfrf69//RreVHnPzK9/+U59NAYBzUN/dW1+s1arbl7aQnaX32Tg7OrsQOV/0Qvt/z0XJ51ELdwe6wjRN0+xTeQ/rSeIifCzNwlB3SwAAwBl4eNA/7EwAAAAAAAAAAAAAAAAAAADg6jqPx4kdj7l/UEoG8QhtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICB+H8AAAD//2Nm0fI=")
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)

892.888068ms ago: executing program 2 (id=6096):
r0 = socket$kcm(0x21, 0x2, 0xa)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x23500d8, 0x0, 0x0, 0x0, &(0x7f0000000000))
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x2)
sendto$inet(0xffffffffffffffff, 0xfffffffffffffffe, 0x0, 0x890, 0x0, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x16, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYRES64=r0], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000004c0)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000001600), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_PORTS(r3, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001640)={0x1c, r4, 0x1}, 0x1c}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESOCT=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf239}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r5}, 0x10)
r6 = syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f00000005c0)={0x7f, {{0x2, 0x4e23, @local}}}, 0x88)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRES16=r6, @ANYRES16], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r8}, &(0x7f0000000380), &(0x7f00000003c0)=r9}, 0x20)
r10 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r10, 0x5423, &(0x7f00000003c0)=0x14)

790.825746ms ago: executing program 2 (id=6097):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000200b7080000000000007b8af8ff00000000b70885d7323e85383230448047eb9e86830000000000007b8af0ff00000000bfa100000000000007010000f8ffffd61f7af675e3b164000704", @ANYBLOB="0000000000000000b7040000080000008500000095000000950000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x2, 0x3, 0x801, 0x0, &(0x7f0000000040), 0xfffffffc)
fcntl$getown(r0, 0x9)
chmod(&(0x7f0000000a00)='./file0\x00', 0x0) (fail_nth: 1)

455.107103ms ago: executing program 2 (id=6099):
recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x12000, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000c41}, 0x4040000)
quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x45, 0x8, 0x5, 0xb, 0x46, 0x3, 0x1, 0x9, 0x7c6b})
mprotect(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x2000008)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000020850000000100000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4d56964ed463fec0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x101, 0x3})
r3 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9bX\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2)
fallocate(r3, 0x0, 0x0, 0x509a)
ioctl$TCSETS2(r2, 0x402c542b, &(0x7f0000000040)={0xb0b, 0x2, 0xf, 0xab4, 0x8, "2c277bd72c6157ca4381fbdd4a7c9d6a840da7", 0xffffffff, 0x8f})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000980)='mm_page_free\x00', 0xffffffffffffffff, 0x0, 0x6}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$key(0xf, 0x3, 0x2)
close(r4)
getpeername$l2tp(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @empty}, &(0x7f00000003c0)=0x10)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
r5 = syz_clone(0x80200, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r5, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
time(0x0)
semget$private(0x0, 0x4000000009, 0x0)

438.366695ms ago: executing program 1 (id=6101):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000040)='kfree\x00', r0}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x20, r4, 0x1, 0xffffffff, 0x0, {0x1a}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)

427.671985ms ago: executing program 1 (id=6102):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="050000000400000099000000"], 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)

398.935898ms ago: executing program 1 (id=6103):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="3c0000001000"/20, @ANYRES32=r2, @ANYBLOB="330800002b9201001c00128009000100626f6e64000000000c0002800600180006000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', r2, 0x2}, 0x94)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x6, &(0x7f0000000080)=[{&(0x7f0000000200)="c9fe00001d008104e00f80ecdb4cb9f207c804a01000000088080efb0a000200250ada1b40d80800c500c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)
connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
io_setup(0x1, &(0x7f0000000b80)=<r8=>0x0)
ioctl$BTRFS_IOC_SPACE_INFO(r7, 0xc0109414, &(0x7f0000002240)={0x85f, 0x80, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
io_submit(r8, 0x1, &(0x7f0000001d00)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6, 0xfffc, r6, 0x0, 0x0, 0x0, 0x0, 0x4}])
r9 = socket(0x22, 0x2, 0x4)
sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newtfilter={0x24, 0x11, 0x400, 0x691522eb, 0x3, {0x0, 0x0, 0x74, 0x0, {0x10, 0x4}, {0x9}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
recvmmsg(r6, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}}], 0xf00, 0x4c42bb4f92, 0x0)
shutdown(r6, 0x0)
sendmmsg$inet6(r4, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000002200)="50a42e", 0x3}], 0x1}}], 0x1, 0x4400c800)
sendto$inet6(r4, &(0x7f0000000600)="5cf3", 0x2, 0x3b00, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r3, 0x0, 0x2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)

314.916845ms ago: executing program 0 (id=6104):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=ANY=[@ANYBLOB="4400000010000305fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="05030200157e0000140012800c0001006d616376746170000400028008000500", @ANYRES32=r1, @ANYBLOB="0800040044"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x48094) (fail_nth: 7)

314.153134ms ago: executing program 3 (id=6105):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x8ece}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000000)=@sg0, 0x0, &(0x7f0000000bc0)={0xc, 0x3e0, 0xca, 0x7fffffffffffffff, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x5})

246.91364ms ago: executing program 0 (id=6106):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=', @ANYRESHEX])
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x14, 0x52, 0x10, 0xfffffffb, 0x25dfdbfb, {0x1c}, [@generic]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x10)
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2000844, &(0x7f0000000080)=ANY=[@ANYBLOB='dots,nocase,nodots,tz=TC,nodots,nodots,errors=remount-ro,quizYUTC,dos1xfloppy,dots,dots,nodots,f\x00ush,dots,dots,\n\x00\x00\x00\x00\x00\x00\x00odots,\x00\x00\x00\x00\x00\x00'], 0x1, 0x23d, &(0x7f0000000a40)="$eJzs3cFqE0EcBvB/27Td9mLP4mHBi6eivkGQCOKCENmDnlyoXloR0svqKY/hM/hIPkZPva3YXZq6UQ+yySbu7wdhP/IxMHPJ5DCTvHvw8fzs0+WH6vvXSJI0RhHzuI44id3Yi9pO89y9yQdx1zwAgG0znRbjvudAh3aW3jmKiGI/Ig6XqvzbmmYFAAAAAAAAAABAx5z/B4Dhcf7//zebjYvj5vvbr5z/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPpzXVX3qr+8+p4fANA9+z8ADI/9HwCGx/4PAMPz+s3bl+Msm0zTNIm4mpd5mdfPun/+Ips8Tm+cLEZdlWW+3+Rs8qTu03Z/3Ix/+tv+IB49rPuf3bNXWas/jLNVLx4AAAAAAAAAAAAAAAAAAAA2xGl6q3W/f6/uT//U1+nO7wO07u+P4v5obcsAAAAAAAAAAAAAAAAAAACArXb5+ct5cXHxfiYIt+Eo/mFUEpsxeaGT0PcnEwAAAAAAAAAAAAAAAAAADM/i0m/fMwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/iz+/391oe81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMPwIwAA//++jJCI")

246.17754ms ago: executing program 3 (id=6107):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x1, r2, 0x0, 0x4, 0x0)
rt_tgsigqueueinfo(0x0, r2, 0x3c, &(0x7f00000005c0)={0x39, 0x5, 0x84})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
pipe2$9p(0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
execve(&(0x7f0000000080)='./file0\x00', &(0x7f00000003c0)={[&(0x7f0000000280)='kfree\x00', &(0x7f00000002c0)='-@!^*\x00', &(0x7f0000000440)='kfree\x00\xb0\x13\xd2\v.\x87\xbc\xa6k\xb8\x147\xaaWc\x1d-\xba^\xd1\xac\xf4\x1bVZ\x95\xa8\xf6E\xf2*\xe2\xbcN\xb8U\xb0^\x16\xf9U\xe9;\xd3\x8b.\x115.+\x88\\H\x13\xf3]\xe9\xc6M\xedVp5\x86\n\xaaU>\xa0\xa1,KE\xc7]J\xd0|\x1c&\x8b\x95\xbfE4\xd9|\\']}, &(0x7f0000000540)={[&(0x7f0000000400)='\x00', &(0x7f00000004c0)='(^!%&@*y\x00', &(0x7f0000000500)='!}^*\x00']})
r4 = getpgrp(0x0)
syz_pidfd_open(r4, 0x0)
ptrace$setsig(0x4203, r4, 0x27, &(0x7f0000000740)={0x1f, 0x1, 0xc})
write$selinux_access(r3, &(0x7f0000000200)=ANY=[@ANYBLOB='system_u:object_r:gpg_agent_exec_t:s0 unconfined 00000000000000000003'], 0x46)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x18, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
r6 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r6, 0x402, 0x8000001f)
r7 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
close_range(r6, r7, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)

236.591851ms ago: executing program 1 (id=6108):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
io_pgetevents(0x0, 0x6, 0x0, 0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x94, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x94}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0xa0, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0xa0}}, 0x0)

228.872632ms ago: executing program 0 (id=6109):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a00000004000000ff0f000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000840)={{r0}, &(0x7f0000000700), &(0x7f0000000740)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r2)
r3 = eventfd2(0x80000001, 0x80001)
flistxattr(r3, &(0x7f0000000280)=""/85, 0x55)

183.246115ms ago: executing program 2 (id=6110):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
shmget$private(0x0, 0xfffffffffeffffff, 0x0, &(0x7f0000ffc000/0x3000)=nil)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r3 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0xb76e}, 0x100000, 0x0, 0xfffffffc, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x800, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200a}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f00000001c0)=r3}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
r7 = memfd_secret(0x80000)
fcntl$setlease(r7, 0x400, 0x0)
close(r7)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="440000001000390400"/20, @ANYRES32=r2, @ANYBLOB="0198000003130000240012800900010069706970000000001400028008000300", @ANYRES32=r2], 0x44}}, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r6, 0x40047211, &(0x7f0000000000)=0x2)
r9 = openat$cgroup_ro(r7, &(0x7f0000000040)='pids.current\x00', 0x0, 0x0)
r10 = syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r8)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r9, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f00000004c0)={0x88, r10, 0x200, 0x70bd29, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x88}, 0x1, 0x0, 0x0, 0x400c0}, 0x200040d0)

182.855895ms ago: executing program 0 (id=6111):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='fdb_delete\x00', r1}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

182.165075ms ago: executing program 1 (id=6112):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000006380)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x6, 0x0, 0xaa11, 0x81, 0x11}, &(0x7f0000000400)=0x98)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x2, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r2, &(0x7f0000001040)=[{{&(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10, &(0x7f0000000180)=[{&(0x7f00000001c0)}], 0x1}}], 0x1, 0x48000)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r3=>0x0}, &(0x7f0000000000)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000400)={0x93de, 0x1, 0x0, 0x3, 0x1ff, 0x7, 0xdff8, 0xb, r3}, 0x20)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_GET_TARGET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r4)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), r4)
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000eeff130000000a0013007778616e3300000008001500", @ANYRES32=0x0, @ANYBLOB="080001"], 0x30}}, 0x0)
r6 = io_uring_setup(0x3f08, &(0x7f0000000000)={0x0, 0x85cc, 0x8000, 0x0, 0x1bd, 0x0, r1})
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00')
statx(r7, &(0x7f0000000180)='.\x00', 0x0, 0x8c, &(0x7f0000000080))
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00'}, 0x90)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c0000001000010800000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="2080ffffffed01ea04eb1d86f408a900", @ANYRES32=r8, @ANYBLOB="080003000800000008001b0000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
setsockopt$sock_void(r7, 0x1, 0x29, 0x0, 0x0)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r6, 0x40047211, &(0x7f0000000080)=0x20)

149.013958ms ago: executing program 4 (id=6113):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080003100c00f9fffeffff"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0xb76e}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x800, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200a}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r4, 0x5453, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f00000002c0)={'batadv_slave_1\x00', <r7=>0x0})
setsockopt$packet_drop_memb(r6, 0x107, 0x2, &(0x7f0000000300)={r7, 0x1, 0x6, @local}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001000ffff27bd7000fbdbdf", @ANYRES32=0x0, @ANYBLOB="fda65f0500000000140012800c0001006d616376746170000400028008000500", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}, 0x1, 0x0, 0x0, 0x308}, 0x0)

148.402678ms ago: executing program 2 (id=6114):
syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b2620df1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc561a62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x4, 0x26d, &(0x7f00000005c0)="$eJzs281OE18Yx/EfL/8/CMJUURSM8YludDOBegUNgcTYRIPU+JKYDDLVpkNLOg2mxgg7t14HcenOxHgDbLwCF+7YuGRhHMNMLS2UqAuZaL+fzXnI4deck+dMcxadnXuvV8vF0C16dfX3mQalTe1KGfVrQIm+5tgf1/+r3aauTeQ/Xbxz/8HNXD4/v2i2kFu6njWz8Uvvn714c/lDffTu2/F3Q9rOPNr5kv28Pbk9tfNt6WkptFJolWrdPFuuVuvecuDbSiksu2a3A98LfStVQr/WMV8MqmtrDfMqK2MjazU/DM2rNKzsN6xetXqtYd4Tr1Qx13VtbET4mcLW4qKXS3sV+LNqtZw3J2n60ExhK5UFAQCAVHH/72Xc/3vB3v3/YfP57cT9HwAAAAAAAAAAAAAAAAAAAACAv8FuFDlRFDk/xv+k+A2fqPn3CUkjkkYlnZQ0JmlckiMpI+mUpNOSJiSdkXRW0qSkc5LOS5pq+6y094rDjur/AP3vCTz/vY3+97a2F3eHpdVX64X1QjIm87miSgrka0aOvsa9bErqhRv5+RmLZXRhdaOZ31gvDHTmZ+XsHZhu+dkkb535ofjctfJZOXsHrFs+2zU/rKtX2vKuHH18rKoCrcRncj//ctZs7lb+QH46/r9/nWstXfvnukfNJ/lfOB/RTNf+DGp6MN29Qwobz8teEPg1CgoKilaR9jcTjsN+09NeCQAAAAAAAAAAAAAAAADgdxzHzwnT3iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd9DwAA//+TC2AL")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x275a, 0x0)
ftruncate(r0, 0x81ff)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0ef010095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000200)='kmem_cache_free\x00', r2}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x2, 0x300)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000100))
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0)={0x80, <r3=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x18, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000cf55c76ddb1511479ee45bf9d33975777977b17fbd34e27a12e6294da47420949c95f4cb55d3cdc2c5543e9276cdc01daa707fbbe283e4e60d40b32029f24da72eedcdd121a59a377053e98974ff6974d7d4ff90c61269b4c5d1f1db54f5afff0e0c5a4d418975f5d5cafcde241491b2717ee277e2d5c50d750bdb1aa38e818d2db54608b860c82c5211f7cf08c6cfb8962d9c8ca6d4438b11d2b65a9c496164dd14525644c5542fd6dc4683473f6f2fde11930bd6e51c606712b48d792400"/229, @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, 0x8)
sendto$inet6(r4, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)

101.557331ms ago: executing program 0 (id=6115):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x3938700}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)

100.783012ms ago: executing program 1 (id=6116):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x1, r2, 0x0, 0x4, 0x0)
ptrace$cont(0x20, r2, 0xffffffff80000000, 0x4)
rt_tgsigqueueinfo(0x0, r2, 0x3c, &(0x7f00000005c0)={0x39, 0x5, 0x84})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
pipe2$9p(0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r3}, 0x18)
r4 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
execve(&(0x7f0000000080)='./file0\x00', &(0x7f00000003c0)={[&(0x7f0000000280)='kfree\x00', &(0x7f00000002c0)='-@!^*\x00', &(0x7f0000000440)='kfree\x00\xb0\x13\xd2\v.\x87\xbc\xa6k\xb8\x147\xaaWc\x1d-\xba^\xd1\xac\xf4\x1bVZ\x95\xa8\xf6E\xf2*\xe2\xbcN\xb8U\xb0^\x16\xf9U\xe9;\xd3\x8b.\x115.+\x88\\H\x13\xf3]\xe9\xc6M\xedVp5\x86\n\xaaU>\xa0\xa1,KE\xc7]J\xd0|\x1c&\x8b\x95\xbfE4\xd9|\\']}, &(0x7f0000000540)={[&(0x7f0000000400)='\x00', &(0x7f00000004c0)='(^!%&@*y\x00', &(0x7f0000000500)='!}^*\x00']})
r5 = getpgrp(0x0)
syz_pidfd_open(r5, 0x0)
ptrace$setsig(0x4203, r5, 0x27, &(0x7f0000000740)={0x1f, 0x1, 0xc})
write$selinux_access(r4, &(0x7f0000000200)=ANY=[@ANYBLOB='system_u:object_r:gpg_agent_exec_t:s0 unconfined 00000000000000000003'], 0x46)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x18, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
r7 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r7, 0x402, 0x8000001f)
r8 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r8, 0x402, 0x8000003d)
ioctl$sock_kcm_SIOCKCMATTACH(r7, 0x89e0, &(0x7f0000000640)={r8, r3})
r9 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendto$inet(r9, &(0x7f0000000080)="481367bfab8932ed20792309270ab9e5784436e9381e9f634f8fc6a714089e", 0x1f, 0x0, 0x0, 0x0)

45.718876ms ago: executing program 2 (id=6117):
r0 = socket(0x1e, 0x805, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000000c0)=@req3={0x80000000, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0xffffff00}, 0x1c)
sendmsg$tipc(r0, &(0x7f0000000640)={&(0x7f0000000300)=@nameseq={0x1e, 0x3}, 0x28, 0x0}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x1f, 0x1fffffffffffff5f, &(0x7f0000001540)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000d2a4164a208c741cfd26d9871c9b2f4adb434dfcb32410e7acd326c45b56988fbd6e1ec4965940ad8fcdaee5951edc5c4b72243d4a74839cb279", @ANYRES16=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r2, 0x0, 0xf7}, 0x18)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
tkill(0x0, 0x39)
memfd_create(&(0x7f0000000a80)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xd9\x19\x17\xb0\xed|\xb3\xc2\x017h\xe9kL\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f2\xf7]#\xed,\xc7\x03\x00\x00\x00\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4R$\xaa\x00U\x92\xd2\x99\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8\xfb\x16\x8e\x8b-W\xd4\xc9\xbc\x94CR[Du8U^\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xbd+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96', 0x5)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f0000"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team_slave_1\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000001240)='net/netfilter\x00')
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000"], 0x48)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000030605000000000000000010000000060500010007"], 0x1c}}, 0x8d0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)

16.815698ms ago: executing program 3 (id=6118):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x8ece}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000000)=@sg0, 0x0, &(0x7f0000000bc0)={0xc, 0x3e0, 0xca, 0x7fffffffffffffff, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x5})

2.85473ms ago: executing program 0 (id=6119):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x5, [@struct={0x0, 0x2, 0x0, 0x4, 0x0, 0x9, [{0x7, 0x3, 0x1b}, {0x4, 0x2, 0x10}]}]}, {0x0, [0x0, 0x2e, 0x5f]}}, 0x0, 0x41, 0x0, 0x1, 0x2000000}, 0x28)
r0 = epoll_create1(0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = syz_io_uring_setup(0xc97, &(0x7f0000000700)={0x0, 0x6015, 0x800, 0xff7fffff, 0x11c}, &(0x7f00000003c0)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x4000, @fd_index=0x3, 0x5, 0x0, 0x0, 0x4})
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080)={0xa002a008})
socket$nl_route(0x10, 0x3, 0x0)

0s ago: executing program 4 (id=6120):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a300000000014000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000)

kernel console output (not intermixed with test programs):

gine, BIOS Google 07/12/2025
[  214.333021][T15267] RIP: 0010:reg_bounds_sanity_check+0x673/0x680
[  214.339282][T15267] Code: 7c 24 18 41 ff 74 24 20 55 41 56 4d 89 ee 53 48 8b 5c 24 30 ff 74 24 40 ff 74 24 50 ff 74 24 30 e8 92 80 ba ff 48 83 c4 38 90 <0f> 0b 90 90 e9 02 fb ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90
[  214.358942][T15267] RSP: 0018:ffffc90000e77440 EFLAGS: 00010292
[  214.365109][T15267] RAX: 0753c609b9a7eb00 RBX: ffff888113f7cb10 RCX: 0000000000080000
[  214.373184][T15267] RDX: ffffc90003545000 RSI: 0000000000006409 RDI: 000000000000640a
[  214.381171][T15267] RBP: 0000000000000000 R08: 0001c90000e7727f R09: 0000000000000000
[  214.389218][T15267] R10: 00000000ffffffff R11: 0000000000000002 R12: ffff888113f7cad0
[  214.397276][T15267] R13: ffff8881038e0000 R14: ffff8881038e0000 R15: ffff888113f7cb08
[  214.405352][T15267] FS:  00007fb39a2ef6c0(0000) GS:ffff8882aef44000(0000) knlGS:0000000000000000
[  214.414857][T15267] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  214.421482][T15267] CR2: 00002000000011a0 CR3: 00000001190c2000 CR4: 00000000003506f0
[  214.429473][T15267] Call Trace:
[  214.432899][T15267]  <TASK>
[  214.435832][T15267]  reg_set_min_max+0x215/0x260
[  214.440598][T15267]  check_cond_jmp_op+0x1013/0x16e0
[  214.445794][T15267]  do_check+0x332a/0x7a10
[  214.450184][T15267]  do_check_common+0xc3a/0x12a0
[  214.455095][T15267]  bpf_check+0x942b/0xd9e0
[  214.459509][T15267]  ? __rcu_read_unlock+0x4f/0x70
[  214.464526][T15267]  ? __alloc_frozen_pages_noprof+0x188/0x360
[  214.470557][T15267]  ? page_counter_try_charge+0x289/0x300
[  214.476231][T15267]  ? pcpu_block_update+0x232/0x3b0
[  214.481430][T15267]  ? _find_next_zero_bit+0x64/0xa0
[  214.486548][T15267]  ? pcpu_block_refresh_hint+0x157/0x170
[  214.492262][T15267]  ? pcpu_block_update_hint_alloc+0x63d/0x660
[  214.498332][T15267]  ? pcpu_block_update_hint_alloc+0x63d/0x660
[  214.504519][T15267]  ? css_rstat_updated+0xb7/0x240
[  214.509586][T15267]  ? __rcu_read_unlock+0x4f/0x70
[  214.514574][T15267]  ? pcpu_memcg_post_alloc_hook+0xf1/0x150
[  214.520428][T15267]  ? should_fail_ex+0x30/0x280
[  214.525314][T15267]  ? selinux_bpf_prog_load+0x36/0xf0
[  214.530629][T15267]  ? should_failslab+0x8c/0xb0
[  214.535456][T15267]  ? __kmalloc_cache_noprof+0x189/0x320
[  214.541028][T15267]  ? selinux_bpf_prog_load+0xbf/0xf0
[  214.546301][T15267]  ? security_bpf_prog_load+0x2c/0xa0
[  214.551826][T15267]  bpf_prog_load+0xedd/0x1070
[  214.556541][T15267]  ? security_bpf+0x2b/0x90
[  214.561138][T15267]  __sys_bpf+0x462/0x7b0
[  214.565385][T15267]  __x64_sys_bpf+0x41/0x50
[  214.569857][T15267]  x64_sys_call+0x2aea/0x2ff0
[  214.574594][T15267]  do_syscall_64+0xd2/0x200
[  214.579167][T15267]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  214.585294][T15267]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  214.591037][T15267]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.596922][T15267] RIP: 0033:0x7fb39b88ebe9
[  214.601384][T15267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  214.621142][T15267] RSP: 002b:00007fb39a2ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  214.629568][T15267] RAX: ffffffffffffffda RBX: 00007fb39bab5fa0 RCX: 00007fb39b88ebe9
[  214.637552][T15267] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[  214.645601][T15267] RBP: 00007fb39b911e19 R08: 0000000000000000 R09: 0000000000000000
[  214.653606][T15267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  214.661600][T15267] R13: 00007fb39bab6038 R14: 00007fb39bab5fa0 R15: 00007ffce9398608
[  214.669563][T15267]  </TASK>
[  214.672674][T15267] ---[ end trace 0000000000000000 ]---
[  214.682286][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.056093][T15327] netlink: 'syz.1.4577': attribute type 10 has an invalid length.
[  215.114369][T15330] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=27152 sclass=netlink_xfrm_socket pid=15330 comm=syz.2.4568
[  215.148878][T15339] netlink: 'syz.3.4581': attribute type 27 has an invalid length.
[  215.190203][T15339] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.197433][T15339] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.303773][T15352] 8021q: adding VLAN 0 to HW filter on device bond0
[  215.311831][T15352] 8021q: adding VLAN 0 to HW filter on device team0
[  215.320266][T15352] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  215.337068][ T4078] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  215.346685][ T4078] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  215.356286][ T4078] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  215.366949][ T4078] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  215.667619][T15378] ieee802154 phy0 wpan0: encryption failed: -22
[  215.846847][T15388] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  215.855908][T15388] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  216.043773][T15414] IPv6: Can't replace route, no match found
[  216.143956][T15435] netlink: 'syz.1.4621': attribute type 10 has an invalid length.
[  216.182681][T15442] netlink: 'syz.2.4625': attribute type 10 has an invalid length.
[  216.224197][T15447] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  216.362118][T15471] IPv6: sit1: Disabled Multicast RS
[  216.367891][T15471] sit1: entered allmulticast mode
[  216.678480][T15493] SELinux:  Context system_u:object_r:tmpfs_t:s0 is not valid (left unmapped).
[  216.902495][T15520] __nla_validate_parse: 9 callbacks suppressed
[  216.902506][T15520] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4655'.
[  217.249086][T15559] netlink: 'syz.2.4669': attribute type 10 has an invalid length.
[  217.286744][T15561] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4670'.
[  217.421908][T15577] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4676'.
[  217.438185][T15579] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  217.498097][T15587] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4681'.
[  217.509914][T15579] IPv6: Can't replace route, no match found
[  217.679707][T15601] loop3: detected capacity change from 0 to 1024
[  217.694609][T15601] 9pnet_fd: Insufficient options for proto=fd
[  217.962217][T15628] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  218.529128][T15645] loop3: detected capacity change from 0 to 512
[  218.541933][T15645] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.4703: corrupted in-inode xattr: invalid ea_ino
[  218.556784][T15645] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.4703: couldn't read orphan inode 15 (err -117)
[  218.570093][T15645] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  218.598188][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.633548][T15661] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4709'.
[  218.647898][T15664] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4710'.
[  218.724423][T15676] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4715'.
[  218.750365][   T29] kauditd_printk_skb: 762 callbacks suppressed
[  218.750384][   T29] audit: type=1326 audit(1755381789.519:14884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  218.765037][T15674] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  218.780318][   T29] audit: type=1326 audit(1755381789.519:14885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  218.780473][   T29] audit: type=1326 audit(1755381789.519:14886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  218.780499][   T29] audit: type=1326 audit(1755381789.519:14887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  218.780593][   T29] audit: type=1326 audit(1755381789.519:14888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  218.780620][   T29] audit: type=1326 audit(1755381789.519:14889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  218.780747][   T29] audit: type=1326 audit(1755381789.519:14890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  218.780772][   T29] audit: type=1326 audit(1755381789.519:14891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  218.780902][   T29] audit: type=1326 audit(1755381789.519:14892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  218.792393][T15674] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  218.812887][   T29] audit: type=1326 audit(1755381789.519:14893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15677 comm="syz.0.4716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  218.889018][T15682] netlink: 'syz.1.4718': attribute type 10 has an invalid length.
[  219.293159][T15701] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4725'.
[  219.340227][T15708] netlink: 'syz.0.4728': attribute type 10 has an invalid length.
[  219.405221][T15718] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4732'.
[  219.662767][T15746] netlink: 'syz.1.4742': attribute type 10 has an invalid length.
[  219.818856][T15762] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4749'.
[  220.103397][T15804] loop3: detected capacity change from 0 to 512
[  220.147439][T15804] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  220.180631][T15804] ext4 filesystem being mounted at /246/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  220.254620][T15797] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.4758: corrupted inode contents
[  220.281574][T15797] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.4758: mark_inode_dirty error
[  220.297882][T15797] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.4758: corrupted inode contents
[  220.312813][T15797] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.4758: mark_inode_dirty error
[  220.390007][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.518479][T15850] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  220.533149][T15850] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  221.417875][T15874] loop3: detected capacity change from 0 to 1764
[  221.556672][T15886] netlink: 'syz.4.4796': attribute type 10 has an invalid length.
[  221.601719][T15890] netlink: 'syz.1.4799': attribute type 10 has an invalid length.
[  221.796266][T15908] netlink: 'syz.2.4806': attribute type 10 has an invalid length.
[  221.865637][T15918] netlink: 'syz.2.4809': attribute type 10 has an invalid length.
[  222.485768][T15948] netlink: 'syz.3.4821': attribute type 10 has an invalid length.
[  222.605105][T15961] __nla_validate_parse: 8 callbacks suppressed
[  222.605121][T15961] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4826'.
[  222.654852][T15961] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4826'.
[  222.679443][T15962] loop3: detected capacity change from 0 to 512
[  222.732654][T15962] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  222.747180][T15962] ext4 filesystem being mounted at /254/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  222.820935][T15976] netlink: 'syz.4.4832': attribute type 10 has an invalid length.
[  222.875882][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.889959][T15980] sch_tbf: burst 3298 is lower than device lo mtu (11337746) !
[  222.953898][T15993] netlink: 'syz.4.4839': attribute type 10 has an invalid length.
[  222.959570][T15988] netlink: 'syz.2.4837': attribute type 27 has an invalid length.
[  222.990323][T15988] 0ªî{X¹¦: left allmulticast mode
[  223.186574][T15988] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[  223.217830][T16007] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  223.233162][   T51] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  223.262494][   T51] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  223.300755][   T51] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  223.322976][   T51] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  223.501536][T16064] ieee802154 phy0 wpan0: encryption failed: -22
[  223.632481][T16071] netlink: 'syz.0.4864': attribute type 27 has an invalid length.
[  223.702880][T16071] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.710116][T16071] bridge0: port 1(bridge_slave_0) entered disabled state
[  223.820438][   T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  223.842324][   T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  223.856464][   T12] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  223.866308][   T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  224.017874][T16102] netlink: 'syz.4.4878': attribute type 27 has an invalid length.
[  224.086683][   T29] kauditd_printk_skb: 893 callbacks suppressed
[  224.086751][   T29] audit: type=1326 audit(1755381794.869:15787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16099 comm="syz.0.4877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  224.119543][T16102] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.126837][T16102] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.167643][   T29] audit: type=1326 audit(1755381794.899:15788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16099 comm="syz.0.4877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  224.192128][   T29] audit: type=1326 audit(1755381794.899:15789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16099 comm="syz.0.4877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  224.215688][   T29] audit: type=1326 audit(1755381794.899:15790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16099 comm="syz.0.4877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  224.240087][   T29] audit: type=1326 audit(1755381794.899:15791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16099 comm="syz.0.4877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  224.316748][   T29] audit: type=1400 audit(1755381795.099:15792): avc:  denied  { mount } for  pid=16116 comm="syz.0.4883" name="/" dev="mqueue" ino=32379 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  224.354068][T16102] netdevsim netdevsim4 netdevsim0: left allmulticast mode
[  224.359337][T16121] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4882'.
[  224.373974][    T9] syz1: Port: 1 Link DOWN
[  224.378963][ T3510] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  224.388460][ T3510] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  224.398412][ T3510] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  224.421544][ T3510] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  224.513651][T16136] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4892'.
[  224.523285][T16137] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4891'.
[  224.546854][T16136] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4892'.
[  224.599555][T16147] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4895'.
[  224.655541][   T29] audit: type=1326 audit(1755381795.439:15793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16156 comm="syz.0.4900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  224.679241][   T29] audit: type=1326 audit(1755381795.439:15794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16156 comm="syz.0.4900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  224.703422][   T29] audit: type=1326 audit(1755381795.439:15795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16156 comm="syz.0.4900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  224.727051][   T29] audit: type=1326 audit(1755381795.439:15796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16156 comm="syz.0.4900" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  224.902998][T16169] sch_tbf: burst 3298 is lower than device lo mtu (11337746) !
[  224.939678][T16171] netlink: 'syz.2.4906': attribute type 10 has an invalid length.
[  225.117104][T16181] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4911'.
[  225.208334][T16197] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4917'.
[  225.681883][T16161] syz.3.4902 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  225.696060][T16161] CPU: 1 UID: 0 PID: 16161 Comm: syz.3.4902 Tainted: G        W           6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(voluntary) 
[  225.696113][T16161] Tainted: [W]=WARN
[  225.696119][T16161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  225.696129][T16161] Call Trace:
[  225.696136][T16161]  <TASK>
[  225.696144][T16161]  __dump_stack+0x1d/0x30
[  225.696172][T16161]  dump_stack_lvl+0xe8/0x140
[  225.696227][T16161]  dump_stack+0x15/0x1b
[  225.696243][T16161]  dump_header+0x81/0x220
[  225.696271][T16161]  oom_kill_process+0x342/0x400
[  225.696366][T16161]  out_of_memory+0x979/0xb80
[  225.696399][T16161]  try_charge_memcg+0x5e6/0x9e0
[  225.696605][T16161]  obj_cgroup_charge_pages+0xa6/0x150
[  225.696634][T16161]  __memcg_kmem_charge_page+0x9f/0x170
[  225.696666][T16161]  __alloc_frozen_pages_noprof+0x188/0x360
[  225.696772][T16161]  alloc_pages_mpol+0xb3/0x250
[  225.696799][T16161]  alloc_pages_noprof+0x90/0x130
[  225.696826][T16161]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  225.696906][T16161]  __kvmalloc_node_noprof+0x30f/0x4e0
[  225.696938][T16161]  ? ip_set_alloc+0x1f/0x30
[  225.696967][T16161]  ? ip_set_alloc+0x1f/0x30
[  225.696996][T16161]  ? hash_netiface_create+0x21b/0x740
[  225.697023][T16161]  ? __kmalloc_cache_noprof+0x189/0x320
[  225.697050][T16161]  ip_set_alloc+0x1f/0x30
[  225.697110][T16161]  hash_netiface_create+0x282/0x740
[  225.697177][T16161]  ? __pfx_hash_netiface_create+0x10/0x10
[  225.697210][T16161]  ip_set_create+0x3cc/0x960
[  225.697233][T16161]  ? __nla_parse+0x40/0x60
[  225.697254][T16161]  nfnetlink_rcv_msg+0x4c3/0x590
[  225.697386][T16161]  netlink_rcv_skb+0x123/0x220
[  225.697403][T16161]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  225.697433][T16161]  nfnetlink_rcv+0x16b/0x1690
[  225.697517][T16161]  ? nlmon_xmit+0x4f/0x60
[  225.697540][T16161]  ? consume_skb+0x49/0x150
[  225.697558][T16161]  ? nlmon_xmit+0x4f/0x60
[  225.697579][T16161]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  225.697642][T16161]  ? __dev_queue_xmit+0x1200/0x2000
[  225.697664][T16161]  ? __dev_queue_xmit+0x182/0x2000
[  225.697682][T16161]  ? refill_obj_stock+0x275/0x2e0
[  225.697734][T16161]  ? ref_tracker_free+0x37d/0x3e0
[  225.697757][T16161]  ? __netlink_deliver_tap+0x4dc/0x500
[  225.697814][T16161]  netlink_unicast+0x5bd/0x690
[  225.697846][T16161]  netlink_sendmsg+0x58b/0x6b0
[  225.697869][T16161]  ? __pfx_netlink_sendmsg+0x10/0x10
[  225.697922][T16161]  __sock_sendmsg+0x142/0x180
[  225.697948][T16161]  ____sys_sendmsg+0x31e/0x4e0
[  225.697970][T16161]  ___sys_sendmsg+0x17b/0x1d0
[  225.698004][T16161]  __x64_sys_sendmsg+0xd4/0x160
[  225.698107][T16161]  x64_sys_call+0x191e/0x2ff0
[  225.698206][T16161]  do_syscall_64+0xd2/0x200
[  225.698241][T16161]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  225.698262][T16161]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  225.698286][T16161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.698304][T16161] RIP: 0033:0x7f992577ebe9
[  225.698318][T16161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.698418][T16161] RSP: 002b:00007f99241e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  225.698436][T16161] RAX: ffffffffffffffda RBX: 00007f99259a5fa0 RCX: 00007f992577ebe9
[  225.698447][T16161] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 000000000000000e
[  225.698459][T16161] RBP: 00007f9925801e19 R08: 0000000000000000 R09: 0000000000000000
[  225.698470][T16161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  225.698540][T16161] R13: 00007f99259a6038 R14: 00007f99259a5fa0 R15: 00007ffccc6832b8
[  225.698561][T16161]  </TASK>
[  225.698579][T16161] memory: usage 307200kB, limit 307200kB, failcnt 346
[  226.054184][T16161] memory+swap: usage 307480kB, limit 9007199254740988kB, failcnt 0
[  226.062153][T16161] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0
[  226.069433][T16161] Memory cgroup stats for /syz3:
[  226.069913][T16161] cache 0
[  226.077940][T16161] rss 0
[  226.080734][T16161] shmem 0
[  226.083723][T16161] mapped_file 0
[  226.087169][T16161] dirty 0
[  226.090085][T16161] writeback 0
[  226.093371][T16161] workingset_refault_anon 23
[  226.098003][T16161] workingset_refault_file 300
[  226.102693][T16161] swap 286720
[  226.105963][T16161] swapcached 4096
[  226.109573][T16161] pgpgin 207842
[  226.113125][T16161] pgpgout 207841
[  226.116692][T16161] pgfault 330999
[  226.120284][T16161] pgmajfault 13
[  226.123747][T16161] inactive_anon 0
[  226.127440][T16161] active_anon 4096
[  226.131241][T16161] inactive_file 0
[  226.134860][T16161] active_file 0
[  226.138295][T16161] unevictable 0
[  226.141747][T16161] hierarchical_memory_limit 314572800
[  226.147176][T16161] hierarchical_memsw_limit 9223372036854771712
[  226.153339][T16161] total_cache 0
[  226.156812][T16161] total_rss 0
[  226.160206][T16161] total_shmem 0
[  226.163714][T16161] total_mapped_file 0
[  226.167899][T16161] total_dirty 0
[  226.171460][T16161] total_writeback 0
[  226.175260][T16161] total_workingset_refault_anon 23
[  226.180347][T16161] total_workingset_refault_file 300
[  226.185564][T16161] total_swap 286720
[  226.189360][T16161] total_swapcached 4096
[  226.193526][T16161] total_pgpgin 207842
[  226.197492][T16161] total_pgpgout 207841
[  226.201619][T16161] total_pgfault 330999
[  226.205674][T16161] total_pgmajfault 13
[  226.209731][T16161] total_inactive_anon 0
[  226.213889][T16161] total_active_anon 4096
[  226.218131][T16161] total_inactive_file 0
[  226.222383][T16161] total_active_file 0
[  226.226357][T16161] total_unevictable 0
[  226.230319][T16161] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.4902,pid=16160,uid=0
[  226.244975][T16161] Memory cgroup out of memory: Killed process 16160 (syz.3.4902) total-vm:93632kB, anon-rss:944kB, file-rss:22440kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  226.309991][T16244] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4937'.
[  226.528534][T16271] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  226.549350][T16161] syz.3.4902 (16161) used greatest stack depth: 7536 bytes left
[  226.901483][T16287] netlink: 'syz.3.4951': attribute type 10 has an invalid length.
[  226.905947][T16286] vlan2: entered allmulticast mode
[  226.915215][T16286] dummy0: entered allmulticast mode
[  226.935716][T16287] loop3: detected capacity change from 0 to 1024
[  226.943971][T16287] EXT4-fs: Ignoring removed nomblk_io_submit option
[  226.957373][T16287] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  226.965592][T16287] System zones: 0-1, 3-36
[  226.972514][T16287] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.032195][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.086068][T16312] FAULT_INJECTION: forcing a failure.
[  227.086068][T16312] name failslab, interval 1, probability 0, space 0, times 0
[  227.098849][T16312] CPU: 1 UID: 0 PID: 16312 Comm: +}[@ Tainted: G        W           6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(voluntary) 
[  227.098958][T16312] Tainted: [W]=WARN
[  227.098965][T16312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  227.099001][T16312] Call Trace:
[  227.099006][T16312]  <TASK>
[  227.099013][T16312]  __dump_stack+0x1d/0x30
[  227.099034][T16312]  dump_stack_lvl+0xe8/0x140
[  227.099054][T16312]  dump_stack+0x15/0x1b
[  227.099070][T16312]  should_fail_ex+0x265/0x280
[  227.099092][T16312]  should_failslab+0x8c/0xb0
[  227.099138][T16312]  kmem_cache_alloc_noprof+0x50/0x310
[  227.099164][T16312]  ? alloc_uid+0x106/0x370
[  227.099188][T16312]  alloc_uid+0x106/0x370
[  227.099276][T16312]  ? __sys_setreuid+0x2c5/0x520
[  227.099303][T16312]  __sys_setreuid+0x2dd/0x520
[  227.099331][T16312]  __x64_sys_setreuid+0x2d/0x40
[  227.099356][T16312]  x64_sys_call+0x244c/0x2ff0
[  227.099426][T16312]  do_syscall_64+0xd2/0x200
[  227.099449][T16312]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  227.099472][T16312]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  227.099525][T16312]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.099545][T16312] RIP: 0033:0x7f992577ebe9
[  227.099560][T16312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  227.099573][T16312] RSP: 002b:00007f99241e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000071
[  227.099591][T16312] RAX: ffffffffffffffda RBX: 00007f99259a5fa0 RCX: 00007f992577ebe9
[  227.099602][T16312] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ee01
[  227.099612][T16312] RBP: 00007f99241e7090 R08: 0000000000000000 R09: 0000000000000000
[  227.099667][T16312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  227.099679][T16312] R13: 00007f99259a6038 R14: 00007f99259a5fa0 R15: 00007ffccc6832b8
[  227.099699][T16312]  </TASK>
[  227.344182][T16325] 8021q: adding VLAN 0 to HW filter on device bond0
[  227.352980][T16325] 8021q: adding VLAN 0 to HW filter on device team0
[  227.364757][T16325] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  227.414398][T16321] 8021q: adding VLAN 0 to HW filter on device bond0
[  227.461295][T16321] 8021q: adding VLAN 0 to HW filter on device team0
[  227.488050][T16321] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  227.503647][T16008] syz1: Port: 1 Link ACTIVE
[  227.664317][T16357] bond1: entered promiscuous mode
[  227.669377][T16357] bond1: entered allmulticast mode
[  227.674969][T16357] 8021q: adding VLAN 0 to HW filter on device bond1
[  227.676170][T16348] __nla_validate_parse: 9 callbacks suppressed
[  227.676183][T16348] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4975'.
[  227.696832][T16348] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4975'.
[  227.709041][T16362] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4978'.
[  227.718287][T16362] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4978'.
[  227.742268][T16357] bond1 (unregistering): Released all slaves
[  227.761675][T16362] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4978'.
[  227.770692][T16362] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4978'.
[  227.796353][T16369] bond1: entered promiscuous mode
[  227.801534][T16369] bond1: entered allmulticast mode
[  227.812754][T16362] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4978'.
[  227.821838][T16362] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4978'.
[  227.843794][T16369] 8021q: adding VLAN 0 to HW filter on device bond1
[  227.864548][T16369] bond1 (unregistering): Released all slaves
[  227.906537][T16380] 8021q: adding VLAN 0 to HW filter on device bond0
[  227.916016][T16380] 8021q: adding VLAN 0 to HW filter on device team0
[  227.925841][T16380] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  228.057484][T16397] mmap: syz.4.4993 (16397) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  228.080643][T16403] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2
[  228.226037][T16429] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16429 comm=syz.2.5007
[  228.279618][T16429] netlink: zone id is out of range
[  228.288911][T16429] netlink: zone id is out of range
[  228.294108][T16429] netlink: zone id is out of range
[  228.299232][T16429] netlink: zone id is out of range
[  228.305000][T16429] netlink: zone id is out of range
[  228.310122][T16429] netlink: zone id is out of range
[  228.315274][T16429] netlink: zone id is out of range
[  228.355734][T16438] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5010'.
[  228.434864][T16443] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5012'.
[  228.504748][T16455] netlink: 'syz.2.5017': attribute type 10 has an invalid length.
[  228.584689][T16463] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  228.617097][T16469] netlink: 'syz.2.5024': attribute type 10 has an invalid length.
[  228.775829][T16484] wg2: entered promiscuous mode
[  228.780812][T16484] wg2: entered allmulticast mode
[  228.833217][T16498] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  228.927031][T16512] ieee802154 phy1 wpan1: encryption failed: -22
[  229.065483][T16533] sch_tbf: burst 3298 is lower than device lo mtu (11337746) !
[  229.119952][   T29] kauditd_printk_skb: 1083 callbacks suppressed
[  229.120003][   T29] audit: type=1326 audit(1755381799.899:16880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16545 comm="syz.2.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  229.160312][   T29] audit: type=1326 audit(1755381799.919:16881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16545 comm="syz.2.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  229.184672][   T29] audit: type=1326 audit(1755381799.919:16882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16545 comm="syz.2.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  229.208414][   T29] audit: type=1326 audit(1755381799.919:16883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16545 comm="syz.2.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  229.232157][   T29] audit: type=1326 audit(1755381799.919:16884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16545 comm="syz.2.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  229.256426][   T29] audit: type=1326 audit(1755381799.919:16885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16545 comm="syz.2.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  229.280103][   T29] audit: type=1326 audit(1755381799.919:16886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16545 comm="syz.2.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  229.304422][   T29] audit: type=1326 audit(1755381799.919:16887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16545 comm="syz.2.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  229.328184][   T29] audit: type=1326 audit(1755381799.919:16888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16545 comm="syz.2.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  229.352551][   T29] audit: type=1326 audit(1755381799.919:16889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16545 comm="syz.2.5054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  229.420754][T16559] program syz.3.5060 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  229.435199][T16559] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  229.464834][T16565] netlink: 'syz.0.5063': attribute type 10 has an invalid length.
[  230.161119][T16637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  230.169650][T16637] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  230.189402][T16647] netlink: 'syz.0.5099': attribute type 10 has an invalid length.
[  230.238018][T16652] netlink: 'syz.4.5101': attribute type 10 has an invalid length.
[  230.437037][T16683] rdma_rxe: rxe_newlink: failed to add syz_tun
[  230.529009][T16693] sch_tbf: burst 3298 is lower than device lo mtu (11337746) !
[  230.791612][T16711] netlink: 'syz.2.5123': attribute type 10 has an invalid length.
[  230.997479][T16739] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[  231.195040][T16757] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  231.370809][T16785] syz_tun: entered allmulticast mode
[  231.425338][T16785] syz_tun (unregistering): left allmulticast mode
[  231.434582][   T12] smc: removing ib device syz1
[  231.466313][ T3410] syz1: Port: 1 Link DOWN
[  231.731574][T16821] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  232.292804][T16843] netlink: 'syz.3.5177': attribute type 10 has an invalid length.
[  232.330089][T16843] loop3: detected capacity change from 0 to 1024
[  232.339205][T16843] EXT4-fs: Ignoring removed nomblk_io_submit option
[  232.362920][T16843] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  232.378584][T16843] System zones: 0-1, 3-36
[  232.391641][T16843] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.568073][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.874755][T16891] loop3: detected capacity change from 0 to 512
[  232.916358][T16891] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.997262][T16891] ext4 filesystem being mounted at /307/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  233.038442][T16888] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.5195: corrupted inode contents
[  233.052553][T16888] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.5195: mark_inode_dirty error
[  233.065718][T16888] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.5195: corrupted inode contents
[  233.079170][T16888] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.5195: mark_inode_dirty error
[  233.134080][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.162505][T16922] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  233.170024][T16922] net_ratelimit: 17 callbacks suppressed
[  233.170036][T16922] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  233.177266][ T3407] IPVS: starting estimator thread 0...
[  233.200973][T16919] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  233.239056][T16928] __nla_validate_parse: 14 callbacks suppressed
[  233.239071][T16928] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5208'.
[  233.281603][T16924] IPVS: using max 2688 ests per chain, 134400 per kthread
[  233.310684][T16930] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5209'.
[  233.370736][T16930] loop3: detected capacity change from 0 to 512
[  233.400102][T16930] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[  233.409434][T16930] System zones: 0-2, 18-18, 34-34
[  233.415067][T16930] EXT4-fs (loop3): orphan cleanup on readonly fs
[  233.422032][T16930] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5209: bg 0: block 248: padding at end of block bitmap is not set
[  233.439969][T16930] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.5209: Failed to acquire dquot type 1
[  233.456027][T16930] EXT4-fs (loop3): 1 orphan inode deleted
[  233.463026][   T41] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:2: Failed to release dquot type 1
[  233.485098][T16930] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  233.509476][T16930] EXT4-fs error (device loop3): ext4_lookup:1791: inode #2: comm syz.3.5209: deleted inode referenced: 12
[  233.522548][T16960] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5220'.
[  233.634063][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.648285][T16992] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5226'.
[  233.672079][T17002] SELinux:  Context Ü is not valid (left unmapped).
[  233.736962][T15997] IPVS: starting estimator thread 0...
[  233.738024][T17002] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  233.743206][T17011] FAULT_INJECTION: forcing a failure.
[  233.743206][T17011] name failslab, interval 1, probability 0, space 0, times 0
[  233.762230][T17011] CPU: 1 UID: 0 PID: 17011 Comm: syz.3.5230 Tainted: G        W           6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(voluntary) 
[  233.762392][T17011] Tainted: [W]=WARN
[  233.762398][T17011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  233.762411][T17011] Call Trace:
[  233.762418][T17011]  <TASK>
[  233.762426][T17011]  __dump_stack+0x1d/0x30
[  233.762448][T17011]  dump_stack_lvl+0xe8/0x140
[  233.762468][T17011]  dump_stack+0x15/0x1b
[  233.762550][T17011]  should_fail_ex+0x265/0x280
[  233.762568][T17011]  should_failslab+0x8c/0xb0
[  233.762679][T17011]  __kvmalloc_node_noprof+0x123/0x4e0
[  233.762742][T17011]  ? alloc_fdtable+0xbd/0x1d0
[  233.762821][T17011]  ? __kmalloc_cache_noprof+0x22e/0x320
[  233.762850][T17011]  alloc_fdtable+0xbd/0x1d0
[  233.762867][T17011]  dup_fd+0x4c7/0x540
[  233.762885][T17011]  copy_files+0x98/0xf0
[  233.762947][T17011]  copy_process+0xc5b/0x2000
[  233.762978][T17011]  kernel_clone+0x16c/0x5c0
[  233.763000][T17011]  ? vfs_write+0x7e8/0x960
[  233.763022][T17011]  __x64_sys_clone+0xe6/0x120
[  233.763101][T17011]  x64_sys_call+0x119c/0x2ff0
[  233.763122][T17011]  do_syscall_64+0xd2/0x200
[  233.763149][T17011]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  233.763172][T17011]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  233.763197][T17011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.763219][T17011] RIP: 0033:0x7f992577ebe9
[  233.763314][T17011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  233.763331][T17011] RSP: 002b:00007f99241c5fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  233.763348][T17011] RAX: ffffffffffffffda RBX: 00007f99259a6090 RCX: 00007f992577ebe9
[  233.763359][T17011] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000630c1000
[  233.763371][T17011] RBP: 00007f99241c6090 R08: 0000000000000000 R09: 0000000000000000
[  233.763384][T17011] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  233.763396][T17011] R13: 00007f99259a6128 R14: 00007f99259a6090 R15: 00007ffccc6832b8
[  233.763495][T17011]  </TASK>
[  233.978235][T17002] loop3: detected capacity change from 0 to 512
[  233.993458][T17002] EXT4-fs error (device loop3): ext4_xattr_inode_iget:442: comm syz.3.5230: error while reading EA inode 32 err=-116
[  234.015405][T17002] EXT4-fs (loop3): Remounting filesystem read-only
[  234.022028][T17002] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  234.043859][T17002] EXT4-fs (loop3): 1 orphan inode deleted
[  234.050113][T17002] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  234.064765][T17002] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.074032][T17012] IPVS: using max 2736 ests per chain, 136800 per kthread
[  234.160821][   T29] kauditd_printk_skb: 1130 callbacks suppressed
[  234.160837][   T29] audit: type=1400 audit(1755381804.939:18017): avc:  denied  { unlink } for  pid=11258 comm="syz-executor" name="file0" dev="tmpfs" ino=1672 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=DC
[  234.202503][T17039] netlink: 'syz.3.5237': attribute type 10 has an invalid length.
[  234.213231][   T29] audit: type=1326 audit(1755381804.999:18018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17037 comm="syz.3.5237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f992577ebe9 code=0x7ffc0000
[  234.220116][T17039] loop3: detected capacity change from 0 to 1024
[  234.237564][   T29] audit: type=1326 audit(1755381804.999:18019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17037 comm="syz.3.5237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f992577ebe9 code=0x7ffc0000
[  234.244197][T17039] EXT4-fs: Ignoring removed nomblk_io_submit option
[  234.267461][   T29] audit: type=1326 audit(1755381804.999:18020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17037 comm="syz.3.5237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f992577ebe9 code=0x7ffc0000
[  234.297069][   T29] audit: type=1326 audit(1755381804.999:18021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17037 comm="syz.3.5237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f992577ebe9 code=0x7ffc0000
[  234.302814][T17039] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  234.321412][   T29] audit: type=1326 audit(1755381804.999:18022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17037 comm="syz.3.5237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f992577ebe9 code=0x7ffc0000
[  234.329193][T17039] System zones: 0-1, 3-36
[  234.352913][   T29] audit: type=1326 audit(1755381804.999:18023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17037 comm="syz.3.5237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f992577ebe9 code=0x7ffc0000
[  234.357540][T17039] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  234.380276][   T29] audit: type=1326 audit(1755381804.999:18024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17037 comm="syz.3.5237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f992577ebe9 code=0x7ffc0000
[  234.423287][   T29] audit: type=1326 audit(1755381804.999:18025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17037 comm="syz.3.5237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f992577ebe9 code=0x7ffc0000
[  234.446926][   T29] audit: type=1326 audit(1755381804.999:18026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17037 comm="syz.3.5237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f992577ebe9 code=0x7ffc0000
[  234.475160][T17045] netlink: 'syz.4.5240': attribute type 10 has an invalid length.
[  234.515635][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.664453][T17075] netlink: 'syz.4.5254': attribute type 10 has an invalid length.
[  235.001893][T17118] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5272'.
[  235.415797][T17145] netlink: 'syz.3.5283': attribute type 10 has an invalid length.
[  235.431816][T17145] loop3: detected capacity change from 0 to 1024
[  235.439014][T17145] EXT4-fs: Ignoring removed nomblk_io_submit option
[  235.451588][T17145] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  235.459760][T17145] System zones: 0-1, 3-36
[  235.465500][T17145] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  235.508900][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.575922][T17159] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5287'.
[  235.630183][T17168] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5291'.
[  235.750021][T17185] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  235.882364][T17199] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5305'.
[  235.959346][T17207] FAULT_INJECTION: forcing a failure.
[  235.959346][T17207] name failslab, interval 1, probability 0, space 0, times 0
[  235.972044][T17207] CPU: 0 UID: 0 PID: 17207 Comm: syz.3.5308 Tainted: G        W           6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(voluntary) 
[  235.972131][T17207] Tainted: [W]=WARN
[  235.972137][T17207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  235.972147][T17207] Call Trace:
[  235.972153][T17207]  <TASK>
[  235.972160][T17207]  __dump_stack+0x1d/0x30
[  235.972181][T17207]  dump_stack_lvl+0xe8/0x140
[  235.972198][T17207]  dump_stack+0x15/0x1b
[  235.972219][T17207]  should_fail_ex+0x265/0x280
[  235.972319][T17207]  should_failslab+0x8c/0xb0
[  235.972365][T17207]  __kvmalloc_node_noprof+0x123/0x4e0
[  235.972393][T17207]  ? bpf_test_run_xdp_live+0x114/0xfe0
[  235.972414][T17207]  bpf_test_run_xdp_live+0x114/0xfe0
[  235.972465][T17207]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  235.972508][T17207]  ? __pfx_autoremove_wake_function+0x10/0x10
[  235.972536][T17207]  ? 0xffffffffa02052c0
[  235.972548][T17207]  ? synchronize_rcu+0x45/0x320
[  235.972627][T17207]  ? 0xffffffffa02052c0
[  235.972638][T17207]  ? 0xffffffffa02052c0
[  235.972649][T17207]  ? bpf_dispatcher_change_prog+0x6ec/0x7f0
[  235.972724][T17207]  ? 0xffffffffa0201818
[  235.972742][T17207]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  235.972764][T17207]  bpf_prog_test_run_xdp+0x4f5/0x910
[  235.972804][T17207]  ? __rcu_read_unlock+0x4f/0x70
[  235.972823][T17207]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  235.972839][T17207]  bpf_prog_test_run+0x22a/0x390
[  235.972892][T17207]  __sys_bpf+0x4b9/0x7b0
[  235.972922][T17207]  __x64_sys_bpf+0x41/0x50
[  235.972942][T17207]  x64_sys_call+0x2aea/0x2ff0
[  235.973004][T17207]  do_syscall_64+0xd2/0x200
[  235.973043][T17207]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  235.973134][T17207]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  235.973159][T17207]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.973180][T17207] RIP: 0033:0x7f992577ebe9
[  235.973195][T17207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  235.973217][T17207] RSP: 002b:00007f99241e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  235.973312][T17207] RAX: ffffffffffffffda RBX: 00007f99259a5fa0 RCX: 00007f992577ebe9
[  235.973323][T17207] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  235.973333][T17207] RBP: 00007f99241e7090 R08: 0000000000000000 R09: 0000000000000000
[  235.973344][T17207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  235.973357][T17207] R13: 00007f99259a6038 R14: 00007f99259a5fa0 R15: 00007ffccc6832b8
[  235.973375][T17207]  </TASK>
[  236.374577][T17225] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17225 comm=syz.1.5317
[  236.387186][T17225] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=17225 comm=syz.1.5317
[  236.427081][T17226] loop3: detected capacity change from 0 to 512
[  236.499017][T17226] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  236.514016][T17230] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5318'.
[  236.524255][T17226] ext4 filesystem being mounted at /331/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  236.603454][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.632930][T17252] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  236.684042][T17255] tipc: Started in network mode
[  236.688950][T17255] tipc: Node identity ac1414aa, cluster identity 4711
[  236.698450][T17255] tipc: New replicast peer: 100.1.1.1
[  236.703934][T17255] tipc: Enabled bearer <udp:syz2>, priority 10
[  236.847881][T17265] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5331'.
[  236.926053][T17286] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  237.587924][T17377] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  237.623881][T17382] netlink: 'syz.1.5378': attribute type 10 has an invalid length.
[  237.761840][T17389] loop3: detected capacity change from 0 to 512
[  237.797550][T17389] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  237.810363][T17389] ext4 filesystem being mounted at /348/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  237.827229][T17389] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.5379: corrupted inode contents
[  237.839107][ T3410] tipc: Node number set to 2886997162
[  237.844963][T17389] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.5379: mark_inode_dirty error
[  237.856475][T17389] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.5379: corrupted inode contents
[  237.910113][T17389] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.5379: mark_inode_dirty error
[  237.940151][T17410] netlink: 'syz.1.5388': attribute type 10 has an invalid length.
[  237.961722][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.304518][T17430] chnl_net:caif_netlink_parms(): no params data found
[  238.345583][T17430] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.352688][T17430] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.359853][T17430] bridge_slave_0: entered allmulticast mode
[  238.366964][T17430] bridge_slave_0: entered promiscuous mode
[  238.379193][T17430] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.386343][T17430] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.393906][T17430] bridge_slave_1: entered allmulticast mode
[  238.402066][T17430] bridge_slave_1: entered promiscuous mode
[  238.423485][T17430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  238.436537][T17430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  238.461286][T17430] team0: Port device team_slave_0 added
[  238.468041][T17430] team0: Port device team_slave_1 added
[  238.502738][T17430] batman_adv: batadv0: Adding interface: batadv_slave_0
[  238.509702][T17430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.536158][T17430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  238.551027][T17430] batman_adv: batadv0: Adding interface: batadv_slave_1
[  238.557995][T17430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.584758][T17430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  238.612334][T17471] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  238.643376][T17430] hsr_slave_0: entered promiscuous mode
[  238.653919][T17430] hsr_slave_1: entered promiscuous mode
[  238.667917][T17430] debugfs: 'hsr0' already exists in 'hsr'
[  238.674327][T17430] Cannot create hsr debugfs directory
[  238.733731][   T12] bridge_slave_1: left allmulticast mode
[  238.739410][   T12] bridge_slave_1: left promiscuous mode
[  238.745092][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.758202][   T12] bridge_slave_0: left allmulticast mode
[  238.764514][   T12] bridge_slave_0: left promiscuous mode
[  238.770139][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.947543][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  238.984516][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  239.058171][   T12] bond0 (unregistering): Released all slaves
[  239.118635][T17487] netlink: 'syz.2.5415': attribute type 10 has an invalid length.
[  239.155263][   T12] IPVS: stopping backup sync thread 14632 ...
[  239.187714][   T29] kauditd_printk_skb: 1073 callbacks suppressed
[  239.187729][   T29] audit: type=1326 audit(1755381809.959:19100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.2.5415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  239.217934][   T29] audit: type=1326 audit(1755381809.959:19101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.2.5415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  239.241974][   T29] audit: type=1326 audit(1755381809.959:19102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.2.5415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  239.265486][   T29] audit: type=1326 audit(1755381809.959:19103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.2.5415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  239.289544][   T29] audit: type=1326 audit(1755381809.959:19104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.2.5415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  239.313493][   T29] audit: type=1326 audit(1755381809.959:19105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.2.5415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  239.337130][   T29] audit: type=1326 audit(1755381809.959:19106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.2.5415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  239.361206][   T29] audit: type=1326 audit(1755381809.969:19107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.2.5415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  239.384762][   T29] audit: type=1326 audit(1755381809.969:19108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.2.5415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  239.408745][   T29] audit: type=1326 audit(1755381809.969:19109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.2.5415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  239.437446][   T12] hsr_slave_0: left promiscuous mode
[  239.444220][   T12] hsr_slave_1: left promiscuous mode
[  239.570344][   T12] team0 (unregistering): Port device team_slave_1 removed
[  239.621293][   T12] team0 (unregistering): Port device team_slave_0 removed
[  239.629082][T17502] __nla_validate_parse: 8 callbacks suppressed
[  239.629108][T17502] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5422'.
[  239.645124][T17502] netlink: 13708 bytes leftover after parsing attributes in process `syz.1.5422'.
[  239.740473][T17502] lo speed is unknown, defaulting to 1000
[  239.778028][T17506] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5420'.
[  239.950158][T17502] lo speed is unknown, defaulting to 1000
[  240.107822][T17502] lo speed is unknown, defaulting to 1000
[  240.164187][T17514] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5424'.
[  240.171359][T17502] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  240.189606][T17502] lo speed is unknown, defaulting to 1000
[  240.195815][T17502] lo speed is unknown, defaulting to 1000
[  240.202104][T17502] lo speed is unknown, defaulting to 1000
[  240.208200][T17502] lo speed is unknown, defaulting to 1000
[  240.215345][T17502] lo speed is unknown, defaulting to 1000
[  240.221465][T17502] lo speed is unknown, defaulting to 1000
[  240.239666][T17514] loop3: detected capacity change from 0 to 512
[  240.302449][T17514] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[  240.318956][T17430] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  240.321231][T17514] System zones: 0-2, 18-18, 34-34
[  240.333651][T17526] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5425'.
[  240.337497][T17430] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  240.350106][T17514] EXT4-fs (loop3): orphan cleanup on readonly fs
[  240.363799][T17430] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  240.371706][T17514] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5424: bg 0: block 248: padding at end of block bitmap is not set
[  240.394527][T17492] syz.0.5418 (17492) used greatest stack depth: 7304 bytes left
[  240.412350][T17514] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.5424: Failed to acquire dquot type 1
[  240.424439][T17514] EXT4-fs (loop3): 1 orphan inode deleted
[  240.432523][   T51] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 1
[  240.452561][T17514] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  240.481244][T17430] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  240.501011][T17514] EXT4-fs error (device loop3): ext4_lookup:1791: inode #2: comm syz.3.5424: deleted inode referenced: 12
[  240.567528][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.600944][T17430] 8021q: adding VLAN 0 to HW filter on device bond0
[  240.624433][T17430] 8021q: adding VLAN 0 to HW filter on device team0
[  240.650403][  T299] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.657524][  T299] bridge0: port 1(bridge_slave_0) entered forwarding state
[  240.694564][ T4078] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.701669][ T4078] bridge0: port 2(bridge_slave_1) entered forwarding state
[  240.745642][T17558] loop3: detected capacity change from 0 to 512
[  240.775141][T17558] EXT4-fs: Ignoring removed nomblk_io_submit option
[  240.798665][T17558] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  240.813652][T17558] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters
[  240.815090][T17430] 8021q: adding VLAN 0 to HW filter on device batadv0
[  240.831717][T17558] EXT4-fs (loop3): Remounting filesystem read-only
[  240.843004][T17558] EXT4-fs (loop3): 1 truncate cleaned up
[  240.849183][T17558] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  240.869235][T17558] netlink: 92 bytes leftover after parsing attributes in process `syz.3.5430'.
[  240.895402][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.919080][T17572] nfs: Deprecated parameter 'nointr'
[  241.044401][T17580] lo speed is unknown, defaulting to 1000
[  241.048087][T17584] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5434'.
[  241.078583][T17430] veth0_vlan: entered promiscuous mode
[  241.099852][T17430] veth1_vlan: entered promiscuous mode
[  241.134509][T17430] veth0_macvtap: entered promiscuous mode
[  241.151222][T17430] veth1_macvtap: entered promiscuous mode
[  241.182673][T17430] batman_adv: batadv0: Interface activated: batadv_slave_0
[  241.201668][T17430] batman_adv: batadv0: Interface activated: batadv_slave_1
[  241.226023][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  241.244586][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  241.253414][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  241.262655][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  241.334614][T17611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5444'.
[  241.411549][T17627] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  241.418561][T16008] IPVS: starting estimator thread 0...
[  241.435711][T17638] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5449'.
[  241.440831][T17633] lo speed is unknown, defaulting to 1000
[  241.521150][T17635] IPVS: using max 2688 ests per chain, 134400 per kthread
[  241.607487][T17658] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5454'.
[  241.622158][T17660] FAULT_INJECTION: forcing a failure.
[  241.622158][T17660] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  241.635286][T17660] CPU: 1 UID: 0 PID: 17660 Comm: syz.4.5451 Tainted: G        W           6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(voluntary) 
[  241.635325][T17660] Tainted: [W]=WARN
[  241.635330][T17660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  241.635341][T17660] Call Trace:
[  241.635348][T17660]  <TASK>
[  241.635357][T17660]  __dump_stack+0x1d/0x30
[  241.635375][T17660]  dump_stack_lvl+0xe8/0x140
[  241.635446][T17660]  dump_stack+0x15/0x1b
[  241.635460][T17660]  should_fail_ex+0x265/0x280
[  241.635501][T17660]  should_fail+0xb/0x20
[  241.635518][T17660]  should_fail_usercopy+0x1a/0x20
[  241.635536][T17660]  _copy_to_user+0x20/0xa0
[  241.635627][T17660]  simple_read_from_buffer+0xb5/0x130
[  241.635650][T17660]  proc_fail_nth_read+0x10e/0x150
[  241.635672][T17660]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  241.635726][T17660]  vfs_read+0x1a5/0x770
[  241.635742][T17660]  ? __rcu_read_unlock+0x4f/0x70
[  241.635761][T17660]  ? __fget_files+0x184/0x1c0
[  241.635783][T17660]  ksys_read+0xda/0x1a0
[  241.635818][T17660]  __x64_sys_read+0x40/0x50
[  241.635879][T17660]  x64_sys_call+0x27bc/0x2ff0
[  241.635901][T17660]  do_syscall_64+0xd2/0x200
[  241.635952][T17660]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  241.636012][T17660]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  241.636036][T17660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.636131][T17660] RIP: 0033:0x7f01db55d5fc
[  241.636149][T17660] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  241.636164][T17660] RSP: 002b:00007f01d9f73030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  241.636181][T17660] RAX: ffffffffffffffda RBX: 00007f01db786090 RCX: 00007f01db55d5fc
[  241.636192][T17660] RDX: 000000000000000f RSI: 00007f01d9f730a0 RDI: 0000000000000009
[  241.636202][T17660] RBP: 00007f01d9f73090 R08: 0000000000000000 R09: 0000000000000000
[  241.636215][T17660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  241.636229][T17660] R13: 00007f01db786128 R14: 00007f01db786090 R15: 00007ffcfc1090a8
[  241.636311][T17660]  </TASK>
[  242.242979][T17699] loop4: detected capacity change from 0 to 512
[  242.447594][T17699] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.484746][T17699] ext4 filesystem being mounted at /6/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  242.661871][T17692] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #2: comm syz.4.5470: corrupted inode contents
[  242.701689][T17692] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #2: comm syz.4.5470: mark_inode_dirty error
[  242.747118][T17692] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #2: comm syz.4.5470: corrupted inode contents
[  242.775808][T17736] 9pnet: Could not find request transport: 0xffffffffffffffff
[  242.814151][T17692] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.5470: mark_inode_dirty error
[  242.943338][T17430] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.073768][T17764] netlink: 'syz.0.5497': attribute type 10 has an invalid length.
[  243.103831][T17756] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  243.135022][T17756] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  243.706086][T17790] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  243.839195][T17813] netlink: 'syz.0.5514': attribute type 10 has an invalid length.
[  243.839254][T17811] lo speed is unknown, defaulting to 1000
[  244.091143][T17846] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  244.170538][T17854] netlink: 'syz.0.5530': attribute type 10 has an invalid length.
[  244.178554][T17852] loop3: detected capacity change from 0 to 512
[  244.224350][   T29] kauditd_printk_skb: 648 callbacks suppressed
[  244.224364][   T29] audit: type=1326 audit(1755381814.989:19755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17853 comm="syz.0.5530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  244.254941][   T29] audit: type=1326 audit(1755381814.989:19756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17853 comm="syz.0.5530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  244.278627][   T29] audit: type=1326 audit(1755381814.989:19757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17853 comm="syz.0.5530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  244.302798][   T29] audit: type=1326 audit(1755381814.989:19758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17853 comm="syz.0.5530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  244.326373][   T29] audit: type=1326 audit(1755381814.989:19759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17853 comm="syz.0.5530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  244.350619][   T29] audit: type=1326 audit(1755381814.989:19760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17853 comm="syz.0.5530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  244.374894][   T29] audit: type=1326 audit(1755381814.989:19761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17853 comm="syz.0.5530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  244.398472][   T29] audit: type=1326 audit(1755381814.989:19762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17853 comm="syz.0.5530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  244.422679][   T29] audit: type=1326 audit(1755381814.989:19763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17853 comm="syz.0.5530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  244.446264][   T29] audit: type=1326 audit(1755381814.989:19764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17853 comm="syz.0.5530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77a698ebe9 code=0x7ffc0000
[  244.584494][T17852] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  244.601023][T17852] ext4 filesystem being mounted at /386/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  244.725792][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.786698][T17883] __nla_validate_parse: 7 callbacks suppressed
[  244.786713][T17883] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5541'.
[  244.797130][T17875] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5537'.
[  244.838554][T17881] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  244.884308][T17891] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17891 comm=syz.1.5544
[  244.940680][T17897] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5547'.
[  245.059925][T17914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5554'.
[  245.188106][T17938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5565'.
[  245.189849][T17936] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5564'.
[  245.427336][T17965] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  245.464281][T17969] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5579'.
[  245.545510][T17977] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5583'.
[  245.612868][T17982] lo speed is unknown, defaulting to 1000
[  245.820264][T17992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  245.837611][T17992] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  246.088186][T18003] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5593'.
[  246.115903][T18007] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5595'.
[  246.215535][T18020] lo speed is unknown, defaulting to 1000
[  246.493824][T18058] 0ªX¹¦À: renamed from caif0
[  246.502657][T18058] 0ªX¹¦À: entered allmulticast mode
[  246.507875][T18058] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  246.556528][T18071] netlink: 'syz.4.5624': attribute type 10 has an invalid length.
[  246.582354][T18071] 8021q: adding VLAN 0 to HW filter on device batadv0
[  246.595474][T18071] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  246.626437][T18071] loop4: detected capacity change from 0 to 1024
[  246.645100][T18071] EXT4-fs: Ignoring removed nomblk_io_submit option
[  246.671485][T18071] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  246.689033][T18071] System zones: 0-1, 3-36
[  246.701446][T18071] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  246.758662][T18099] vlan2: entered allmulticast mode
[  246.768218][T17430] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.871588][T18119] ieee802154 phy1 wpan1: encryption failed: -22
[  246.954632][T18132] netlink: 'syz.3.5651': attribute type 10 has an invalid length.
[  246.971127][T18132] loop3: detected capacity change from 0 to 1024
[  246.979953][T18132] EXT4-fs: Ignoring removed nomblk_io_submit option
[  247.014623][T18132] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  247.022816][T18132] System zones: 0-1, 3-36
[  247.028212][T18132] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  247.081294][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  247.221537][T18153] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  247.349498][T18163] lo speed is unknown, defaulting to 1000
[  247.358365][T18179] loop4: detected capacity change from 0 to 512
[  247.415302][T18179] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.5662: casefold flag without casefold feature
[  247.446026][T18179] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.5662: couldn't read orphan inode 15 (err -117)
[  247.463221][T18179] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  247.549054][T17430] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  247.887373][T18221] sctp: [Deprecated]: syz.0.5677 (pid 18221) Use of int in max_burst socket option deprecated.
[  247.887373][T18221] Use struct sctp_assoc_value instead
[  247.903332][T18221] sctp: [Deprecated]: syz.0.5677 (pid 18221) Use of int in max_burst socket option deprecated.
[  247.903332][T18221] Use struct sctp_assoc_value instead
[  247.921602][T18221] sctp: [Deprecated]: syz.0.5677 (pid 18221) Use of int in max_burst socket option deprecated.
[  247.921602][T18221] Use struct sctp_assoc_value instead
[  248.001571][T18221] sctp: [Deprecated]: syz.0.5677 (pid 18221) Use of int in max_burst socket option deprecated.
[  248.001571][T18221] Use struct sctp_assoc_value instead
[  248.029398][T18221] sctp: [Deprecated]: syz.0.5677 (pid 18221) Use of int in max_burst socket option deprecated.
[  248.029398][T18221] Use struct sctp_assoc_value instead
[  248.045964][T18221] sctp: [Deprecated]: syz.0.5677 (pid 18221) Use of int in max_burst socket option deprecated.
[  248.045964][T18221] Use struct sctp_assoc_value instead
[  248.061697][T18221] sctp: [Deprecated]: syz.0.5677 (pid 18221) Use of int in max_burst socket option deprecated.
[  248.061697][T18221] Use struct sctp_assoc_value instead
[  248.088905][T18221] sctp: [Deprecated]: syz.0.5677 (pid 18221) Use of int in max_burst socket option deprecated.
[  248.088905][T18221] Use struct sctp_assoc_value instead
[  248.104858][T18221] sctp: [Deprecated]: syz.0.5677 (pid 18221) Use of int in max_burst socket option deprecated.
[  248.104858][T18221] Use struct sctp_assoc_value instead
[  248.126760][T18221] sctp: [Deprecated]: syz.0.5677 (pid 18221) Use of int in max_burst socket option deprecated.
[  248.126760][T18221] Use struct sctp_assoc_value instead
[  248.258683][T18250] ieee802154 phy1 wpan1: encryption failed: -22
[  248.446107][T18268] 9pnet: Could not find request transport: 0xffffffffffffffff
[  248.461954][T18268] loop3: detected capacity change from 0 to 512
[  248.473531][T18268] msdos: Bad value for 'tz'
[  248.864524][T18304] 9pnet: Could not find request transport: 0xffffffffffffffff
[  248.877125][T18304] loop3: detected capacity change from 0 to 512
[  248.884553][T18304] msdos: Bad value for 'tz'
[  249.190804][T18331] loop3: detected capacity change from 0 to 512
[  249.242269][T18331] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  249.270626][T18331] ext4 filesystem being mounted at /428/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  249.300363][T18317] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.5714: corrupted inode contents
[  249.327868][T18317] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.5714: mark_inode_dirty error
[  249.355663][T18317] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.5714: corrupted inode contents
[  249.387748][T18317] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.5714: mark_inode_dirty error
[  249.390467][   T29] kauditd_printk_skb: 1136 callbacks suppressed
[  249.390561][   T29] audit: type=1326 audit(1755381820.169:20901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18347 comm="syz.2.5726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  249.453917][   T29] audit: type=1326 audit(1755381820.189:20902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18313 comm="syz.3.5714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f992577ebe9 code=0x7ffc0000
[  249.454342][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.477690][   T29] audit: type=1326 audit(1755381820.189:20903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18313 comm="syz.3.5714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f992577ebe9 code=0x7ffc0000
[  249.477713][   T29] audit: type=1326 audit(1755381820.189:20904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18313 comm="syz.3.5714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7f992577ebe9 code=0x7ffc0000
[  249.477788][   T29] audit: type=1326 audit(1755381820.189:20905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18313 comm="syz.3.5714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f992577ebe9 code=0x7ffc0000
[  249.477810][   T29] audit: type=1326 audit(1755381820.189:20906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18313 comm="syz.3.5714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f992577ebe9 code=0x7ffc0000
[  249.477853][   T29] audit: type=1326 audit(1755381820.209:20907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18347 comm="syz.2.5726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  249.477876][   T29] audit: type=1326 audit(1755381820.209:20908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18347 comm="syz.2.5726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  249.477899][   T29] audit: type=1326 audit(1755381820.209:20909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18347 comm="syz.2.5726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  249.477939][   T29] audit: type=1326 audit(1755381820.209:20910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18347 comm="syz.2.5726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb39b88ebe9 code=0x7ffc0000
[  249.797382][T18377] __nla_validate_parse: 17 callbacks suppressed
[  249.797397][T18377] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5737'.
[  249.861714][T18359] lo speed is unknown, defaulting to 1000
[  249.906608][T18359] chnl_net:caif_netlink_parms(): no params data found
[  249.915422][T18393] ieee802154 phy1 wpan1: encryption failed: -22
[  249.940685][T18359] bridge0: port 1(bridge_slave_0) entered blocking state
[  249.948184][T18359] bridge0: port 1(bridge_slave_0) entered disabled state
[  249.963234][T18359] bridge_slave_0: entered allmulticast mode
[  249.969778][T18359] bridge_slave_0: entered promiscuous mode
[  249.977544][T18359] bridge0: port 2(bridge_slave_1) entered blocking state
[  249.984864][T18359] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.992148][T18359] bridge_slave_1: entered allmulticast mode
[  249.998588][T18359] bridge_slave_1: entered promiscuous mode
[  250.032571][T18359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  250.044564][   T51] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.058048][T18359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  250.079608][T18359] team0: Port device team_slave_0 added
[  250.094643][T18359] team0: Port device team_slave_1 added
[  250.100275][T18402] 9pnet: Could not find request transport: 0xffffffffffffffff
[  250.110306][T18407] loop3: detected capacity change from 0 to 512
[  250.118957][   T51] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.188059][T18359] batman_adv: batadv0: Adding interface: batadv_slave_0
[  250.195081][T18359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  250.200675][T18407] msdos: Bad value for 'tz'
[  250.221677][T18359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  250.246936][T18359] batman_adv: batadv0: Adding interface: batadv_slave_1
[  250.254004][T18359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  250.279985][T18359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  250.331992][   T51] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.390248][T18412] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5747'.
[  250.410733][T18413] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5745'.
[  250.425295][T18359] hsr_slave_0: entered promiscuous mode
[  250.431448][T18359] hsr_slave_1: entered promiscuous mode
[  250.437554][T18359] debugfs: 'hsr0' already exists in 'hsr'
[  250.443325][T18359] Cannot create hsr debugfs directory
[  250.449608][T18413] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  250.488748][T18413] batman_adv: batadv0: Removing interface: batadv_slave_1
[  250.502732][   T51] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.575073][T18416] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5748'.
[  250.764445][   T51] bridge_slave_1: left allmulticast mode
[  250.770116][   T51] bridge_slave_1: left promiscuous mode
[  250.775871][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.784183][   T51] bridge_slave_0: left allmulticast mode
[  250.789837][   T51] bridge_slave_0: left promiscuous mode
[  250.796162][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.871493][T18431] netlink: 'syz.0.5751': attribute type 10 has an invalid length.
[  250.880650][T18426] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5752'.
[  250.891829][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  250.901410][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  250.910661][   T51] bond0 (unregistering): Released all slaves
[  251.022149][T18437] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5755'.
[  251.031251][   T51] hsr_slave_0: left promiscuous mode
[  251.052107][   T51] hsr_slave_1: left promiscuous mode
[  251.063618][T18443] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5757'.
[  251.080419][   T51] veth1_vlan: left promiscuous mode
[  251.086526][   T51] veth0_vlan: left promiscuous mode
[  251.226172][T18453] loop3: detected capacity change from 0 to 512
[  251.254335][T18453] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[  251.264964][T18453] System zones: 0-2, 18-18, 34-34
[  251.270179][T18453] EXT4-fs (loop3): orphan cleanup on readonly fs
[  251.277726][T18453] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5761: bg 0: block 248: padding at end of block bitmap is not set
[  251.292789][T18453] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.5761: Failed to acquire dquot type 1
[  251.304974][T18453] EXT4-fs (loop3): 1 orphan inode deleted
[  251.335814][   T51] team0 (unregistering): Port device team_slave_1 removed
[  251.337361][   T41] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:2: Failed to release dquot type 1
[  251.355949][   T51] team0 (unregistering): Port device team_slave_0 removed
[  251.363609][T18453] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  251.456646][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.476137][   T36] lo speed is unknown, defaulting to 1000
[  251.481910][   T36] infiniband syz0: ib_query_port failed (-19)
[  251.698707][T18359] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  251.738971][T18485] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5769'.
[  251.739183][T18359] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  251.755335][   T51] IPVS: stop unused estimator thread 0...
[  251.815304][T18359] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  251.860458][T18359] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  252.040209][T18518] loop3: detected capacity change from 0 to 512
[  252.049818][T18359] 8021q: adding VLAN 0 to HW filter on device bond0
[  252.063169][T18359] 8021q: adding VLAN 0 to HW filter on device team0
[  252.071854][T18518] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[  252.079863][T18518] System zones: 0-2, 18-18, 34-34
[  252.087005][T18518] EXT4-fs (loop3): orphan cleanup on readonly fs
[  252.099768][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.106924][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[  252.116528][T18518] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5779: bg 0: block 248: padding at end of block bitmap is not set
[  252.140999][T18518] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.5779: Failed to acquire dquot type 1
[  252.152831][T18528] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  252.173893][T18518] EXT4-fs (loop3): 1 orphan inode deleted
[  252.181196][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[  252.188272][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[  252.200213][   T51] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 1
[  252.223708][T18518] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  252.287083][T18359] 8021q: adding VLAN 0 to HW filter on device batadv0
[  252.354485][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  252.355640][T18359] veth0_vlan: entered promiscuous mode
[  252.371686][T18359] veth1_vlan: entered promiscuous mode
[  252.498406][T18563] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5783'.
[  252.527448][T18561] 9pnet: Could not find request transport: 0xffffffffffffffff
[  252.782079][T18574] netlink: 'syz.2.5789': attribute type 10 has an invalid length.
[  252.861912][T18359] veth0_macvtap: entered promiscuous mode
[  252.870394][T18359] veth1_macvtap: entered promiscuous mode
[  252.883428][T18359] batman_adv: batadv0: Interface activated: batadv_slave_0
[  252.892262][T18359] batman_adv: batadv0: Interface activated: batadv_slave_1
[  252.902512][T18580] loop4: detected capacity change from 0 to 512
[  252.905504][   T41] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  252.917894][   T41] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  252.932677][   T41] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  252.956152][T18580] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  252.969837][T18580] ext4 filesystem being mounted at /56/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  252.988417][   T41] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  253.173856][T17430] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.245682][T18607] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  253.254756][T18607] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  253.274681][T18613] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5803'.
[  253.464759][T18622] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  253.888690][T18650] loop1: detected capacity change from 0 to 512
[  253.912785][T18650] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  253.915022][T18653] netlink: 'syz.0.5817': attribute type 10 has an invalid length.
[  253.940267][T18650] EXT4-fs (loop1): 1 truncate cleaned up
[  253.953108][T18650] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  254.099188][T18650] vlan2: entered allmulticast mode
[  254.175768][T18659] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  254.228805][T18359] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.266935][T18664] netlink: 'syz.1.5821': attribute type 10 has an invalid length.
[  254.313953][T18664] 8021q: adding VLAN 0 to HW filter on device batadv0
[  254.346903][T18664] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  254.413651][   T29] kauditd_printk_skb: 755 callbacks suppressed
[  254.413666][   T29] audit: type=1326 audit(1755381825.199:21660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18663 comm="syz.1.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b5b3bebe9 code=0x7ffc0000
[  254.447402][T18681] netlink: 'syz.0.5828': attribute type 10 has an invalid length.
[  254.467714][T18664] loop1: detected capacity change from 0 to 1024
[  254.474253][   T29] audit: type=1326 audit(1755381825.199:21661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18663 comm="syz.1.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b5b3bebe9 code=0x7ffc0000
[  254.497907][   T29] audit: type=1326 audit(1755381825.229:21662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18663 comm="syz.1.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f9b5b3bebe9 code=0x7ffc0000
[  254.521494][   T29] audit: type=1326 audit(1755381825.229:21663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18663 comm="syz.1.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b5b3bebe9 code=0x7ffc0000
[  254.535125][T18664] EXT4-fs: Ignoring removed nomblk_io_submit option
[  254.545220][   T29] audit: type=1326 audit(1755381825.229:21664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18663 comm="syz.1.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b5b3bebe9 code=0x7ffc0000
[  254.575217][   T29] audit: type=1326 audit(1755381825.229:21665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18663 comm="syz.1.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9b5b3bebe9 code=0x7ffc0000
[  254.576999][T18664] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  254.598909][   T29] audit: type=1326 audit(1755381825.229:21666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18663 comm="syz.1.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b5b3bebe9 code=0x7ffc0000
[  254.608149][T18664] System zones: 0-1, 3-36
[  254.630512][   T29] audit: type=1326 audit(1755381825.229:21667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18663 comm="syz.1.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b5b3bebe9 code=0x7ffc0000
[  254.658590][   T29] audit: type=1326 audit(1755381825.229:21668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18663 comm="syz.1.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9b5b3bebe9 code=0x7ffc0000
[  254.661292][T18664] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.682149][   T29] audit: type=1326 audit(1755381825.229:21669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18663 comm="syz.1.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b5b3bebe9 code=0x7ffc0000
[  254.809522][T18359] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.422044][T18727] __nla_validate_parse: 4 callbacks suppressed
[  255.422061][T18727] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5839'.
[  256.032559][T18746] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  256.079683][T18760] loop3: detected capacity change from 0 to 128
[  256.126549][T18760] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  256.146486][T18768] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5855'.
[  256.156830][T18760] ext4 filesystem being mounted at /467/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  256.217196][T18778] macvtap1: entered allmulticast mode
[  256.222698][T18778] veth0_macvtap: entered allmulticast mode
[  256.251259][T11258] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  256.304605][T18789] loop3: detected capacity change from 0 to 512
[  256.326713][T18789] msdos: Bad value for 'tz'
[  256.363559][T18797] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5868'.
[  256.476796][T18823] ieee802154 phy1 wpan1: encryption failed: -22
[  256.508182][T18827] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5879'.
[  256.727978][T18839] raw_sendmsg: syz.4.5884 forgot to set AF_INET. Fix it!
[  256.806750][T18839] netlink: 'syz.4.5884': attribute type 4 has an invalid length.
[  256.907493][T18848] FAULT_INJECTION: forcing a failure.
[  256.907493][T18848] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  256.920660][T18848] CPU: 1 UID: 0 PID: 18848 Comm: syz.4.5888 Tainted: G        W           6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(voluntary) 
[  256.920681][T18848] Tainted: [W]=WARN
[  256.920685][T18848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  256.920692][T18848] Call Trace:
[  256.920696][T18848]  <TASK>
[  256.920701][T18848]  __dump_stack+0x1d/0x30
[  256.920715][T18848]  dump_stack_lvl+0xe8/0x140
[  256.920816][T18848]  dump_stack+0x15/0x1b
[  256.920900][T18848]  should_fail_ex+0x265/0x280
[  256.920920][T18848]  should_fail+0xb/0x20
[  256.920934][T18848]  should_fail_usercopy+0x1a/0x20
[  256.921000][T18848]  _copy_from_user+0x1c/0xb0
[  256.921023][T18848]  memdup_user+0x5e/0xd0
[  256.921116][T18848]  strndup_user+0x68/0xb0
[  256.921141][T18848]  keyctl_restrict_keyring+0x15a/0x1b0
[  256.921168][T18848]  __se_sys_keyctl+0x1ed/0xb80
[  256.921211][T18848]  ? __rcu_read_unlock+0x4f/0x70
[  256.921231][T18848]  ? __fget_files+0x184/0x1c0
[  256.921257][T18848]  ? fput+0x8f/0xc0
[  256.921286][T18848]  __x64_sys_keyctl+0x67/0x80
[  256.921310][T18848]  x64_sys_call+0x2f6d/0x2ff0
[  256.921405][T18848]  do_syscall_64+0xd2/0x200
[  256.921449][T18848]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  256.921557][T18848]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  256.921570][T18848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.921582][T18848] RIP: 0033:0x7f01db55ebe9
[  256.921663][T18848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  256.921673][T18848] RSP: 002b:00007f01d9fc7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  256.921684][T18848] RAX: ffffffffffffffda RBX: 00007f01db785fa0 RCX: 00007f01db55ebe9
[  256.921746][T18848] RDX: 0000200000000200 RSI: 000000002b50a060 RDI: 000000000000001d
[  256.921753][T18848] RBP: 00007f01d9fc7090 R08: 0000000000000000 R09: 0000000000000000
[  256.921760][T18848] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  256.921766][T18848] R13: 00007f01db786038 R14: 00007f01db785fa0 R15: 00007ffcfc1090a8
[  256.921780][T18848]  </TASK>
[  257.175248][T18856] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5891'.
[  257.189282][T18858] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5892'.
[  257.215852][T18852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  257.232340][T18852] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  257.425820][T18874] ÿÿÿÿÿÿ: renamed from vlan1
[  257.564326][T18883] ieee802154 phy1 wpan1: encryption failed: -22
[  257.702224][T18899] loop3: detected capacity change from 0 to 128
[  257.711466][T18899] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  257.730506][T18899] ext4 filesystem being mounted at /479/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  257.764598][T18909] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5911'.
[  257.774849][T11258] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  258.069031][T18933] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5920'.
[  258.258188][T18945] loop1: detected capacity change from 0 to 512
[  258.268524][T18945] msdos: Bad value for 'tz'
[  258.383871][T18958] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5932'.
[  258.466718][T18970] netlink: 'syz.1.5938': attribute type 10 has an invalid length.
[  258.510633][T18970] loop1: detected capacity change from 0 to 1024
[  258.518705][T18970] EXT4-fs: Ignoring removed nomblk_io_submit option
[  258.545849][T18970] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  258.561194][T18970] System zones: 0-1, 3-36
[  258.570527][T18970] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.673741][T18359] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.783602][T19010] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5949'.
[  258.959979][T19028] ieee802154 phy1 wpan1: encryption failed: -22
[  258.972681][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  259.008074][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  259.020340][   T12] bond0 (unregistering): Released all slaves
[  259.133599][   T12] tipc: Left network mode
[  259.143759][T19032] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  259.294825][   T12] veth0_macvtap: left allmulticast mode
[  259.428142][   T12] team0 (unregistering): Port device team_slave_1 removed
[  259.480883][   T12] team0 (unregistering): Port device team_slave_0 removed
[  259.586848][   T29] kauditd_printk_skb: 475 callbacks suppressed
[  259.586861][T19067] tmpfs: Bad value for 'mpol'
[  259.586918][   T29] audit: type=1400 audit(1755381830.369:22145): avc:  denied  { mounton } for  pid=19066 comm="syz.3.5967" path="/syzcgroup/unified/syz3" dev="cgroup2" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  259.634807][   T29] audit: type=1326 audit(1755381830.419:22146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19070 comm="syz.4.5969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01db55ebe9 code=0x7ffc0000
[  259.658705][   T29] audit: type=1326 audit(1755381830.419:22147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19070 comm="syz.4.5969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01db55ebe9 code=0x7ffc0000
[  259.682386][   T29] audit: type=1326 audit(1755381830.419:22148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19070 comm="syz.4.5969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01db55ebe9 code=0x7ffc0000
[  259.707370][T19057] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  259.733150][   T29] audit: type=1326 audit(1755381830.419:22149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19070 comm="syz.4.5969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01db55ebe9 code=0x7ffc0000
[  259.756832][   T29] audit: type=1326 audit(1755381830.419:22150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19070 comm="syz.4.5969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01db55ebe9 code=0x7ffc0000
[  259.758186][T19057] batman_adv: batadv0: Removing interface: batadv_slave_1
[  259.780595][   T29] audit: type=1326 audit(1755381830.419:22151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19070 comm="syz.4.5969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01db55ebe9 code=0x7ffc0000
[  259.811211][   T29] audit: type=1326 audit(1755381830.419:22152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19070 comm="syz.4.5969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01db55ebe9 code=0x7ffc0000
[  259.834818][   T29] audit: type=1326 audit(1755381830.419:22153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19070 comm="syz.4.5969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01db55ebe9 code=0x7ffc0000
[  259.858374][   T29] audit: type=1326 audit(1755381830.419:22154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19070 comm="syz.4.5969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01db55ebe9 code=0x7ffc0000
[  259.943845][T18981] chnl_net:caif_netlink_parms(): no params data found
[  260.159221][T19108] loop1: detected capacity change from 0 to 512
[  260.178273][T19106] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  260.221503][T18981] bridge0: port 1(bridge_slave_0) entered blocking state
[  260.225809][T19108] msdos: Bad value for 'tz'
[  260.228650][T18981] bridge0: port 1(bridge_slave_0) entered disabled state
[  260.246457][T18981] bridge_slave_0: entered allmulticast mode
[  260.254179][T18981] bridge_slave_0: entered promiscuous mode
[  260.299644][T18981] bridge0: port 2(bridge_slave_1) entered blocking state
[  260.306832][T18981] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.318903][T18981] bridge_slave_1: entered allmulticast mode
[  260.327474][T18981] bridge_slave_1: entered promiscuous mode
[  260.363136][T18981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  260.392511][T19119] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  260.393827][T18981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  260.409157][T19119] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  260.490542][T18981] team0: Port device team_slave_0 added
[  260.506480][T18981] team0: Port device team_slave_1 added
[  260.563400][T19150] __nla_validate_parse: 3 callbacks suppressed
[  260.563415][T19150] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5987'.
[  260.641608][T18981] batman_adv: batadv0: Adding interface: batadv_slave_0
[  260.648674][T18981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  260.674748][T18981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  260.749659][T19159] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5985'.
[  260.801976][T18981] batman_adv: batadv0: Adding interface: batadv_slave_1
[  260.808963][T18981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  260.834944][T18981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  261.024665][T18981] hsr_slave_0: entered promiscuous mode
[  261.050020][T18981] hsr_slave_1: entered promiscuous mode
[  261.077022][T18981] debugfs: 'hsr0' already exists in 'hsr'
[  261.082825][T18981] Cannot create hsr debugfs directory
[  261.127806][T19176] loop1: detected capacity change from 0 to 512
[  261.135508][T19176] msdos: Bad value for 'tz'
[  261.254738][T19192] FAULT_INJECTION: forcing a failure.
[  261.254738][T19192] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  261.267859][T19192] CPU: 0 UID: 0 PID: 19192 Comm: syz.3.5996 Tainted: G        W           6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(voluntary) 
[  261.267940][T19192] Tainted: [W]=WARN
[  261.267945][T19192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  261.268037][T19192] Call Trace:
[  261.268042][T19192]  <TASK>
[  261.268049][T19192]  __dump_stack+0x1d/0x30
[  261.268145][T19192]  dump_stack_lvl+0xe8/0x140
[  261.268159][T19192]  dump_stack+0x15/0x1b
[  261.268172][T19192]  should_fail_ex+0x265/0x280
[  261.268190][T19192]  should_fail+0xb/0x20
[  261.268203][T19192]  should_fail_usercopy+0x1a/0x20
[  261.268264][T19192]  _copy_from_user+0x1c/0xb0
[  261.268284][T19192]  memdup_user+0x5e/0xd0
[  261.268304][T19192]  strndup_user+0x68/0xb0
[  261.268437][T19192]  __se_sys_mount+0x4d/0x2e0
[  261.268455][T19192]  ? fput+0x8f/0xc0
[  261.268547][T19192]  ? ksys_write+0x192/0x1a0
[  261.268600][T19192]  __x64_sys_mount+0x67/0x80
[  261.268684][T19192]  x64_sys_call+0x2b4d/0x2ff0
[  261.268700][T19192]  do_syscall_64+0xd2/0x200
[  261.268785][T19192]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  261.268803][T19192]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  261.268885][T19192]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.268902][T19192] RIP: 0033:0x7f992577ebe9
[  261.268914][T19192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  261.268928][T19192] RSP: 002b:00007f99241e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  261.268944][T19192] RAX: ffffffffffffffda RBX: 00007f99259a5fa0 RCX: 00007f992577ebe9
[  261.268954][T19192] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000
[  261.269040][T19192] RBP: 00007f99241e7090 R08: 0000200000000480 R09: 0000000000000000
[  261.269050][T19192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  261.269134][T19192] R13: 00007f99259a6038 R14: 00007f99259a5fa0 R15: 00007ffccc6832b8
[  261.269149][T19192]  </TASK>
[  261.501084][T19191] loop4: detected capacity change from 0 to 512
[  261.584827][T19191] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  261.602867][T19191] ext4 filesystem being mounted at /105/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  261.715546][T19214] ieee802154 phy1 wpan1: encryption failed: -22
[  261.738535][T19218] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6001'.
[  261.748114][T19218] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6001'.
[  261.759476][T17430] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  261.955426][T19252] loop1: detected capacity change from 0 to 512
[  261.973885][T18981] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  261.983485][T18981] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  261.990745][T19252] msdos: Bad value for 'tz'
[  261.999540][T18981] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  262.026778][T19263] loop3: detected capacity change from 0 to 512
[  262.049016][T18981] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  262.051697][T19266] loop1: detected capacity change from 0 to 128
[  262.056319][T19263] EXT4-fs: Ignoring removed orlov option
[  262.082180][T19263] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  262.105301][T19263] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[  262.130382][T19263] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.6015: corrupted in-inode xattr: e_value size too large
[  262.136579][T18981] 8021q: adding VLAN 0 to HW filter on device bond0
[  262.155352][T18981] 8021q: adding VLAN 0 to HW filter on device team0
[  262.166365][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  262.172459][T19281] netlink: 'syz.0.6019': attribute type 10 has an invalid length.
[  262.173459][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  262.197225][ T5451] bridge0: port 2(bridge_slave_1) entered blocking state
[  262.204401][ T5451] bridge0: port 2(bridge_slave_1) entered forwarding state
[  262.205872][T19263] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.6015: couldn't read orphan inode 15 (err -117)
[  262.287447][T19263] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  262.323967][T19297] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6022'.
[  262.353516][T19304] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  262.363892][T19301] loop1: detected capacity change from 0 to 512
[  262.394866][T19301] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[  262.398121][T19304] netlink: 'syz.0.6024': attribute type 11 has an invalid length.
[  262.410783][T19304] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6024'.
[  262.413727][T18981] 8021q: adding VLAN 0 to HW filter on device batadv0
[  262.427484][T19301] System zones: 0-2, 18-18, 34-34
[  262.432966][T19301] EXT4-fs (loop1): orphan cleanup on readonly fs
[  262.436819][T19313] loop4: detected capacity change from 0 to 512
[  262.441655][T19301] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.6023: bg 0: block 248: padding at end of block bitmap is not set
[  262.469632][T19313] msdos: Bad value for 'tz'
[  262.477059][T19301] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.6023: Failed to acquire dquot type 1
[  262.513479][T19301] EXT4-fs (loop1): 1 orphan inode deleted
[  262.520860][   T12] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:0: Failed to release dquot type 1
[  262.532106][T19322] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6027'.
[  262.544507][T19263] netlink: 'syz.3.6015': attribute type 1 has an invalid length.
[  262.544674][T19301] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  262.624349][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.633788][T18359] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.650325][T18981] veth0_vlan: entered promiscuous mode
[  262.666580][T18981] veth1_vlan: entered promiscuous mode
[  262.675044][T19339] netlink: 'syz.4.6033': attribute type 19 has an invalid length.
[  262.694309][T19339] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6033'.
[  262.711981][T18981] veth0_macvtap: entered promiscuous mode
[  262.721785][T19341] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6034'.
[  262.742694][T18981] veth1_macvtap: entered promiscuous mode
[  262.780281][T18981] batman_adv: batadv0: Interface activated: batadv_slave_0
[  262.794277][T18981] batman_adv: batadv0: Interface activated: batadv_slave_1
[  262.810335][ T5451] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  262.824138][ T5451] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  262.844047][T19360] ieee802154 phy1 wpan1: encryption failed: -22
[  262.847201][T19362] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6038'.
[  262.850462][T19359] ieee802154 phy1 wpan1: encryption failed: -22
[  262.866140][ T4078] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  262.882360][ T4078] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  262.945282][T19374] loop2: detected capacity change from 0 to 128
[  263.027330][T19369] loop4: detected capacity change from 0 to 1024
[  263.053130][T19369] EXT4-fs: dax option not supported
[  263.267875][T19403] loop4: detected capacity change from 0 to 1024
[  263.292613][T19403] EXT4-fs: Ignoring removed nomblk_io_submit option
[  263.334595][T19403] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  263.370766][T19403] System zones: 0-1, 3-36
[  263.392585][T19403] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  263.596437][T17430] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.794544][T19444] FAULT_INJECTION: forcing a failure.
[  263.794544][T19444] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  263.807654][T19444] CPU: 1 UID: 0 PID: 19444 Comm: syz.4.6071 Tainted: G        W           6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(voluntary) 
[  263.807709][T19444] Tainted: [W]=WARN
[  263.807745][T19444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  263.807792][T19444] Call Trace:
[  263.807798][T19444]  <TASK>
[  263.807805][T19444]  __dump_stack+0x1d/0x30
[  263.807835][T19444]  dump_stack_lvl+0xe8/0x140
[  263.807850][T19444]  dump_stack+0x15/0x1b
[  263.807864][T19444]  should_fail_ex+0x265/0x280
[  263.807886][T19444]  should_fail+0xb/0x20
[  263.807917][T19444]  should_fail_usercopy+0x1a/0x20
[  263.807935][T19444]  _copy_from_user+0x1c/0xb0
[  263.807957][T19444]  ipv6_flowlabel_opt+0xa3/0x1230
[  263.807986][T19444]  ? __rcu_read_unlock+0x4f/0x70
[  263.808076][T19444]  ? mntput_no_expire+0x6f/0x460
[  263.808153][T19444]  ? mntput+0x4b/0x80
[  263.808176][T19444]  ? _raw_spin_unlock_bh+0x36/0x40
[  263.808207][T19444]  ? lock_sock_nested+0x112/0x140
[  263.808265][T19444]  ? path_openat+0x1bf8/0x2170
[  263.808281][T19444]  ? should_fail_ex+0xdb/0x280
[  263.808301][T19444]  do_ipv6_setsockopt+0xb4e/0x2160
[  263.808322][T19444]  ? kstrtoull+0x111/0x140
[  263.808405][T19444]  ? avc_has_perm_noaudit+0x1b1/0x200
[  263.808476][T19444]  ? selinux_netlbl_socket_setsockopt+0x1f9/0x2d0
[  263.808578][T19444]  ipv6_setsockopt+0x59/0x130
[  263.808655][T19444]  udpv6_setsockopt+0x99/0xb0
[  263.808682][T19444]  sock_common_setsockopt+0x69/0x80
[  263.808755][T19444]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  263.808781][T19444]  __sys_setsockopt+0x181/0x200
[  263.808799][T19444]  __x64_sys_setsockopt+0x64/0x80
[  263.808815][T19444]  x64_sys_call+0x20ec/0x2ff0
[  263.808832][T19444]  do_syscall_64+0xd2/0x200
[  263.808893][T19444]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  263.808912][T19444]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  263.808932][T19444]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.808952][T19444] RIP: 0033:0x7f01db55ebe9
[  263.808995][T19444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.809009][T19444] RSP: 002b:00007f01d9fc7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  263.809025][T19444] RAX: ffffffffffffffda RBX: 00007f01db785fa0 RCX: 00007f01db55ebe9
[  263.809037][T19444] RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000006
[  263.809050][T19444] RBP: 00007f01d9fc7090 R08: 0000000000000021 R09: 0000000000000000
[  263.809060][T19444] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001
[  263.809070][T19444] R13: 00007f01db786038 R14: 00007f01db785fa0 R15: 00007ffcfc1090a8
[  263.809137][T19444]  </TASK>
[  264.085356][T19442] loop2: detected capacity change from 0 to 1024
[  264.102089][T19442] EXT4-fs: Ignoring removed nomblk_io_submit option
[  264.112673][T19442] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  264.130433][T19449] loop3: detected capacity change from 0 to 512
[  264.135688][T19442] System zones: 0-1, 3-36
[  264.144329][T19442] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  264.173510][T19449] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  264.208202][T19449] ext4 filesystem being mounted at /505/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  264.257887][T18981] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  264.269967][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  264.358807][T19486] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  264.414823][T19495] netlink: 'syz.4.6089': attribute type 10 has an invalid length.
[  264.427602][T19497] loop3: detected capacity change from 0 to 128
[  264.433217][T19495] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  264.534240][T19504] loop3: detected capacity change from 0 to 512
[  264.562861][T19504] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002]
[  264.589317][T19504] System zones: 0-2, 18-18, 34-34
[  264.595445][T19504] EXT4-fs (loop3): orphan cleanup on readonly fs
[  264.625889][T19506] loop4: detected capacity change from 0 to 512
[  264.635313][T19504] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.6092: bg 0: block 248: padding at end of block bitmap is not set
[  264.676519][T19504] __quota_error: 516 callbacks suppressed
[  264.676534][T19504] Quota error (device loop3): write_blk: dquota write failed
[  264.689717][T19504] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  264.699741][T19504] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.6092: Failed to acquire dquot type 1
[  264.751526][   T29] audit: type=1326 audit(1755381835.539:22668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19519 comm="syz.2.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b260ebe9 code=0x7ffc0000
[  264.775186][   T29] audit: type=1326 audit(1755381835.539:22669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19519 comm="syz.2.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b260ebe9 code=0x7ffc0000
[  264.800165][T19504] EXT4-fs (loop3): 1 orphan inode deleted
[  264.806605][   T31] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-5
[  264.815702][   T31] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:1: Failed to release dquot type 1
[  264.828847][   T29] audit: type=1326 audit(1755381835.589:22670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19519 comm="syz.2.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67b260ebe9 code=0x7ffc0000
[  264.852505][   T29] audit: type=1326 audit(1755381835.589:22671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19519 comm="syz.2.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b260ebe9 code=0x7ffc0000
[  264.863535][T19524] loop1: detected capacity change from 0 to 512
[  264.876312][   T29] audit: type=1326 audit(1755381835.589:22672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19519 comm="syz.2.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67b260ebe9 code=0x7ffc0000
[  264.883688][T19520] FAULT_INJECTION: forcing a failure.
[  264.883688][T19520] name failslab, interval 1, probability 0, space 0, times 0
[  264.906085][   T29] audit: type=1326 audit(1755381835.599:22673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19519 comm="syz.2.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67b260ebe9 code=0x7ffc0000
[  264.918782][T19520] CPU: 1 UID: 0 PID: 19520 Comm: syz.2.6097 Tainted: G        W           6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(voluntary) 
[  264.918816][T19520] Tainted: [W]=WARN
[  264.918822][T19520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  264.918888][T19520] Call Trace:
[  264.918895][T19520]  <TASK>
[  264.918903][T19520]  __dump_stack+0x1d/0x30
[  264.918924][T19520]  dump_stack_lvl+0xe8/0x140
[  264.918942][T19520]  dump_stack+0x15/0x1b
[  264.918958][T19520]  should_fail_ex+0x265/0x280
[  264.919038][T19520]  should_failslab+0x8c/0xb0
[  264.919094][T19520]  kmem_cache_alloc_noprof+0x50/0x310
[  264.919120][T19520]  ? audit_log_start+0x365/0x6c0
[  264.919148][T19520]  audit_log_start+0x365/0x6c0
[  264.919178][T19520]  audit_seccomp+0x48/0x100
[  264.919257][T19520]  ? __seccomp_filter+0x68c/0x10d0
[  264.919278][T19520]  __seccomp_filter+0x69d/0x10d0
[  264.919299][T19520]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  264.919324][T19520]  ? vfs_write+0x7e8/0x960
[  264.919422][T19520]  ? __rcu_read_unlock+0x4f/0x70
[  264.919455][T19520]  ? __fget_files+0x184/0x1c0
[  264.919483][T19520]  __secure_computing+0x82/0x150
[  264.919521][T19520]  syscall_trace_enter+0xcf/0x1e0
[  264.919544][T19520]  do_syscall_64+0xac/0x200
[  264.919569][T19520]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  264.919591][T19520]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  264.919624][T19520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.919644][T19520] RIP: 0033:0x7f67b260ebe9
[  264.919659][T19520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  264.919692][T19520] RSP: 002b:00007f67b106f038 EFLAGS: 00000246 ORIG_RAX: 000000000000005a
[  264.919711][T19520] RAX: ffffffffffffffda RBX: 00007f67b2835fa0 RCX: 00007f67b260ebe9
[  264.919724][T19520] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000a00
[  264.919784][T19520] RBP: 00007f67b106f090 R08: 0000000000000000 R09: 0000000000000000
[  264.919797][T19520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  264.919874][T19520] R13: 00007f67b2836038 R14: 00007f67b2835fa0 R15: 00007ffd0fd972b8
[  264.919892][T19520]  </TASK>
[  264.919900][T19520] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  264.960549][T19504] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  265.005634][T19506] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  265.199959][T11258] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.201373][T19506] ext4 filesystem being mounted at /133/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  265.341356][T19556] netlink: 'syz.1.6112': attribute type 19 has an invalid length.
[  265.365155][T17430] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.375906][T19560] loop2: detected capacity change from 0 to 128
[  265.475976][T19571] ieee802154 phy1 wpan1: encryption failed: -22
[  265.526695][T13064] ==================================================================
[  265.534801][T13064] BUG: KCSAN: data-race in fill_mg_cmtime / shmem_mknod
[  265.541745][T13064] 
[  265.544072][T13064] write to 0xffff8881034aa3d4 of 4 bytes by task 18472 on cpu 1:
[  265.551806][T13064]  shmem_mknod+0x137/0x180
[  265.556219][T13064]  shmem_create+0x34/0x50
[  265.560539][T13064]  path_openat+0x1102/0x2170
[  265.565111][T13064]  do_filp_open+0x109/0x230
[  265.569599][T13064]  do_sys_openat2+0xa6/0x110
[  265.574179][T13064]  __x64_sys_openat+0xf2/0x120
[  265.578934][T13064]  x64_sys_call+0x2e9c/0x2ff0
[  265.583599][T13064]  do_syscall_64+0xd2/0x200
[  265.588094][T13064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.593977][T13064] 
[  265.596358][T13064] read to 0xffff8881034aa3d4 of 4 bytes by task 13064 on cpu 0:
[  265.603993][T13064]  fill_mg_cmtime+0x5b/0x260
[  265.608586][T13064]  generic_fillattr+0x24a/0x340
[  265.613435][T13064]  shmem_getattr+0x181/0x200
[  265.618012][T13064]  vfs_getattr_nosec+0x146/0x1e0
[  265.622943][T13064]  vfs_statx+0x113/0x390
[  265.627179][T13064]  vfs_fstatat+0x115/0x170
[  265.631586][T13064]  __se_sys_newfstatat+0x55/0x260
[  265.636604][T13064]  __x64_sys_newfstatat+0x55/0x70
[  265.641622][T13064]  x64_sys_call+0x135a/0x2ff0
[  265.646287][T13064]  do_syscall_64+0xd2/0x200
[  265.650783][T13064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.656662][T13064] 
[  265.658972][T13064] value changed: 0x12e560c0 -> 0x12ea7372
[  265.664759][T13064] 
[  265.667065][T13064] Reported by Kernel Concurrency Sanitizer on:
[  265.673199][T13064] CPU: 0 UID: 0 PID: 13064 Comm: udevd Tainted: G        W           6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(voluntary) 
[  265.686817][T13064] Tainted: [W]=WARN
[  265.690606][T13064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  265.700649][T13064] ==================================================================