last executing test programs:

28.314224831s ago: executing program 3 (id=814):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x41, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xf7}, 0x18)
gettid()
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x4, 0x7, 0x50000}]})
syz_clone(0xb44040, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000009c0)=@bpf_tracing={0x1a, 0xb, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1a623, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94)
ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, &(0x7f0000000500))
getsockname$llc(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"/24], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff})
r3 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0xd144, 0x0, 0xffffffff, 0x289}, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='0'], 0x30}})
io_uring_enter(r3, 0x3516, 0xddd3, 0x4, 0x0, 0x0)

27.383643292s ago: executing program 3 (id=827):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000400)={'syztnl1\x00', &(0x7f0000000540)={'ip6tnl0\x00', <r1=>0x0, 0x2f, 0x3, 0x7, 0xb4b, 0x12, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, 0x40, 0x7800, 0xc, 0x1}})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', r1, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000780)='coredump_filter\x00')
fchdir(r3)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r4, <r5=>0xffffffffffffffff}, &(0x7f00000005c0), &(0x7f0000000000)=r3}, 0x20)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1, 0xa}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8090}, 0x4)
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000001, 0x12, r8, 0x100000000)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
r10 = syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0x400000)
ioctl$EVIOCGSND(r10, 0x8040451a, &(0x7f0000000200)=""/86)
r11 = socket$inet_sctp(0x2, 0x1, 0x84)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000004, 0x8d011, r5, 0x66112000)
r12 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r12, 0x89f1, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x2f, 0x8, 0x0, 0x7, 0x44, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0x40, 0x80, 0xffffffff, 0x7}})
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000300)={<r13=>0x0, 0x4}, &(0x7f0000000340)=0x8)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r11, 0x84, 0x1, &(0x7f0000000380)={r13, 0x7, 0x1000, 0xf05, 0x3, 0x3186}, 0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='kfree\x00', r9}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r14=>0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r14, 0x8943, &(0x7f0000000100)={'macvtap0\x00', @random="b40007350060"})

27.046261875s ago: executing program 3 (id=832):
io_setup(0x408, &(0x7f0000000040)=<r0=>0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
io_pgetevents(r0, 0x2, 0x2, &(0x7f0000000000)=[{}, {}], &(0x7f0000000080)={0x0, 0x989680}, 0x0)

26.89548218s ago: executing program 3 (id=834):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000100)='system_u:object_r:setrans_initrc_exec_t:s0\x00', 0x2b, 0x1)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
umount2(&(0x7f00000001c0)='./file0\x00', 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x10, 0x20, &(0x7f0000000140)="dda258ad46bc8f049764b9ef566a2a29", &(0x7f0000000240)=""/32, 0x7, 0x0, 0x22, 0x56, &(0x7f0000000280)="d2a5c203f6223964ce7cce7ee1c1dc386fae261cbf2112562485f39977182f9f84dd", &(0x7f00000002c0)="28e41a0db0051ec4c2baa20bf953aaf7ab342cf4805c8afbf3ad83c1d710028859ebfab1ffcf7d5ab27ca5b25d07caa968c9bc45274fd29b18f81df641c6ba7bc290c7313b80be6389f08b8520897ddd2d4ed528f16e", 0x2, 0x0, 0x7}, 0x50)

26.697426199s ago: executing program 3 (id=835):
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_read_part_table(0x1053, &(0x7f0000003500)="$eJzsz8ENAVEYBOB5i7WCGvTgqA4OutlqHDTh6qgDTShAdi2JAkQ2+b7Lm2QmL/nDn92TklRJmaSLZXf76qfJPMkjy251XX+K7bF5hSppknJZpU1y2rwHs+GtsxhSmzr70s/7nw/nn58HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACPwDAAA///92gh8")
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
writev(r0, &(0x7f00000006c0)=[{&(0x7f0000000080)="2e9b3d0007e03dd65193df163e75963f86ddf06712e9001c2f8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f00000002c0)="8d09327c", 0x4}], 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0475fd239c11c5a453a51b054b0c9fd4000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r4)
sendmsg$TIPC_NL_MEDIA_SET(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="ac020000", @ANYRES16=r5, @ANYBLOB="bf4400000000000000000c"], 0x2ac}}, 0x0)
request_key(0x0, 0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
unshare(0x24040000)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r7=>r1, {0x3}}, './file0\x00'})
r8 = syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0x40e3, 0x10, 0xfffffffd, 0xfffffffd, 0x0, r7}, &(0x7f0000000040)=<r9=>0x0, &(0x7f0000001040)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_UNLINKAT={0x24, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x200, 0x1})
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a80)=ANY=[@ANYBLOB="600100001000130726bd7000000000006400000000000000ac1414130000000000000000000000004e2100004e2300030200"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fc0000000000000000000000000000000000000032000000e00000010000000000000000000000000000000000000000000000000000000009000000000000000a000000000000000000000000400000000000000000000000000000000000000300000000000000104000000000000000000000000000000200000000000000f8ffffffffffffff0c000000000000000200000029bd70000000000002000000280000000000000068001200726663343534332867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e000000080000000316f74eeac053deb73fc018493cc121927a9bca207141b9a451c00aa08000b"], 0x160}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
io_uring_enter(r8, 0x47f9, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)

25.46900885s ago: executing program 3 (id=845):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x20000141, &(0x7f0000000340)=ANY=[], 0x0, 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xfffffffffffffffc]}, 0x8)
rt_sigprocmask(0x0, &(0x7f0000000080)={[0xffffffff]}, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, 0x0, 0xb, &(0x7f0000000200)={0x0, 0x0, 0x3})
r1 = gettid()
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000b28000)=0x20000000000000ff)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{}], 0x2c, 0xffffffffffbffff8)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
fcntl$setown(0xffffffffffffffff, 0x8, r1)
tkill(r1, 0x13)

25.417216015s ago: executing program 32 (id=845):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x20000141, &(0x7f0000000340)=ANY=[], 0x0, 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xfffffffffffffffc]}, 0x8)
rt_sigprocmask(0x0, &(0x7f0000000080)={[0xffffffff]}, 0x0, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, 0x0, 0xb, &(0x7f0000000200)={0x0, 0x0, 0x3})
r1 = gettid()
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000b28000)=0x20000000000000ff)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{}], 0x2c, 0xffffffffffbffff8)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
fcntl$setown(0xffffffffffffffff, 0x8, r1)
tkill(r1, 0x13)

2.995129996s ago: executing program 0 (id=1092):
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x300, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)

2.897697786s ago: executing program 0 (id=1093):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xc0100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x4000000000)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

2.504776394s ago: executing program 1 (id=1094):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0x20)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x12, r1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x18)
syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x4, 0x0, 0x6, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x10002, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000140), 0x3200841, &(0x7f0000000380)={[{@nr_blocks={'nr_blocks', 0x3d, [0x74]}}]})
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000380)={[{0x0, 'freezer'}]}, 0x9)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="05000000040000000900000008"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r7}, 0x10)
write$binfmt_aout(r5, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r3, 0x8, 0x0, 0x0, 0x18, &(0x7f0000000200), 0x1}, 0x6d)

1.886629205s ago: executing program 1 (id=1099):
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_read_part_table(0x1053, &(0x7f0000003500)="$eJzsz8ENAVEYBOB5i7WCGvTgqA4OutlqHDTh6qgDTShAdi2JAkQ2+b7Lm2QmL/nDn92TklRJmaSLZXf76qfJPMkjy251XX+K7bF5hSppknJZpU1y2rwHs+GtsxhSmzr70s/7nw/nn58HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACPwDAAA///92gh8")
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
writev(r0, &(0x7f00000006c0)=[{&(0x7f0000000080)="2e9b3d0007e03dd65193df163e75963f86ddf06712e9001c2f8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f00000002c0)="8d09327c", 0x4}, {&(0x7f0000000300)}], 0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0475fd239c11c5a453a51b054b0c9fd4000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r4)
sendmsg$TIPC_NL_MEDIA_SET(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="ac020000", @ANYRES16=r5, @ANYBLOB="bf4400000000000000000c"], 0x2ac}}, 0x0)
request_key(0x0, 0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
unshare(0x24040000)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r7=>r1, {0x3}}, './file0\x00'})
r8 = syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0x40e3, 0x10, 0xfffffffd, 0xfffffffd, 0x0, r7}, &(0x7f0000000040)=<r9=>0x0, &(0x7f0000001040)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_UNLINKAT={0x24, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x200, 0x1})
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a80)=ANY=[@ANYBLOB="600100001000130726bd7000000000006400000000000000ac1414130000000000000000000000004e2100004e2300030200"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fc0000000000000000000000000000000000000032000000e00000010000000000000000000000000000000000000000000000000000000009000000000000000a000000000000000000000000400000000000000000000000000000000000000300000000000000104000000000000000000000000000000200000000000000f8ffffffffffffff0c000000000000000200000029bd70000000000002000000280000000000000068001200726663343534332867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e000000080000000316f74eeac053deb73fc018493cc121927a9bca207141b9a451c00aa08000b"], 0x160}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
io_uring_enter(r8, 0x47f9, 0x0, 0x0, 0x0, 0x0)

1.828086641s ago: executing program 4 (id=1102):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r2, 0x400448e7, 0x0)
close(r2)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x1018ed8, &(0x7f0000000180)={[{@sysvgroups}, {@noload}, {@nobh}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x4}}, {@norecovery}, {@errors_continue}, {@quota}]}, 0x1, 0x644, &(0x7f00000006c0)="$eJzs3c9rHG0dAPDvzCZ5kzS+6SsiNigGPLQgTZNarHqxrQd7KFiwBxEPDU1SQ7c/SFKwtdAEPCgoiHgt0ov/gHfp3ZsI6s2zUEUqFrR0ZWZnm81mN7ttsrtJ5vOBzT7zzLN5nm9mn8wzM/vsBFBas9mPNOJUxNubScR007qpqK+cLcq9+teTW9kjiVrtu/9MIinyGuWT4vlEsTAeEX+8EvHpyu561x89vrNYrdU9jTi3cffBufVHj8+u3l28vXx7+d7C+a9duDj/9YULC00N/XAniuer177z+V/85IdfXflT9WwSl+LG6I+XoiWOgzIbs/G2CLE5fyQiLmaJNn+Xo+YYhFBqleL9OBoRn43pqORLddOx+vOhNg7oq1olora3pFsB4KjSvaGsGuOAxrF9b8fBN/o8Khmcl5frB0C74x8pTjmM58dGk6+SpiOj+rmNkwdQf1bHmyfjz948mXkWO85DvH63dUYOoJ5ONrci4nPt4k/ytp3MI83iT3cc6ycRMR8RY0X7vrWPNiRN6X6ch9lLj/FXsvibt0MaEZeK5yz/ygfW33paa9DxA1BOLy4XO/LNbGl7/5eNPRrjn9ge/zxtvG5q/5dkcsPe/3Ue/zX29+P5uCdtGYdlY5br7X/laGvG33529Ved6q+P/2aeNR5Z/Y2x4CC83IqYaYn/p1mwxfgniz9pM/7Nity81Fsd3/7zP652Wjfs+GvPI063Pf7ZHpVmqT2uT55bWa0uz9d/tq3j93/4wW871d8+/o/6EGl72faf7BB/0/ZPW1+X/U0etP+VW60Zv7v+/G6n+qe6bv/072NJ/XhzrMj50dbGxtpCxFhyrShS5C9ubKyd3zveepnXtfx5oR7/mS+17/873v8tUU00/mX24MH37rzqtO5D3v9NF5Pf1npsQydZ/Evdt/+u/p/l/bLHOv7z/Ydf6LSuffzJvmICAAAAAACAskrza7BJOvcunaZzc/X5sp+JybR6f33jyyv3H95bijiTfx5yNI00yT8yMl1fTlZWq8sLxedhG8vnW5a/EhGfRMSvKxP58tyt+9WlYQcPAAAAAAAAAAAAAAAAAAAAh8SJYv5/4z7V/67U5/8DJdH9BnO77v8AHBP9vMEkcLjl/X+vXfzHg2sLMFj2/1Be+j+Ul/4P5aX/Q3np/1Be+j+Ul/4P5aX/AwAAAMCx9MkXX/w1iYjNb0zkj8xYsc6kXzjeRt+rdKVv7QAGT4+G8np36d9gH0qnp/H/f4svB+x/c4AhSNpl5oOD2t6d/0XbV27b2n/bAAAAAAAAAAAAAIC606c6z/9/v7nBwFFj2h+U1z7m//vqADjifPU/lJdjfKDLLP4Y77Si2/x/AAAAAAAAAAAAAODATOWPJJ0r5gJPRZrOzUV8KiJOxmiyslpdno+IjyPiL5XRj7LlhWE3GgAAAAAAAAAAAAAAAAAAAI6Z9UeP7yxWq8trzYn/7co53onGXVC7F671UGbPxDfjPV8VyeD/LBMRMfSN0rfESFNOErGZbflD0bC19TgczcgTQ/7HBAAAAAAAAAAAAAAAAAAAJdQ097i9md8MuEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMHjb9//vkliarL+gp8I7E8OOEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4mv4fAAD//6AzO/k=")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r3}, 0x18)
r4 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xd, 0x3}, 0x12, 0x6, 0x7, 0x0, 0x4, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x2000000000000000, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f00000001c0)='cpu>00\t&&')

1.756179848s ago: executing program 4 (id=1103):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002100)=ANY=[@ANYBLOB="c8010000000201010000000000004c000700000294000a80080001400000000008000140000000000800014000000000700002800600034000010000060003400001000006000340100100000c00028005000100110000002c00018014000300fe8000000000800000000000000000bb14000400fe80000000000000000000000000001206000340000300000c000280050001000600000006000340000000000800214000000001f00003800c00028005f7d9db2619310ea600018014000300ff02000000000000800000000000000114000400ff0200000000000000f20000000000010c00028005000100210000001400018008000100ac14142308000200e00000022c000180140003000000000000000000000000000000000014000400fc0000000000000000000000000000001400018008000100ac1414bb08000200e00000022c000180140003002001000000000000000000000000000014000400200100000000000000000000400000011400018008000100ac1414bb08000200ac1414aa14000180080001006401010108000200ffffffff0e0006007369702d32303030300000000e0006006674702d007369702d323030303000"/456], 0x1c8}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r0 = socket(0x10, 0x803, 0x800)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0xf09}, {&(0x7f0000000580)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000880)=""/143, 0x81}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}, 0x5}], 0x1, 0x2000, &(0x7f0000003700)={0x77359400})
r1 = syz_open_dev$sg(&(0x7f00000000c0), 0xd, 0x200000)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000010bc0)='kfree\x00', r3}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a0302000200000000000002000000090002"], 0x80}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000100010000000900010073797a30000000000900020073797a3000000000400003800800014000000000080002400000fbff2b0003801400010067656e6576653000000000000000000014000100776732000000000000000000c6e49c0f5c000000180a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c000380140001"], 0x110}}, 0x0)
ioctl$SG_BLKTRACETEARDOWN(r1, 0x1276, 0x0)
fsopen(&(0x7f0000000040)='9p\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x1a00404, &(0x7f0000000080)={[{@grpquota}, {@noblock_validity}]}, 0x1, 0xbb6, &(0x7f0000000c00)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtIxk5nEZDLHpr8fvDnve96TeZ4nJ5nzHpiTAJ5ak9mXNOJIRJxPIsbr+9OIGKj2hiLWa8c9vH91NmtJVCpv/5ZEEhEP7l+dbbxWUt+O1gdDEXH7tST+/VFr3OXVtcWZcrm0VB8fX7l45fjy6torCxdnLpQulC6dmn711PTp6eku1nr3yntfPPPDG89fv/nx1JufH/ouibMxVp9rrqNbJmNy42fSrBARM90OlpO+ej3NdSaFHBMCAKCjtGkN998Yj754vHgbj29/zDU5AAAAoCsqfREVAAAA4IBL3P8DAADAAdf4HMCD+1dnGy3fTyT01r1zETFRq7/xfHNtphDr1e1Q9EfEyO9JND/WmtS+bc8ms0hff1/KWmz3HPJwFwJusn4tIv6/1flPqvVPVJ/ibq0/jYipLsSf3DTu9e/fXuo/24X4edcPwNPp1rnahaz1+pfW1j+DtdHm619hi2vXbuR9/Wus/x62rP/SjfVfX5v131s7jHH00Uu32801r//e/eTnuSx+tt1TUX/DvWsRRwtb1Z9s1J+0qf/8DmOMzt690W4uqz+rt9F6XX/lZsSx6mqutf6GpNP/Jzo+v1AuTdW+bvH6q6c7x28+/1nL4jfuBXohO/8jsbvzf2WHMSb+9+uRdnPb15/+MpC8U+0N1Pd8OLOysnQiYiB5vXX/yc65NI5pvEZW/4vPdf7736r+7D1hvf5zyH57rtW32fj6ppijx05+tfv691dW/9wuz/+nO4zx5Tc33m83l3f9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwZ0ogYiyQtbvTTtFiMGI2I/8RIWr68vPLy/OUPLs1lcxET0Z/OL5RLUxExXhsn2fhEtf94fHLTeDoiDkfEZ+PD1XFx9nJ5Lu/iAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2DAaEWORpMWISCPij/E0LRbzzgoAAADouom8EwAAAAD2nft/AAAAOPha7v8LfxkN9TIXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqTDz966k0TE+pnhassM1Of6c80M2G/pzg4b2e88gN7ryzsBIDeFpn6lUqnkmArQY+7xgWSb+aG2M4NdzwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf64Xjty6k0TE+pnhassM1Of6c80M2G9p3gkAuenrNJlsuwN4ghXyTgDIjXt8oLayf1SpaZ0favudg3uOCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCTY6zakrQYEWm1n6bFYsS/ImIi+pP5hXJpKiIORcRP4/2D2fhE3kkDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQdcura4sz5XJpSUdHp4ud4ehZrOH6H3ObYwbbT3Xo5PzGBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABALpZX1xZnyuXS0nLemQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5W15dW5wpl0tL+9jJu0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzZwAAAP//0L4Jug==")
r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0)
pwrite64(r5, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
r6 = open(&(0x7f0000000240)='./file2\x00', 0x145142, 0x0)
sendfile(r6, r6, 0x0, 0x800000009)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000))
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000ff1f20207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r8}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000340)={0x0, @in={{0x2, 0x4e22, @loopback}}, [0x5, 0x2, 0x0, 0x3b, 0xffff, 0x9, 0xf, 0x7ff, 0x6, 0x4, 0x1, 0xfffffffffffffffc, 0x7ff, 0xa, 0xaa6d]}, &(0x7f0000000240)=0x100)

1.549362738s ago: executing program 1 (id=1105):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r0 = socket(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0xfffffffd, @mcast2={0xff, 0x5}, 0x1ff}, 0x1c)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18)
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e20}, @IFLA_GENEVE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x40800)

1.4280783s ago: executing program 1 (id=1106):
openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x4}, 0x18)
r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r2], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x18)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1801000000000800000000005e002200850000006d00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x3a, 0x20040000, &(0x7f0000000180)={0xa, 0x4e20, 0xfffffffc, @mcast1}, 0x1c)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f40)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bc"], 0x40}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0xf1c38fa000000000}, 0x18)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
readv(r4, &(0x7f0000000cc0)=[{&(0x7f00000005c0)=""/84, 0x54}, {&(0x7f00000006c0)=""/169, 0xa9}, {&(0x7f0000000780)=""/63, 0x3f}, {&(0x7f00000007c0)=""/67, 0x43}, {&(0x7f00000008c0)=""/133, 0x85}, {&(0x7f0000000840)}, {&(0x7f0000000ac0)=""/175, 0xaf}, {&(0x7f0000001080)=""/4096, 0x1000}, {&(0x7f0000000c00)=""/152, 0x98}], 0x9)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), r5)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="03000000040000040000fa000000000000000000", @ANYRESHEX, @ANYBLOB="0000e0ffff4be6d2e3a66faf2430c8000000000013e0ef6aa42773a4be4a2b8eb5783c982fa0460b3d", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010000000000000c0000000c000000020000000000de000000000d000000000000"], 0x0, 0x26}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000000c0)={r6, 0x21, &(0x7f0000000000)={0xffffffffffffffff, 0x59, 0x0, 0x0}}, 0x10)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801002221000018000000003b81530085e3ffff6c00000007"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r7}, 0x10)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r6, {0x6}}, '\x00'})

1.173032165s ago: executing program 4 (id=1109):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb010018000000000000007c0000007c00000002000000000000000000000e0000000000000000000000000600000d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c00000000000000000000000900000000000000000000000900000000000000000000000902"], 0x0, 0x96}, 0x28)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x20000281}], 0x1}, 0x0)
close(r0)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
fcntl$dupfd(r2, 0x406, r2)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x82)
ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20020009, 0x0, &(0x7f0000000240)={0x20, 0x0, 0xfffc, 0x4360, 0x7}, 0x8, 0x7, 0x60000000, 0x0, 0x4, 0x101, 0x0})

1.112259701s ago: executing program 5 (id=1110):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x27, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xa69, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@map_idx={0x18, 0x6, 0x5, 0x0, 0xc}, @func={0x85, 0x0, 0x1, 0x0, 0x6}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffeb2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x6}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @cb_func={0x18, 0x8, 0x4, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000000)='syzkaller\x00', 0x1000, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x6, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xef}, 0x94)
setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, &(0x7f00000006c0)={0x7, {{0xa, 0x4e23, 0x4, @rand_addr=' \x01\x00', 0x3}}}, 0x88)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r2, 0x2285, 0x0)
writev(r2, &(0x7f0000000080)=[{&(0x7f00000000c0)="aefdda9d240300005a90f57f07703aeff0f64ebbee07022c2277ae11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2)

1.071907575s ago: executing program 5 (id=1111):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1800000076000d0b20000000ffdbdf258000000000000000"], 0x18}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002d40)=@newtfilter={0x5c, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x0, 0x3}, {}, {0xfff3, 0x4}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x9, 0x1, 0x54ab}, {0xd2d, 0x1, 0x2, 0x6, 0x1, 0x3, 0x1}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x50}, 0x0)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x2042)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r6, 0xc0f85403, &(0x7f0000000380)={{0x3, 0x3, 0x200, 0x3, 0x6}, 0x5, 0x6, 'id0\x00', 'timer1\x00', 0x0, 0x9, 0xcc, 0x9, 0x6})

1.004341732s ago: executing program 4 (id=1114):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c00"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4008050)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

960.873276ms ago: executing program 5 (id=1115):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="44000000190a0102"], 0x44}}, 0x0)

958.933676ms ago: executing program 4 (id=1116):
syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0xe400)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x2, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x1}, {0x4, 0x7, 0x4, 0x8}]})
getrlimit(0x5, &(0x7f0000000000))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@newqdisc={0x154, 0x24, 0x3fe3aa0262d8c783, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x124, 0x2, [@TCA_CHOKE_MAX_P={0x8, 0x3, 0x2}, @TCA_CHOKE_STAB={0x104, 0x2, "4ea5d6d92761fecea7aa7d992e9705ce2f7193bbd545bff87e6f0ce0f6e1d1d24148fdb33871b609f1081530d33cb44e1ce2fd5f427a4ab027c6d6281f12939d5808fe1c8dfdffbe56d2470de63a1c6356a48d3ce3ffcb6d0f78912c3ea6bcd108aec1fe753d6b6a3d9ae71d1038ccc31772049fbd6f1ad92546ee199afd8fd077c072623fa3c1761be4c90cf20464b08f186e15247e37b81be1f56b27721e6b6e8481c97ccdc66fbe4f388262edb2581c7480dad9c737a83f22f0fe2128a9c2980d5fcf9ce33157d879cc64dbc60edbe4cfb65c47e2438e00b32561364865215333af75a703ccfad4a30ef2537be8f7aecd1e1bcf8702b604e51cbaa387985e"}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x10001, 0x6, 0x4, 0xa, 0x0, 0x10}}]}}]}, 0x154}, 0x1, 0x0, 0x0, 0x4040055}, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x2}, 0x2, r3}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x17, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', r3, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r4, &(0x7f0000000180), 0xfffffe51)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @fallback=0x32, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x96)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', r5}, 0x10)
r6 = socket$pptp(0x18, 0x1, 0x2)
r7 = syz_open_dev$sg(&(0x7f0000000180), 0x7fff, 0x1e1700)
ioctl$SG_GET_PACK_ID(r7, 0x227c, &(0x7f00000001c0))
r8 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6})
ioctl$MON_IOCX_GETX(r8, 0x80089203, &(0x7f0000000a40)={0x0, 0x0})
close_range(r6, 0xffffffffffffffff, 0x0)

936.883078ms ago: executing program 5 (id=1117):
syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0xe400)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x2, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x1}, {0x4, 0x7, 0x4, 0x8}]})
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
getrlimit(0x5, &(0x7f0000000000))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000080)={0x0, <r0=>0x0})
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@newqdisc={0x154, 0x24, 0x3fe3aa0262d8c783, 0x4, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x124, 0x2, [@TCA_CHOKE_MAX_P={0x8, 0x3, 0x2}, @TCA_CHOKE_STAB={0x104, 0x2, "4ea5d6d92761fecea7aa7d992e9705ce2f7193bbd545bff87e6f0ce0f6e1d1d24148fdb33871b609f1081530d33cb44e1ce2fd5f427a4ab027c6d6281f12939d5808fe1c8dfdffbe56d2470de63a1c6356a48d3ce3ffcb6d0f78912c3ea6bcd108aec1fe753d6b6a3d9ae71d1038ccc31772049fbd6f1ad92546ee199afd8fd077c072623fa3c1761be4c90cf20464b08f186e15247e37b81be1f56b27721e6b6e8481c97ccdc66fbe4f388262edb2581c7480dad9c737a83f22f0fe2128a9c2980d5fcf9ce33157d879cc64dbc60edbe4cfb65c47e2438e00b32561364865215333af75a703ccfad4a30ef2537be8f7aecd1e1bcf8702b604e51cbaa387985e"}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x10001, 0x6, 0x4, 0xa, 0x0, 0x10}}]}}]}, 0x154}, 0x1, 0x0, 0x0, 0x4040055}, 0x0)
perf_event_open(0x0, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff})
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x2}, 0x2, r6}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x17, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', r6, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_type(r7, &(0x7f0000000180), 0xfffffe51)
ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x40305829, &(0x7f0000000040))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00'}, 0x10)
r8 = socket$pptp(0x18, 0x1, 0x2)
r9 = syz_open_dev$sg(&(0x7f0000000180), 0x7fff, 0x1e1700)
ioctl$SG_GET_PACK_ID(r9, 0x227c, &(0x7f00000001c0))
r10 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6})
ioctl$MON_IOCX_GETX(r10, 0x80089203, &(0x7f0000000a40)={0x0, 0x0})
close_range(r8, 0xffffffffffffffff, 0x0)

856.442136ms ago: executing program 2 (id=1119):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x300, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[], 0x10b8}, 0x0)

855.679856ms ago: executing program 2 (id=1120):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002100)=ANY=[@ANYBLOB="c8010000000201010000000000004c000700000294000a80080001400000000008000140000000000800014000000000700002800600034000010000060003400001000006000340100100000c00028005000100110000002c00018014000300fe8000000000800000000000000000bb14000400fe80000000000000000000000000001206000340000300000c000280050001000600000006000340000000000800214000000001f00003800c00028005f7d9db2619310ea600018014000300ff02000000000000800000000000000114000400ff0200000000000000f20000000000010c00028005000100210000001400018008000100ac14142308000200e00000022c000180140003000000000000000000000000000000000014000400fc0000000000000000000000000000001400018008000100ac1414bb08000200e00000022c000180140003002001000000000000000000000000000014000400200100000000000000000000400000011400018008000100ac1414bb08000200ac1414aa14000180080001006401010108000200ffffffff0e0006007369702d32303030300000000e0006006674702d007369702d323030303000"/456], 0x1c8}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r0 = socket(0x10, 0x803, 0x800)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0xf09}, {&(0x7f0000000580)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000880)=""/143, 0x81}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}, 0x5}], 0x1, 0x2000, &(0x7f0000003700)={0x77359400})
r1 = syz_open_dev$sg(&(0x7f00000000c0), 0xd, 0x200000)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000010bc0)='kfree\x00', r3}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a0302000200000000000002000000090002"], 0x80}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000100010000000900010073797a30000000000900020073797a3000000000400003800800014000000000080002400000fbff2b0003801400010067656e6576653000000000000000000014000100776732000000000000000000c6e49c0f5c000000180a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c000380140001"], 0x110}}, 0x0)
ioctl$SG_BLKTRACETEARDOWN(r1, 0x1276, 0x0)
fsopen(&(0x7f0000000040)='9p\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x1a00404, &(0x7f0000000080)={[{@grpquota}, {@noblock_validity}]}, 0x1, 0xbb6, &(0x7f0000000c00)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtIxk5nEZDLHpr8fvDnve96TeZ4nJ5nzHpiTAJ5ak9mXNOJIRJxPIsbr+9OIGKj2hiLWa8c9vH91NmtJVCpv/5ZEEhEP7l+dbbxWUt+O1gdDEXH7tST+/VFr3OXVtcWZcrm0VB8fX7l45fjy6torCxdnLpQulC6dmn711PTp6eku1nr3yntfPPPDG89fv/nx1JufH/ouibMxVp9rrqNbJmNy42fSrBARM90OlpO+ej3NdSaFHBMCAKCjtGkN998Yj754vHgbj29/zDU5AAAAoCsqfREVAAAA4IBL3P8DAADAAdf4HMCD+1dnGy3fTyT01r1zETFRq7/xfHNtphDr1e1Q9EfEyO9JND/WmtS+bc8ms0hff1/KWmz3HPJwFwJusn4tIv6/1flPqvVPVJ/ibq0/jYipLsSf3DTu9e/fXuo/24X4edcPwNPp1rnahaz1+pfW1j+DtdHm619hi2vXbuR9/Wus/x62rP/SjfVfX5v131s7jHH00Uu32801r//e/eTnuSx+tt1TUX/DvWsRRwtb1Z9s1J+0qf/8DmOMzt690W4uqz+rt9F6XX/lZsSx6mqutf6GpNP/Jzo+v1AuTdW+bvH6q6c7x28+/1nL4jfuBXohO/8jsbvzf2WHMSb+9+uRdnPb15/+MpC8U+0N1Pd8OLOysnQiYiB5vXX/yc65NI5pvEZW/4vPdf7736r+7D1hvf5zyH57rtW32fj6ppijx05+tfv691dW/9wuz/+nO4zx5Tc33m83l3f9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwZ0ogYiyQtbvTTtFiMGI2I/8RIWr68vPLy/OUPLs1lcxET0Z/OL5RLUxExXhsn2fhEtf94fHLTeDoiDkfEZ+PD1XFx9nJ5Lu/iAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2DAaEWORpMWISCPij/E0LRbzzgoAAADouom8EwAAAAD2nft/AAAAOPha7v8LfxkN9TIXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqTDz966k0TE+pnhassM1Of6c80M2G/pzg4b2e88gN7ryzsBIDeFpn6lUqnkmArQY+7xgWSb+aG2M4NdzwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf64Xjty6k0TE+pnhassM1Of6c80M2G9p3gkAuenrNJlsuwN4ghXyTgDIjXt8oLayf1SpaZ0favudg3uOCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCTY6zakrQYEWm1n6bFYsS/ImIi+pP5hXJpKiIORcRP4/2D2fhE3kkDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQdcura4sz5XJpSUdHp4ud4ehZrOH6H3ObYwbbT3Xo5PzGBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABALpZX1xZnyuXS0nLemQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5W15dW5wpl0tL+9jJu0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzZwAAAP//0L4Jug==")
r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0)
pwrite64(r5, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
r6 = open(&(0x7f0000000240)='./file2\x00', 0x145142, 0x0)
sendfile(r6, r6, 0x0, 0x800000009)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000))
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000ff1f20207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000340)={0x0, @in={{0x2, 0x4e22, @loopback}}, [0x5, 0x2, 0x0, 0x3b, 0xffff, 0x9, 0xf, 0x7ff, 0x6, 0x4, 0x1, 0xfffffffffffffffc, 0x7ff, 0xa, 0xaa6d]}, &(0x7f0000000240)=0x100)

734.904988ms ago: executing program 0 (id=1121):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
fallocate(r3, 0x34, 0x0, 0x3)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
io_setup(0x400e, 0x0)
syz_usbip_server_init(0x2)

729.610348ms ago: executing program 1 (id=1122):
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fsopen(&(0x7f0000000400)='autofs\x00', 0x0)

687.450033ms ago: executing program 1 (id=1123):
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x401800, 0x0)
finit_module(r0, &(0x7f00000000c0)='/dev/ptmx\x00', 0x1)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xc0100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xf)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan0\x00'})
ioctl$TCFLSH(r1, 0x400455c8, 0x4000000000)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)

686.247733ms ago: executing program 4 (id=1124):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000380)='rxrpc_rx_abort\x00', r1}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffff000000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000e}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0x101}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioprio_get$uid(0x3, 0xffffffffffffffff)
r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x2000004, 0x10, 0xffffffffffffffff, 0x8000000)
r3 = open$dir(&(0x7f0000000040)='./file2\x00', 0x0, 0x20)
syz_io_uring_submit(r2, 0x0, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x10, 0x0, r3, &(0x7f00000000c0)='./file2\x00', &(0x7f0000000280)='./file2\x00', 0xffffffffffffffff, 0x400})
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000b00)=ANY=[], 0x0, 0x4c, 0x0, 0x1}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x65, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffff"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r4}, 0x38)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
recvmsg(r5, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r6, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
getsockopt$TIPC_CONN_TIMEOUT(r5, 0x10f, 0x82, &(0x7f0000000580), &(0x7f00000005c0)=0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=<r8=>r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000b803ab8e8fb1584b952e5aa3ee1d0645b7ee354d9ac8faf366a92e11966f8cb242342ea73b82a6eca54cc457402cd8aac2cb47d57b8b1a4eef087dc1273cdf3ffa71ea09929029"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r7, 0x0, 0x115}, 0x18)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f00000108000a00", @ANYRESOCT], 0x5c}}, 0x0)
fstat(0xffffffffffffffff, &(0x7f0000000440))
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6e}}, {@user_xattr}, {@lazytime}, {@quota}]}, 0x3, 0x441, &(0x7f0000000440)="$eJzs3MtvG0UYAPBv10lLXyRUpdAHECiIikfSpKX0wAUEEgeQkOBQjiFJq1K3QXWQaBRBQKgcUSXuiCMSfwEHBBcEnJC4wh1VqlAuLZyM1vYmjmuncepkC/79pI1ndseZ+bw79sxOnAD61kj2I4nYHRG/R8RQPbu6wEj94ebSwtTfSwtTSVSrb/6V1MrdWFqYyovmz9uVZwYi0k+TONSm3srl+fOT5fLMpUZ+bO7Ce2OVy/PPnrsweXbm7MzFiVOnThwff/7kxHM9iTOL68bBD2cPH3j17auvT52++s7P3yR5/C1x9MjIWgefqFZ7XF2x9jSlk4ECG0JXSvVuGoO1/j8UpVg5eUPxyieFNg7YVNVqtbo/4rsOhxerwP9YEkW3AChG/kGfzX/zbetGH8W7/mJ9ApTFfbOx1Y8MRNooM9gyv+2lkYg4vfjPl9kWm3MfAgBgle+z8c8z7cZ/aexvKndvYw1lOCLui4i9EXEyIvZFxP0RtbIPRMSDXdbfukhy6/gnvdb+mdu7rKm9bPz3QmNta/X4Lx/9xXCpkdtTi38wOXOuPHOs8ZocjcHtWX58jTp+ePm3zzsdax7/ZVtWf/a4sjqUXhtoCXV6cm7yjoJucv3jiIMD7eJPllcCkog4EBEHN1jHuae+PtzpWKf41/WLe7DOVP0q4sn6+V+Mlvhzydrrk2P3RHnm2Fh+Vdzql1+vvNGp/juKvwey87+z7fW/HP9w0rxeW+m+jit/fNZxTnP7+Ntf/9uSt1bt+2Bybu7SeMS25LV6o5v3T7SUm1gpn8V/9Ej7/r83Vl6JQxGRXcQPRcTDEfFIo+2PRsRjEXFkjfh/eunxdzce/+bK4p/u6vyvJLZF6572idL5H79dVelwN/Fn5/9ELXW0sWc973/radfGrmYAAAD470kjYnck6ehyOk1HR+t/w78vdqbl2crc02dm3784Xf+OwHAMpvmdrqGm+6HjjWl9np9oyR9v3Df+orSjlh+dmi1PFx089LldHfp/5s9S0a0DNp3va0H/0v+hf+n/0L/0f+hfbfr/jiLaAWy9dp//HxXQDmDrtfR/y37QR8z/oX/p/9C/9H/oS5UdcfsvyUsUncj/GcPd0p7K5flI74pmSGxSouA3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB75NwAA//9wCOUr")
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000000), &(0x7f0000000180)=r1}, 0x20)
socket(0xa, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="080000000700000008000000000000000000000040b58afccad59e7b0a2bec0411c8012cac64b7ca54cff5c4560705cc1e0e6a94f00c36ceca96222e12849da8900a6984cc3ff387e485f8415fdadca0aadcdf53c1605a24dc54143d748925", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=r8, @ANYRES32, @ANYBLOB="00000400000000000000000000000000000000000723bfa9110e0000"], 0x48)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)

364.628534ms ago: executing program 5 (id=1125):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ec0)={&(0x7f0000000bc0)='kfree\x00', r1, 0x0, 0xfffffffffffffff4}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb85"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xaf, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7ffd}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=ANY=[@ANYBLOB="0600000004000000be7000005c00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="03"], 0x50)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000140)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0, 0x6}}], 0x30, 0x45}, 0x0)

316.067469ms ago: executing program 5 (id=1126):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@broadcast, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x810)

273.342784ms ago: executing program 2 (id=1127):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c00"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4008050)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

183.442652ms ago: executing program 2 (id=1128):
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_read_part_table(0x1053, &(0x7f0000003500)="$eJzsz8ENAVEYBOB5i7WCGvTgqA4OutlqHDTh6qgDTShAdi2JAkQ2+b7Lm2QmL/nDn92TklRJmaSLZXf76qfJPMkjy251XX+K7bF5hSppknJZpU1y2rwHs+GtsxhSmzr70s/7nw/nn58HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACPwDAAA///92gh8")
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
writev(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f0000000080)="2e9b3d0007e03dd65193df163e75963f86ddf06712e9001c2f8db0049d90491ceaebfd26d4eef232", 0x28}, {&(0x7f00000002c0)="8d09327c", 0x4}, {&(0x7f0000000300)="b03ef9880b815229ff28eac1d4f49bcad59f85c524", 0x15}], 0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0475fd239c11c5a453a51b054b"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="ac020000", @ANYRES16, @ANYBLOB="bf4400000000000000000c"], 0x2ac}}, 0x0)
request_key(0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x24040000)
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0x40e3, 0x10, 0xfffffffd, 0xfffffffd}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000001040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_UNLINKAT={0x24, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x200, 0x1})
io_uring_enter(r1, 0x47f9, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)

79.987912ms ago: executing program 0 (id=1129):
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
recvfrom$inet(0xffffffffffffffff, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10, &(0x7f0000000140)=0xa, 0x4)

79.359673ms ago: executing program 2 (id=1130):
r0 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0, 0xe000}}], 0x68000, 0x0)

16.332679ms ago: executing program 0 (id=1131):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x300, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[], 0x10b8}, 0x0)

15.603379ms ago: executing program 2 (id=1132):
openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x4}, 0x18)
r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r2], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x18)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1801000000000800000000005e002200850000006d00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x3a, 0x20040000, &(0x7f0000000180)={0xa, 0x4e20, 0xfffffffc, @mcast1}, 0x1c)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f40)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bc"], 0x40}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0xf1c38fa000000000}, 0x18)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
readv(r4, &(0x7f0000000cc0)=[{&(0x7f00000005c0)=""/84, 0x54}, {&(0x7f00000006c0)=""/169, 0xa9}, {&(0x7f0000000780)=""/63, 0x3f}, {&(0x7f00000007c0)=""/67, 0x43}, {&(0x7f00000008c0)=""/133, 0x85}, {&(0x7f0000000840)}, {&(0x7f0000000ac0)=""/175, 0xaf}, {&(0x7f0000001080)=""/4096, 0x1000}, {&(0x7f0000000c00)=""/152, 0x98}], 0x9)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), r5)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="03000000040000040000fa000000000000000000", @ANYRESHEX, @ANYBLOB="0000e0ffff4be6d2e3a66faf2430c8000000000013e0ef6aa42773a4be4a2b8eb5783c982fa0460b3d", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010000000000000c0000000c000000020000000000de000000000d000000000000"], 0x0, 0x26}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000000c0)={r6, 0x21, &(0x7f0000000000)={0xffffffffffffffff, 0x59, 0x0, 0x0}}, 0x10)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801002221000018000000003b81530085e3ffff6c00000007"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r7}, 0x10)
r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r8, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r6, {0x6}}, '\x00'})

0s ago: executing program 0 (id=1133):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00'})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008050)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

kernel console output (not intermixed with test programs):

3] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.262037][ T4643] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[   78.287449][ T4668] netlink: 48 bytes leftover after parsing attributes in process `syz.0.396'.
[   78.287923][ T4670] loop9: detected capacity change from 0 to 7
[   78.302853][ T4670] Buffer I/O error on dev loop9, logical block 0, async page read
[   78.310870][ T4670] Buffer I/O error on dev loop9, logical block 0, async page read
[   78.318752][ T4670]  loop9: unable to read partition table
[   78.324441][ T4670] loop_reread_partitions: partition scan of loop9 (þ被Ø:ŸÑø ) failed (rc=-5)
[   78.340278][   T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[   78.348692][ T4664] netlink: 664 bytes leftover after parsing attributes in process `syz.2.394'.
[   78.357678][   T12] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[   78.385138][   T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[   78.393585][   T12] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[   78.397758][ T4672] loop9: detected capacity change from 0 to 7
[   78.408749][   T12] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[   78.409489][ T4672]  loop9: unable to read partition table
[   78.417206][   T12] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[   78.423134][ T4672] loop_reread_partitions: partition scan of loop9 (þ被Ø:ŸÑø ) failed (rc=-5)
[   78.444542][   T52] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[   78.453037][   T52] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[   78.566915][ T4690] netlink: 12 bytes leftover after parsing attributes in process `syz.3.405'.
[   78.599877][ T4690] netlink: 8 bytes leftover after parsing attributes in process `syz.3.405'.
[   78.643503][ T4693] FAULT_INJECTION: forcing a failure.
[   78.643503][ T4693] name failslab, interval 1, probability 0, space 0, times 0
[   78.656430][ T4693] CPU: 0 UID: 0 PID: 4693 Comm: syz.2.406 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   78.656543][ T4693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   78.656559][ T4693] Call Trace:
[   78.656567][ T4693]  <TASK>
[   78.656578][ T4693]  __dump_stack+0x1d/0x30
[   78.656607][ T4693]  dump_stack_lvl+0xe8/0x140
[   78.656634][ T4693]  dump_stack+0x15/0x1b
[   78.656656][ T4693]  should_fail_ex+0x265/0x280
[   78.656730][ T4693]  ? alloc_pipe_info+0xae/0x350
[   78.656813][ T4693]  should_failslab+0x8c/0xb0
[   78.656918][ T4693]  __kmalloc_cache_noprof+0x4c/0x4a0
[   78.657028][ T4693]  alloc_pipe_info+0xae/0x350
[   78.657061][ T4693]  splice_direct_to_actor+0x592/0x680
[   78.657094][ T4693]  ? __pfx_direct_splice_actor+0x10/0x10
[   78.657170][ T4693]  ? selinux_file_permission+0x2f0/0x320
[   78.657207][ T4693]  do_splice_direct+0xda/0x150
[   78.657253][ T4693]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   78.657284][ T4693]  do_sendfile+0x380/0x650
[   78.657373][ T4693]  __x64_sys_sendfile64+0x105/0x150
[   78.657417][ T4693]  x64_sys_call+0x2bb4/0x3000
[   78.657444][ T4693]  do_syscall_64+0xd2/0x200
[   78.657467][ T4693]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   78.657503][ T4693]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   78.657601][ T4693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.657674][ T4693] RIP: 0033:0x7f075446efc9
[   78.657693][ T4693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.657715][ T4693] RSP: 002b:00007f0752ed7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   78.657740][ T4693] RAX: ffffffffffffffda RBX: 00007f07546c5fa0 RCX: 00007f075446efc9
[   78.657755][ T4693] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 000000000000000a
[   78.657772][ T4693] RBP: 00007f0752ed7090 R08: 0000000000000000 R09: 0000000000000000
[   78.657792][ T4693] R10: 0000000000000588 R11: 0000000000000246 R12: 0000000000000001
[   78.657807][ T4693] R13: 00007f07546c6038 R14: 00007f07546c5fa0 R15: 00007ffc9a489308
[   78.657833][ T4693]  </TASK>
[   78.964802][ T4707] netlink: 48 bytes leftover after parsing attributes in process `syz.1.409'.
[   79.128393][ T4722] loop3: detected capacity change from 0 to 512
[   79.141458][ T4725] wireguard0: entered promiscuous mode
[   79.147064][ T4725] wireguard0: entered allmulticast mode
[   79.149745][ T4722] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.165348][ T4722] ext4 filesystem being mounted at /62/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   79.191708][ T4722] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz.3.419: iget: bad i_size value: 2533274857506816
[   79.194080][ T4735] SELinux: failed to load policy
[   79.209864][ T4730] wireguard0: entered promiscuous mode
[   79.215363][ T4730] wireguard0: entered allmulticast mode
[   79.222426][ T4736] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[   79.232202][ T4736] SELinux: failed to load policy
[   79.247295][ T4722] bridge1: entered promiscuous mode
[   79.283766][ T4722] syz.3.419 (4722) used greatest stack depth: 10096 bytes left
[   79.293363][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.355978][   T29] kauditd_printk_skb: 5707 callbacks suppressed
[   79.356044][   T29] audit: type=1400 audit(1761424529.767:8610): avc:  denied  { listen } for  pid=4757 comm="syz.4.424" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   79.382993][   T29] audit: type=1400 audit(1761424529.797:8611): avc:  denied  { accept } for  pid=4757 comm="syz.4.424" lport=56823 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   79.383252][ T4749] loop3: detected capacity change from 0 to 8192
[   79.411192][   T29] audit: type=1400 audit(1761424529.827:8612): avc:  denied  { ioctl } for  pid=4757 comm="syz.4.424" path="socket:[8153]" dev="sockfs" ino=8153 ioctlcmd=0x7213 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   79.456415][ T4749]  loop3: p1 p2 p4[DM]
[   79.460785][ T4749] loop3: p1 size 835329 extends beyond EOD, truncated
[   79.468454][ T4749] loop3: p2 size 327680 extends beyond EOD, truncated
[   79.475824][ T4749] loop3: p4 size 262144 extends beyond EOD, truncated
[   79.636361][ T4777] loop9: detected capacity change from 0 to 7
[   79.642939][ T4777]  loop9: unable to read partition table
[   79.648907][ T4777] loop_reread_partitions: partition scan of loop9 (þ被Ø:ŸÑø ) failed (rc=-5)
[   79.686163][   T29] audit: type=1400 audit(1761424530.097:8613): avc:  denied  { setopt } for  pid=4778 comm="syz.3.432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   79.726181][   T29] audit: type=1326 audit(1761424530.127:8614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4782 comm="syz.3.434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x7ffc0000
[   79.749634][   T29] audit: type=1326 audit(1761424530.127:8615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4782 comm="syz.3.434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f547d3eefc9 code=0x7ffc0000
[   79.773326][   T29] audit: type=1326 audit(1761424530.127:8616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4782 comm="syz.3.434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x7ffc0000
[   79.796712][   T29] audit: type=1326 audit(1761424530.127:8617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4782 comm="syz.3.434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f547d3eefc9 code=0x7ffc0000
[   79.820151][   T29] audit: type=1326 audit(1761424530.127:8618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4782 comm="syz.3.434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x7ffc0000
[   79.843516][   T29] audit: type=1326 audit(1761424530.127:8619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4782 comm="syz.3.434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f547d3eefc9 code=0x7ffc0000
[   80.065554][ T4797] geneve2: entered promiscuous mode
[   80.070858][ T4797] geneve2: entered allmulticast mode
[   80.183115][ T4808] loop9: detected capacity change from 0 to 7
[   80.190366][ T4808]  loop9: unable to read partition table
[   80.196197][ T4808] loop_reread_partitions: partition scan of loop9 (þ被Ø:ŸÑø ) failed (rc=-5)
[   80.272723][ T4814] FAULT_INJECTION: forcing a failure.
[   80.272723][ T4814] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   80.285964][ T4814] CPU: 1 UID: 0 PID: 4814 Comm: syz.4.447 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   80.285994][ T4814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   80.286006][ T4814] Call Trace:
[   80.286011][ T4814]  <TASK>
[   80.286062][ T4814]  __dump_stack+0x1d/0x30
[   80.286091][ T4814]  dump_stack_lvl+0xe8/0x140
[   80.286118][ T4814]  dump_stack+0x15/0x1b
[   80.286141][ T4814]  should_fail_ex+0x265/0x280
[   80.286230][ T4814]  should_fail+0xb/0x20
[   80.286245][ T4814]  should_fail_usercopy+0x1a/0x20
[   80.286268][ T4814]  copy_folio_from_iter_atomic+0x278/0x11b0
[   80.286309][ T4814]  ? shmem_write_begin+0xa8/0x190
[   80.286367][ T4814]  ? shmem_write_begin+0xe1/0x190
[   80.286388][ T4814]  generic_perform_write+0x2c2/0x490
[   80.286420][ T4814]  shmem_file_write_iter+0xc5/0xf0
[   80.286453][ T4814]  ? __pfx_shmem_file_write_iter+0x10/0x10
[   80.286566][ T4814]  vfs_write+0x52a/0x960
[   80.286685][ T4814]  ksys_write+0xda/0x1a0
[   80.286720][ T4814]  __x64_sys_write+0x40/0x50
[   80.286750][ T4814]  x64_sys_call+0x2802/0x3000
[   80.286778][ T4814]  do_syscall_64+0xd2/0x200
[   80.286862][ T4814]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   80.286893][ T4814]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   80.287014][ T4814]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.287065][ T4814] RIP: 0033:0x7fe94573efc9
[   80.287123][ T4814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.287143][ T4814] RSP: 002b:00007fe94419f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   80.287166][ T4814] RAX: ffffffffffffffda RBX: 00007fe945995fa0 RCX: 00007fe94573efc9
[   80.287182][ T4814] RDX: 0000000000010448 RSI: 0000200000000080 RDI: 0000000000000004
[   80.287198][ T4814] RBP: 00007fe94419f090 R08: 0000000000000000 R09: 0000000000000000
[   80.287213][ T4814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   80.287246][ T4814] R13: 00007fe945996038 R14: 00007fe945995fa0 R15: 00007ffebbc6b628
[   80.287267][ T4814]  </TASK>
[   80.582896][ T4824] wireguard0: entered promiscuous mode
[   80.588547][ T4824] wireguard0: entered allmulticast mode
[   80.608282][ T4832] SELinux: failed to load policy
[   80.792953][ T4844] FAULT_INJECTION: forcing a failure.
[   80.792953][ T4844] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   80.806239][ T4844] CPU: 1 UID: 0 PID: 4844 Comm: syz.3.457 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   80.806296][ T4844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   80.806312][ T4844] Call Trace:
[   80.806321][ T4844]  <TASK>
[   80.806331][ T4844]  __dump_stack+0x1d/0x30
[   80.806359][ T4844]  dump_stack_lvl+0xe8/0x140
[   80.806472][ T4844]  dump_stack+0x15/0x1b
[   80.806493][ T4844]  should_fail_ex+0x265/0x280
[   80.806513][ T4844]  should_fail+0xb/0x20
[   80.806530][ T4844]  should_fail_usercopy+0x1a/0x20
[   80.806604][ T4844]  _copy_from_user+0x1c/0xb0
[   80.806629][ T4844]  __sys_bpf+0x183/0x7c0
[   80.806687][ T4844]  __x64_sys_bpf+0x41/0x50
[   80.806717][ T4844]  x64_sys_call+0x2aee/0x3000
[   80.806744][ T4844]  do_syscall_64+0xd2/0x200
[   80.806768][ T4844]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   80.806816][ T4844]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   80.806856][ T4844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.806891][ T4844] RIP: 0033:0x7f547d3eefc9
[   80.806907][ T4844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.806927][ T4844] RSP: 002b:00007f547be4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   80.806947][ T4844] RAX: ffffffffffffffda RBX: 00007f547d645fa0 RCX: 00007f547d3eefc9
[   80.806962][ T4844] RDX: 000000000000000c RSI: 0000200000000380 RDI: 000000000000000a
[   80.807034][ T4844] RBP: 00007f547be4f090 R08: 0000000000000000 R09: 0000000000000000
[   80.807121][ T4844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   80.807136][ T4844] R13: 00007f547d646038 R14: 00007f547d645fa0 R15: 00007fff52199b28
[   80.807212][ T4844]  </TASK>
[   81.181217][    C1] hrtimer: interrupt took 48903 ns
[   81.737821][ T4886] FAULT_INJECTION: forcing a failure.
[   81.737821][ T4886] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   81.751016][ T4886] CPU: 1 UID: 0 PID: 4886 Comm: syz.0.473 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   81.751097][ T4886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   81.751110][ T4886] Call Trace:
[   81.751116][ T4886]  <TASK>
[   81.751122][ T4886]  __dump_stack+0x1d/0x30
[   81.751146][ T4886]  dump_stack_lvl+0xe8/0x140
[   81.751173][ T4886]  dump_stack+0x15/0x1b
[   81.751201][ T4886]  should_fail_ex+0x265/0x280
[   81.751226][ T4886]  should_fail+0xb/0x20
[   81.751247][ T4886]  should_fail_usercopy+0x1a/0x20
[   81.751317][ T4886]  _copy_from_user+0x1c/0xb0
[   81.751342][ T4886]  ___sys_sendmsg+0xc1/0x1d0
[   81.751407][ T4886]  __x64_sys_sendmsg+0xd4/0x160
[   81.751543][ T4886]  x64_sys_call+0x191e/0x3000
[   81.751567][ T4886]  do_syscall_64+0xd2/0x200
[   81.751591][ T4886]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   81.751628][ T4886]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   81.751680][ T4886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.751704][ T4886] RIP: 0033:0x7f778a0defc9
[   81.751724][ T4886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   81.751746][ T4886] RSP: 002b:00007f7788b3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   81.751806][ T4886] RAX: ffffffffffffffda RBX: 00007f778a335fa0 RCX: 00007f778a0defc9
[   81.751822][ T4886] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000008
[   81.751838][ T4886] RBP: 00007f7788b3f090 R08: 0000000000000000 R09: 0000000000000000
[   81.751853][ T4886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   81.751866][ T4886] R13: 00007f778a336038 R14: 00007f778a335fa0 R15: 00007ffcc85b8908
[   81.751888][ T4886]  </TASK>
[   82.213772][ T4866] net_ratelimit: 10 callbacks suppressed
[   82.213788][ T4866] Set syz1 is full, maxelem 65536 reached
[   82.256964][ T4900] wireguard0: entered promiscuous mode
[   82.262504][ T4900] wireguard0: entered allmulticast mode
[   82.283971][ T4903] SELinux: failed to load policy
[   82.292775][ T4905] loop3: detected capacity change from 0 to 512
[   82.327726][ T4905] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.352753][   T12] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   82.361857][ T4905] ext4 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   82.362025][   T12] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   82.416434][   T12] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   82.445572][   T12] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   82.739534][ T4936] __nla_validate_parse: 17 callbacks suppressed
[   82.739552][ T4936] netlink: 48 bytes leftover after parsing attributes in process `syz.0.490'.
[   82.773288][ T4942] loop1: detected capacity change from 0 to 512
[   82.783609][ T4942] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=684ec018, mo2=0002]
[   82.802637][ T4942] System zones: 0-2, 18-18, 34-34
[   82.808159][ T4942] EXT4-fs (loop1): orphan cleanup on readonly fs
[   82.815088][ T4942] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.492: bad orphan inode 13
[   82.825684][ T4942] ext4_test_bit(bit=12, block=18) = 1
[   82.831137][ T4942] is_bad_inode(inode)=0
[   82.835458][ T4942] NEXT_ORPHAN(inode)=2130706432
[   82.840461][ T4942] max_ino=32
[   82.843678][ T4942] i_nlink=1
[   82.847365][ T4942] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   82.855167][ T3410] hid_parser_main: 8 callbacks suppressed
[   82.855200][ T3410] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x4
[   82.873312][ T3410] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x2
[   82.881204][ T3410] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x3
[   82.881880][ T4942] netlink: 124 bytes leftover after parsing attributes in process `syz.1.492'.
[   82.889497][ T3410] hid-generic 0000:3000000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[   82.897979][ T4942] netlink: 40 bytes leftover after parsing attributes in process `syz.1.492'.
[   82.951464][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.980134][ T4959] can0: slcan on ttyS3.
[   83.003990][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.056363][ T4959] can0 (unregistered): slcan off ttyS3.
[   83.085705][ T4972] netlink: 'syz.0.502': attribute type 2 has an invalid length.
[   83.125450][ T4975] netlink: 48 bytes leftover after parsing attributes in process `syz.1.503'.
[   83.159333][ T4980] loop9: detected capacity change from 0 to 7
[   83.165910][ T4980] buffer_io_error: 6 callbacks suppressed
[   83.165926][ T4980] Buffer I/O error on dev loop9, logical block 0, async page read
[   83.180126][ T4980] Buffer I/O error on dev loop9, logical block 0, async page read
[   83.188056][ T4980]  loop9: unable to read partition table
[   83.194985][ T4980] loop_reread_partitions: partition scan of loop9 (þ被Ø:ŸÑø ) failed (rc=-5)
[   83.226808][ T4982] netlink: 'syz.4.506': attribute type 2 has an invalid length.
[   83.266957][ T4986] loop1: detected capacity change from 0 to 8192
[   83.299959][ T4988] wireguard0: entered promiscuous mode
[   83.305558][ T4988] wireguard0: entered allmulticast mode
[   83.322778][ T4986]  loop1: p1 p2 p4[DM]
[   83.327453][ T4986] loop1: p1 size 835329 extends beyond EOD, truncated
[   83.334853][ T4986] loop1: p2 size 327680 extends beyond EOD, truncated
[   83.342728][ T4986] loop1: p4 size 262144 extends beyond EOD, truncated
[   83.354135][ T4992] SELinux: failed to load policy
[   83.511174][ T5001] can0: slcan on ttyS3.
[   83.556398][ T5001] can0 (unregistered): slcan off ttyS3.
[   83.625563][ T5010] netlink: 48 bytes leftover after parsing attributes in process `syz.1.516'.
[   83.834056][ T5018] loop9: detected capacity change from 0 to 7
[   83.856344][ T5018] Buffer I/O error on dev loop9, logical block 0, async page read
[   83.876189][ T5018] Buffer I/O error on dev loop9, logical block 0, async page read
[   83.884063][ T5018]  loop9: unable to read partition table
[   83.932482][ T5018] loop_reread_partitions: partition scan of loop9 (þ被Ø:ŸÑø ) failed (rc=-5)
[   84.328301][ T5034] can0: slcan on ttyS3.
[   84.366307][ T5034] can0 (unregistered): slcan off ttyS3.
[   84.510523][ T5040] netlink: 48 bytes leftover after parsing attributes in process `syz.4.529'.
[   84.562148][   T29] kauditd_printk_skb: 1534 callbacks suppressed
[   84.562165][   T29] audit: type=1326 audit(1761424534.977:10154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5043 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe94573efc9 code=0x7ffc0000
[   84.609760][ T5044] netlink: 24 bytes leftover after parsing attributes in process `syz.4.531'.
[   84.662642][   T29] audit: type=1326 audit(1761424535.017:10155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5043 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe94573efc9 code=0x7ffc0000
[   84.686205][   T29] audit: type=1326 audit(1761424535.017:10156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5043 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe94573efc9 code=0x7ffc0000
[   84.709713][   T29] audit: type=1326 audit(1761424535.017:10157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5043 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe94573efc9 code=0x7ffc0000
[   84.733418][   T29] audit: type=1326 audit(1761424535.017:10158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5043 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe94573efc9 code=0x7ffc0000
[   84.757027][   T29] audit: type=1326 audit(1761424535.017:10159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5043 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe94573efc9 code=0x7ffc0000
[   84.775299][ T5048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5048 comm=syz.1.532
[   84.780672][   T29] audit: type=1326 audit(1761424535.017:10160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5043 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe94573efc9 code=0x7ffc0000
[   84.816425][   T29] audit: type=1326 audit(1761424535.027:10161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5043 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe94573efc9 code=0x7ffc0000
[   84.839903][   T29] audit: type=1326 audit(1761424535.027:10162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5043 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe94573efc9 code=0x7ffc0000
[   84.863691][   T29] audit: type=1326 audit(1761424535.027:10163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5043 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe94573efc9 code=0x7ffc0000
[   84.959716][ T5052] loop9: detected capacity change from 0 to 7
[   84.966016][ T5052] Buffer I/O error on dev loop9, logical block 0, async page read
[   84.976865][ T5052] Buffer I/O error on dev loop9, logical block 0, async page read
[   84.984743][ T5052]  loop9: unable to read partition table
[   84.995009][ T5052] loop_reread_partitions: partition scan of loop9 (þ被Ø:ŸÑø ) failed (rc=-5)
[   85.087854][ T5060] netlink: 8 bytes leftover after parsing attributes in process `syz.4.539'.
[   85.161135][ T5064] netlink: 48 bytes leftover after parsing attributes in process `syz.4.540'.
[   85.186797][ T5063] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   85.388060][ T5074] loop1: detected capacity change from 0 to 512
[   85.405866][ T5074] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   85.428167][ T5014] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[   85.456167][ T5074] ext4 filesystem being mounted at /121/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   85.746454][ T5092] can0: slcan on ttyS3.
[   85.806227][ T5092] can0 (unregistered): slcan off ttyS3.
[   85.973261][ T5104] netlink: '+}[@': attribute type 1 has an invalid length.
[   86.016581][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.149885][ T5110] loop9: detected capacity change from 0 to 7
[   86.158839][ T5110] Buffer I/O error on dev loop9, logical block 0, async page read
[   86.196188][ T5110] Buffer I/O error on dev loop9, logical block 0, async page read
[   86.204067][ T5110]  loop9: unable to read partition table
[   86.246181][ T5110] loop_reread_partitions: partition scan of loop9 (þ被Ø:ŸÑø ) failed (rc=-5)
[   86.419064][ T5122] can0: slcan on ttyS3.
[   86.456248][ T5121] can0 (unregistered): slcan off ttyS3.
[   86.500905][ T5126] netlink: 68 bytes leftover after parsing attributes in process `syz.4.563'.
[   86.567829][ T5131] loop1: detected capacity change from 0 to 512
[   86.609102][ T5131] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.626233][ T5131] ext4 filesystem being mounted at /128/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.908355][ T5014] process 'syz.2.518' launched '/dev/fd/1' with NULL argv: empty string added
[   87.357885][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.842866][ T5158] __nla_validate_parse: 1 callbacks suppressed
[   87.842976][ T5158] netlink: 8 bytes leftover after parsing attributes in process `syz.4.574'.
[   87.894090][ T5160] netlink: 8 bytes leftover after parsing attributes in process `syz.0.575'.
[   87.906869][ T5161] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5161 comm=syz.4.574
[   87.962959][ T5158] netlink: 44 bytes leftover after parsing attributes in process `syz.4.574'.
[   88.219140][ T5166] netlink: 8 bytes leftover after parsing attributes in process `syz.0.576'.
[   88.228069][ T5166] netlink: 'syz.0.576': attribute type 22 has an invalid length.
[   88.235931][ T5166] netlink: 4 bytes leftover after parsing attributes in process `syz.0.576'.
[   88.286449][ T5166] netlink: 8 bytes leftover after parsing attributes in process `syz.0.576'.
[   88.295391][ T5166] netlink: 'syz.0.576': attribute type 22 has an invalid length.
[   88.303158][ T5166] netlink: 4 bytes leftover after parsing attributes in process `syz.0.576'.
[   88.386300][ T5173] geneve2: entered promiscuous mode
[   88.391610][ T5173] geneve2: entered allmulticast mode
[   88.466415][ T5178] netlink: 48 bytes leftover after parsing attributes in process `syz.4.579'.
[   88.536091][ T5180] loop9: detected capacity change from 0 to 7
[   88.557267][ T5182] netlink: 68 bytes leftover after parsing attributes in process `syz.4.581'.
[   88.576622][ T5180] Buffer I/O error on dev loop9, logical block 0, async page read
[   88.601326][ T5180] Buffer I/O error on dev loop9, logical block 0, async page read
[   88.609214][ T5180]  loop9: unable to read partition table
[   88.643683][ T5180] loop_reread_partitions: partition scan of loop9 (þ被Ø:ŸÑø ) failed (rc=-5)
[   88.850405][ T5194] netlink: 12 bytes leftover after parsing attributes in process `syz.3.587'.
[   88.983583][ T5198] wireguard0: entered promiscuous mode
[   88.989148][ T5198] wireguard0: entered allmulticast mode
[   89.034277][ T5201] loop1: detected capacity change from 0 to 512
[   89.035397][ T5204] SELinux: failed to load policy
[   89.058711][ T5201] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   89.071408][ T5201] ext4 filesystem being mounted at /134/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   89.082528][ T5201] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.117396][ T5209] loop3: detected capacity change from 0 to 512
[   89.128071][ T5209] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   89.140774][ T5209] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   89.151794][ T5209] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.398738][ T5214] geneve2: entered promiscuous mode
[   89.403996][ T5214] geneve2: entered allmulticast mode
[   89.630417][   T29] kauditd_printk_skb: 165 callbacks suppressed
[   89.630436][   T29] audit: type=1326 audit(1761424540.047:10329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5218 comm="syz.2.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f075446efc9 code=0x7ffc0000
[   89.634051][ T5219] netlink: 'syz.2.593': attribute type 2 has an invalid length.
[   89.636699][   T29] audit: type=1326 audit(1761424540.047:10330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5218 comm="syz.2.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f075446efc9 code=0x7ffc0000
[   89.691853][   T29] audit: type=1326 audit(1761424540.047:10331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5218 comm="syz.2.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f075446efc9 code=0x7ffc0000
[   89.715397][   T29] audit: type=1326 audit(1761424540.047:10332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5218 comm="syz.2.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f075446efc9 code=0x7ffc0000
[   89.738983][   T29] audit: type=1326 audit(1761424540.047:10333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5218 comm="syz.2.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f075446efc9 code=0x7ffc0000
[   89.762476][   T29] audit: type=1326 audit(1761424540.047:10334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5218 comm="syz.2.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f075446efc9 code=0x7ffc0000
[   89.785989][   T29] audit: type=1326 audit(1761424540.047:10335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5218 comm="syz.2.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f075446efc9 code=0x7ffc0000
[   89.809684][   T29] audit: type=1326 audit(1761424540.047:10336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5218 comm="syz.2.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f075446efc9 code=0x7ffc0000
[   89.833278][   T29] audit: type=1326 audit(1761424540.047:10337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5218 comm="syz.2.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f075446efc9 code=0x7ffc0000
[   89.856672][   T29] audit: type=1326 audit(1761424540.047:10338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5218 comm="syz.2.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f075446efc9 code=0x7ffc0000
[   89.881728][ T5225] netlink: 'syz.4.594': attribute type 2 has an invalid length.
[   90.085465][ T5237] rdma_op ffff8881368f3980 conn xmit_rdma 0000000000000000
[   90.288029][ T5256] geneve2: entered promiscuous mode
[   90.293313][ T5256] geneve2: entered allmulticast mode
[   90.299954][   T37] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0
[   90.308971][ T5262] netlink: 'syz.2.612': attribute type 2 has an invalid length.
[   90.312506][   T37] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0
[   90.430786][ T5269] loop1: detected capacity change from 0 to 2048
[   90.442684][   T37] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0
[   90.451965][   T37] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0
[   90.480914][ T5269]  loop1: p2 p3 p7
[   90.874613][ T5297] wireguard0: entered promiscuous mode
[   90.880277][ T5297] wireguard0: entered allmulticast mode
[   90.924674][ T5299] SELinux: failed to load policy
[   90.969899][ T5301] netlink: 'syz.1.627': attribute type 2 has an invalid length.
[   91.062386][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   91.072784][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.083134][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[   91.163845][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   91.174286][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.184617][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[   91.269483][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   91.279927][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.290538][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[   91.333235][ T5324] loop3: detected capacity change from 0 to 128
[   91.376857][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   91.387207][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.397510][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[   91.450737][ T5307] chnl_net:caif_netlink_parms(): no params data found
[   91.565961][ T5333] loop1: detected capacity change from 0 to 8192
[   91.586747][ T5307] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.593985][ T5307] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.607967][ T5307] bridge_slave_0: entered allmulticast mode
[   91.615522][ T5307] bridge_slave_0: entered promiscuous mode
[   91.621727][ T5333]  loop1: p1 p2 p4[DM]
[   91.625921][ T5333] loop1: p1 size 835329 extends beyond EOD, truncated
[   91.631528][ T5339] bond1: entered promiscuous mode
[   91.637854][ T5339] bond1: entered allmulticast mode
[   91.643360][ T5339] 8021q: adding VLAN 0 to HW filter on device bond1
[   91.651461][ T5333] loop1: p2 size 327680 extends beyond EOD, truncated
[   91.660956][ T5339] bond1 (unregistering): Released all slaves
[   91.676288][ T5333] loop1: p4 size 262144 extends beyond EOD, truncated
[   91.687562][   T12] bridge_slave_1: left allmulticast mode
[   91.693275][   T12] bridge_slave_1: left promiscuous mode
[   91.699085][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.721972][   T12] bridge_slave_0: left allmulticast mode
[   91.727755][   T12] bridge_slave_0: left promiscuous mode
[   91.733586][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.849097][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   91.872595][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   91.894067][   T12] bond0 (unregistering): Released all slaves
[   91.917189][ T5307] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.924297][ T5307] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.947587][ T5307] bridge_slave_1: entered allmulticast mode
[   91.956841][ T5307] bridge_slave_1: entered promiscuous mode
[   91.971086][ T5351] netlink: 'syz.3.640': attribute type 2 has an invalid length.
[   91.980757][   T12] hsr_slave_0: left promiscuous mode
[   91.986680][   T12] hsr_slave_1: left promiscuous mode
[   91.992353][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   91.999815][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[   92.016752][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   92.024369][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[   92.042316][   T12] veth1_macvtap: left promiscuous mode
[   92.052528][   T12] veth0_macvtap: left promiscuous mode
[   92.060406][   T12] veth1_vlan: left promiscuous mode
[   92.068032][ T5353] FAULT_INJECTION: forcing a failure.
[   92.068032][ T5353] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   92.081134][ T5353] CPU: 1 UID: 0 PID: 5353 Comm: syz.1.642 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   92.081169][ T5353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   92.081185][ T5353] Call Trace:
[   92.081194][ T5353]  <TASK>
[   92.081205][ T5353]  __dump_stack+0x1d/0x30
[   92.081240][ T5353]  dump_stack_lvl+0xe8/0x140
[   92.081268][ T5353]  dump_stack+0x15/0x1b
[   92.081298][ T5353]  should_fail_ex+0x265/0x280
[   92.081324][ T5353]  should_fail+0xb/0x20
[   92.081344][ T5353]  should_fail_usercopy+0x1a/0x20
[   92.081449][ T5353]  _copy_from_user+0x1c/0xb0
[   92.081483][ T5353]  __copy_msghdr+0x244/0x300
[   92.081519][ T5353]  ___sys_sendmsg+0x109/0x1d0
[   92.081608][ T5353]  __x64_sys_sendmsg+0xd4/0x160
[   92.081653][ T5353]  x64_sys_call+0x191e/0x3000
[   92.081684][ T5353]  do_syscall_64+0xd2/0x200
[   92.081766][ T5353]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   92.081851][ T5353]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   92.081892][ T5353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.081918][ T5353] RIP: 0033:0x7fd54a14efc9
[   92.081932][ T5353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.082005][ T5353] RSP: 002b:00007fd548baf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   92.082028][ T5353] RAX: ffffffffffffffda RBX: 00007fd54a3a5fa0 RCX: 00007fd54a14efc9
[   92.082041][ T5353] RDX: 0000000000000000 RSI: 0000200000000700 RDI: 0000000000000003
[   92.082082][ T5353] RBP: 00007fd548baf090 R08: 0000000000000000 R09: 0000000000000000
[   92.082098][ T5353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   92.082113][ T5353] R13: 00007fd54a3a6038 R14: 00007fd54a3a5fa0 R15: 00007fff81330a78
[   92.082140][ T5353]  </TASK>
[   92.367075][   T12] team0 (unregistering): Port device team_slave_1 removed
[   92.377298][   T12] team0 (unregistering): Port device team_slave_0 removed
[   92.438224][ T5348] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[   92.475811][ T5307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.506043][ T5307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.541539][ T5307] team0: Port device team_slave_0 added
[   92.549179][ T5307] team0: Port device team_slave_1 added
[   92.584753][ T5363] loop3: detected capacity change from 0 to 2048
[   92.614244][ T5307] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.621381][ T5307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   92.647361][ T5307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.677043][ T5363]  loop3: p1 < > p4 < >
[   92.694040][ T5370] wireguard0: entered promiscuous mode
[   92.699630][ T5370] wireguard0: entered allmulticast mode
[   92.726804][ T5307] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.733839][ T5307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   92.759958][ T5307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.782920][ T5376] SELinux: failed to load policy
[   92.809429][ T5307] hsr_slave_0: entered promiscuous mode
[   92.815580][ T5307] hsr_slave_1: entered promiscuous mode
[   92.826442][ T5307] debugfs: 'hsr0' already exists in 'hsr'
[   92.832214][ T5307] Cannot create hsr debugfs directory
[   92.910571][ T5378] loop3: detected capacity change from 0 to 8192
[   92.930944][ T5380] serio: Serial port ptm0
[   92.966481][ T5378]  loop3: p1 p2 p4[DM]
[   92.970659][ T5378] loop3: p1 size 835329 extends beyond EOD, truncated
[   92.978470][ T5378] loop3: p2 size 327680 extends beyond EOD, truncated
[   92.985973][ T5378] loop3: p4 size 262144 extends beyond EOD, truncated
[   92.996461][ T5386] IPv6: NLM_F_CREATE should be specified when creating new route
[   93.071439][ T5389] IPVS: set_ctl: invalid protocol: 43 224.0.0.1:20003
[   93.241543][ T5307] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   93.251253][ T5307] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   93.260609][ T5307] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   93.270918][ T5307] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   93.474435][ T5307] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.492354][ T5307] 8021q: adding VLAN 0 to HW filter on device team0
[   93.504215][ T4752] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.511344][ T4752] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.539993][ T5307] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   93.550466][ T5307] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   93.565976][ T4752] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.573108][ T4752] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.673693][ T5307] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.685909][ T5422] __nla_validate_parse: 11 callbacks suppressed
[   93.685928][ T5422] netlink: 12 bytes leftover after parsing attributes in process `syz.0.662'.
[   93.761099][ T5307] veth0_vlan: entered promiscuous mode
[   93.773636][ T5307] veth1_vlan: entered promiscuous mode
[   93.791044][ T5307] veth0_macvtap: entered promiscuous mode
[   93.799550][ T5307] veth1_macvtap: entered promiscuous mode
[   93.811266][ T5307] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.823671][ T5307] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.835022][ T4752] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.844541][ T4752] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.853902][ T4752] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.871000][ T4752] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.096595][ T5444] wireguard0: entered promiscuous mode
[   94.102203][ T5444] wireguard0: entered allmulticast mode
[   94.123080][ T5449] loop1: detected capacity change from 0 to 8192
[   94.191685][ T5449]  loop1: p1 p2 p4[DM]
[   94.195852][ T5449] loop1: p1 size 835329 extends beyond EOD, truncated
[   94.205990][ T5449] loop1: p2 size 327680 extends beyond EOD, truncated
[   94.217176][ T5449] loop1: p4 size 262144 extends beyond EOD, truncated
[   94.223637][ T5452] SELinux: failed to load policy
[   94.269997][ T5454] netlink: 'syz.4.668': attribute type 2 has an invalid length.
[   94.430753][ T5460] wireguard0: entered promiscuous mode
[   94.436300][ T5460] wireguard0: entered allmulticast mode
[   94.476186][ T5466] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[   94.479861][ T5465] netlink: 'syz.4.674': attribute type 2 has an invalid length.
[   94.486090][ T5466] SELinux: failed to load policy
[   94.572080][ T5470] loop3: detected capacity change from 0 to 4096
[   94.589621][ T5470] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   94.724322][   T29] kauditd_printk_skb: 334 callbacks suppressed
[   94.724339][   T29] audit: type=1400 audit(1761424545.137:10673): avc:  denied  { getopt } for  pid=5469 comm="syz.3.676" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   94.864018][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.015810][ T5492] netlink: 48 bytes leftover after parsing attributes in process `syz.0.684'.
[   95.147931][ T5497] loop1: detected capacity change from 0 to 512
[   95.326664][ T5504] netlink: 'syz.1.690': attribute type 2 has an invalid length.
[   95.356792][ T5508] netlink: 12 bytes leftover after parsing attributes in process `syz.3.691'.
[   95.391764][ T5506] loop4: detected capacity change from 0 to 8192
[   95.398383][   T29] audit: type=1326 audit(1761424545.807:10674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x7ffc0000
[   95.421879][   T29] audit: type=1326 audit(1761424545.807:10675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f547d3eefc9 code=0x7ffc0000
[   95.445319][   T29] audit: type=1326 audit(1761424545.807:10676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x7ffc0000
[   95.468843][   T29] audit: type=1326 audit(1761424545.807:10677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f547d3f0e5c code=0x7ffc0000
[   95.492240][   T29] audit: type=1326 audit(1761424545.807:10678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f547d3f0d94 code=0x7ffc0000
[   95.515605][   T29] audit: type=1326 audit(1761424545.807:10679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f547d3f0d94 code=0x7ffc0000
[   95.515651][   T29] audit: type=1326 audit(1761424545.807:10680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x7ffc0000
[   95.515676][   T29] audit: type=1326 audit(1761424545.807:10681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f547d3eefc9 code=0x7ffc0000
[   95.515716][   T29] audit: type=1326 audit(1761424545.807:10682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.3.691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x7ffc0000
[   95.628688][ T5512] netlink: 664 bytes leftover after parsing attributes in process `syz.4.689'.
[   95.647088][ T5506]  loop4: p1 p2 p4[DM]
[   95.652090][ T5506] loop4: p1 size 835329 extends beyond EOD, truncated
[   95.659780][ T5506] loop4: p2 size 327680 extends beyond EOD, truncated
[   95.667550][ T5506] loop4: p4 size 262144 extends beyond EOD, truncated
[   95.758314][ T5519] netlink: 32 bytes leftover after parsing attributes in process `syz.3.695'.
[   95.768651][ T5517] loop1: detected capacity change from 0 to 1024
[   95.775840][ T5517] EXT4-fs: Ignoring removed orlov option
[   95.788200][ T5517] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   95.859478][ T5523] wireguard0: entered promiscuous mode
[   95.865159][ T5523] wireguard0: entered allmulticast mode
[   96.009283][ T5538] SELinux: failed to load policy
[   96.038516][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.187436][ T5545] loop3: detected capacity change from 0 to 512
[   96.204044][ T5545] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.221280][ T5552] loop1: detected capacity change from 0 to 128
[   96.226257][ T5545] ext4 filesystem being mounted at /114/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   96.238603][ T5545] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.359632][ T5555] loop3: detected capacity change from 0 to 128
[   96.631211][ T5557] netlink: 12 bytes leftover after parsing attributes in process `syz.4.705'.
[   96.847533][ T5566] loop3: detected capacity change from 0 to 8192
[   96.906339][ T5566]  loop3: p1 p2 p4[DM]
[   96.910508][ T5566] loop3: p1 size 835329 extends beyond EOD, truncated
[   96.923289][ T5566] loop3: p2 size 327680 extends beyond EOD, truncated
[   96.935425][ T5568] wireguard0: entered promiscuous mode
[   96.935870][ T5566] loop3: p4 size 262144 extends beyond EOD, truncated
[   96.940996][ T5568] wireguard0: entered allmulticast mode
[   96.958656][ T5566] netlink: 664 bytes leftover after parsing attributes in process `syz.3.706'.
[   96.958959][ T5570] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   96.978115][ T5570] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   96.991003][ T5572] netlink: 4 bytes leftover after parsing attributes in process `syz.4.709'.
[   96.994387][ T5573] SELinux: failed to load policy
[   97.078450][ T5570] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   97.088942][ T5570] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   97.187600][ T5570] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   97.197983][ T5570] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   97.206227][ T3590] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   97.221410][ T5581] loop3: detected capacity change from 0 to 512
[   97.239149][ T5584] wireguard0: entered promiscuous mode
[   97.244669][ T5584] wireguard0: entered allmulticast mode
[   97.248549][ T5581] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.262971][ T5581] ext4 filesystem being mounted at /120/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   97.273958][ T5581] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.284146][ T5570] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   97.294500][ T5570] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   97.295703][ T5589] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[   97.314955][ T5589] SELinux: failed to load policy
[   97.346615][ T5591] netlink: 'syz.3.715': attribute type 2 has an invalid length.
[   97.432750][ T4758] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   97.441053][ T4758] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[   97.453328][ T4758] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   97.461779][ T4758] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[   97.473755][ T4758] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   97.482036][ T4758] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[   97.495591][ T4758] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   97.503988][ T4758] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[   97.552682][ T5597] netlink: 'syz.1.718': attribute type 2 has an invalid length.
[   97.563377][ T5599] netlink: 12 bytes leftover after parsing attributes in process `syz.3.719'.
[   97.718250][ T5617] loop4: detected capacity change from 0 to 512
[   97.722441][ T5619] netlink: 'syz.3.727': attribute type 2 has an invalid length.
[   97.727814][ T5617] EXT4-fs (loop4): orphan cleanup on readonly fs
[   97.739819][ T5617] EXT4-fs error (device loop4): ext4_iget_extra_inode:5075: inode #15: comm syz.4.723: corrupted in-inode xattr: invalid size in ea xattr
[   97.755400][ T5617] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.723: couldn't read orphan inode 15 (err -117)
[   97.776013][ T5617] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   97.819106][ T5625] netlink: 4 bytes leftover after parsing attributes in process `syz.1.728'.
[   97.907327][ T5627] sctp: [Deprecated]: syz.1.729 (pid 5627) Use of int in max_burst socket option.
[   97.907327][ T5627] Use struct sctp_assoc_value instead
[   97.988059][ T4750] Bluetooth: hci0: Frame reassembly failed (-84)
[   97.999180][ T5641] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   98.006719][ T5641] vhci_hcd: invalid port number 253
[   98.036189][ T5643] netlink: 'syz.0.736': attribute type 2 has an invalid length.
[   98.255117][ T5656] loop1: detected capacity change from 0 to 128
[   98.266140][ T5656] FAT-fs (loop1): Directory bread(block 32) failed
[   98.273258][ T5656] FAT-fs (loop1): Directory bread(block 33) failed
[   98.280336][ T5656] FAT-fs (loop1): Directory bread(block 34) failed
[   98.287550][ T5656] FAT-fs (loop1): Directory bread(block 35) failed
[   98.294147][ T5656] FAT-fs (loop1): Directory bread(block 36) failed
[   98.300935][ T5656] FAT-fs (loop1): Directory bread(block 37) failed
[   98.307611][ T5656] FAT-fs (loop1): Directory bread(block 38) failed
[   98.314420][ T5656] FAT-fs (loop1): Directory bread(block 39) failed
[   98.321023][ T5656] FAT-fs (loop1): Directory bread(block 40) failed
[   98.327713][ T5656] FAT-fs (loop1): Directory bread(block 41) failed
[   98.355508][ T5656] syz.1.740: attempt to access beyond end of device
[   98.355508][ T5656] loop1: rw=0, sector=4108, nr_sectors = 4 limit=128
[   98.405920][ T4750] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   98.416383][ T4750] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   98.424796][ T4750] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   98.433707][ T4750] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   98.441452][ T5660] FAULT_INJECTION: forcing a failure.
[   98.441452][ T5660] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   98.455085][ T5660] CPU: 1 UID: 0 PID: 5660 Comm: syz.1.742 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   98.455118][ T5660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   98.455129][ T5660] Call Trace:
[   98.455135][ T5660]  <TASK>
[   98.455142][ T5660]  __dump_stack+0x1d/0x30
[   98.455216][ T5660]  dump_stack_lvl+0xe8/0x140
[   98.455234][ T5660]  dump_stack+0x15/0x1b
[   98.455249][ T5660]  should_fail_ex+0x265/0x280
[   98.455267][ T5660]  should_fail+0xb/0x20
[   98.455280][ T5660]  should_fail_usercopy+0x1a/0x20
[   98.455326][ T5660]  strncpy_from_user+0x25/0x230
[   98.455372][ T5660]  ? kmem_cache_alloc_noprof+0x3a4/0x480
[   98.455460][ T5660]  ? getname_flags+0x80/0x3b0
[   98.455488][ T5660]  getname_flags+0xae/0x3b0
[   98.455515][ T5660]  __x64_sys_execve+0x42/0x70
[   98.455616][ T5660]  x64_sys_call+0x271a/0x3000
[   98.455637][ T5660]  do_syscall_64+0xd2/0x200
[   98.455653][ T5660]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   98.455679][ T5660]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   98.455800][ T5660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.455825][ T5660] RIP: 0033:0x7fd54a14efc9
[   98.455843][ T5660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.455865][ T5660] RSP: 002b:00007fd548baf038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[   98.455951][ T5660] RAX: ffffffffffffffda RBX: 00007fd54a3a5fa0 RCX: 00007fd54a14efc9
[   98.455963][ T5660] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000400
[   98.455973][ T5660] RBP: 00007fd548baf090 R08: 0000000000000000 R09: 0000000000000000
[   98.455984][ T5660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   98.456061][ T5660] R13: 00007fd54a3a6038 R14: 00007fd54a3a5fa0 R15: 00007fff81330a78
[   98.456114][ T5660]  </TASK>
[   98.649266][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.716716][ T5664] loop4: detected capacity change from 0 to 8192
[   98.756298][ T5664]  loop4: p1 p2 p4[DM]
[   98.760634][ T5664] loop4: p1 size 835329 extends beyond EOD, truncated
[   98.768646][ T5664] loop4: p2 size 327680 extends beyond EOD, truncated
[   98.775964][ T5664] loop4: p4 size 262144 extends beyond EOD, truncated
[   98.901739][ T5678] loop4: detected capacity change from 0 to 8192
[   98.946867][ T5678]  loop4: p1 p2 p4[DM]
[   98.955388][ T5678] loop4: p1 size 835329 extends beyond EOD, truncated
[   98.972143][ T5678] loop4: p2 size 327680 extends beyond EOD, truncated
[   98.979974][ T5678] loop4: p4 size 262144 extends beyond EOD, truncated
[   99.252602][ T5697] loop4: detected capacity change from 0 to 512
[   99.272568][ T5697] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   99.280815][ T5697] EXT4-fs (loop4): orphan cleanup on readonly fs
[   99.290932][ T5697] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #16: comm syz.4.756: corrupted inode contents
[   99.303473][ T5697] EXT4-fs (loop4): Remounting filesystem read-only
[   99.310128][ T5697] EXT4-fs (loop4): 1 truncate cleaned up
[  100.008420][ T3590] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  100.046403][ T4758] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  100.057069][ T4758] __quota_error: 400 callbacks suppressed
[  100.057084][ T4758] Quota error (device loop4): write_blk: dquota write failed
[  100.070199][ T4758] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries
[  100.080289][ T4758] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  100.090843][ T4758] Quota error (device loop4): write_blk: dquota write failed
[  100.098238][ T4758] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list
[  100.365067][ T4758] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  100.375321][ T4758] Quota error (device loop4): v2_write_file_info: Can't write info structure
[  100.389454][ T4758] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  100.608862][ T5702] loop1: detected capacity change from 0 to 512
[  101.206827][ T5697] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  101.241733][ T5709] loop3: detected capacity change from 0 to 512
[  102.006479][ T5702] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  102.014553][ T5702] EXT4-fs (loop1): orphan cleanup on readonly fs
[  102.031996][ T5702] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.757: corrupted inode contents
[  102.045043][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.054422][ T5702] EXT4-fs (loop1): Remounting filesystem read-only
[  102.061193][ T5702] EXT4-fs (loop1): 1 truncate cleaned up
[  102.067048][ T4754] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  102.077668][ T4754] Quota error (device loop1): write_blk: dquota write failed
[  102.085050][ T4754] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries
[  102.095069][ T4754] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  102.105635][ T4754] Quota error (device loop1): write_blk: dquota write failed
[  102.113060][ T4754] Quota error (device loop1): free_dqentry: Can't move quota data block (5) to free list
[  102.127204][ T5709] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.150074][ T5709] ext4 filesystem being mounted at /131/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  102.201898][ T4754] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  102.217442][ T5702] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  102.262231][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.287891][ T5731] __nla_validate_parse: 3 callbacks suppressed
[  102.287907][ T5731] netlink: 12 bytes leftover after parsing attributes in process `syz.1.764'.
[  102.316772][ T5731] blktrace: Concurrent blktraces are not allowed on loop2
[  102.361753][ T5736] loop4: detected capacity change from 0 to 8192
[  102.372002][ T5739] netlink: 48 bytes leftover after parsing attributes in process `syz.1.767'.
[  102.396403][ T5736]  loop4: p1 p2 p4[DM]
[  102.400631][ T5736] loop4: p1 size 835329 extends beyond EOD, truncated
[  102.423010][ T5736] loop4: p2 size 327680 extends beyond EOD, truncated
[  102.434285][ T5736] loop4: p4 size 262144 extends beyond EOD, truncated
[  102.498783][ T5743] netlink: 664 bytes leftover after parsing attributes in process `syz.0.769'.
[  102.534079][ T5753] loop1: detected capacity change from 0 to 512
[  102.548182][ T5753] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.561009][ T5753] ext4 filesystem being mounted at /187/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  102.574513][ T5753] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #2: comm syz.1.773: corrupted inode contents
[  102.586966][ T5753] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #2: comm syz.1.773: mark_inode_dirty error
[  102.598924][ T5753] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #2: comm syz.1.773: corrupted inode contents
[  102.611165][ T5753] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.773: mark_inode_dirty error
[  102.659259][ T5761] loop4: detected capacity change from 0 to 512
[  102.686705][ T5761] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  102.694918][ T5761] EXT4-fs (loop4): orphan cleanup on readonly fs
[  102.704425][ T5761] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #16: comm syz.4.774: corrupted inode contents
[  102.716692][ T5761] EXT4-fs (loop4): Remounting filesystem read-only
[  102.723407][ T5761] EXT4-fs (loop4): 1 truncate cleaned up
[  102.729402][   T37] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  102.739940][   T37] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  102.770749][   T37] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  102.782352][ T5761] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  102.833227][ T5766] netlink: 'syz.1.773': attribute type 1 has an invalid length.
[  102.888092][ T5753] netlink: 32 bytes leftover after parsing attributes in process `syz.1.773'.
[  102.925411][ T5770] FAULT_INJECTION: forcing a failure.
[  102.925411][ T5770] name failslab, interval 1, probability 0, space 0, times 0
[  102.938117][ T5770] CPU: 0 UID: 0 PID: 5770 Comm: syz.0.777 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  102.938145][ T5770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  102.938157][ T5770] Call Trace:
[  102.938172][ T5770]  <TASK>
[  102.938182][ T5770]  __dump_stack+0x1d/0x30
[  102.938252][ T5770]  dump_stack_lvl+0xe8/0x140
[  102.938273][ T5770]  dump_stack+0x15/0x1b
[  102.938315][ T5770]  should_fail_ex+0x265/0x280
[  102.938341][ T5770]  should_failslab+0x8c/0xb0
[  102.938372][ T5770]  kmem_cache_alloc_noprof+0x50/0x480
[  102.938406][ T5770]  ? audit_log_start+0x342/0x720
[  102.938528][ T5770]  audit_log_start+0x342/0x720
[  102.938594][ T5770]  audit_seccomp+0x48/0x100
[  102.938627][ T5770]  ? __seccomp_filter+0x82d/0x1250
[  102.938663][ T5770]  __seccomp_filter+0x83e/0x1250
[  102.938728][ T5770]  ? _raw_spin_unlock+0x26/0x50
[  102.938757][ T5770]  __secure_computing+0x82/0x150
[  102.938878][ T5770]  syscall_trace_enter+0xcf/0x1e0
[  102.938989][ T5770]  do_syscall_64+0xac/0x200
[  102.939006][ T5770]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  102.939033][ T5770]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  102.939121][ T5770]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.939148][ T5770] RIP: 0033:0x7f778a0defc9
[  102.939163][ T5770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.939194][ T5770] RSP: 002b:00007f7788b3f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e3
[  102.939216][ T5770] RAX: ffffffffffffffda RBX: 00007f778a335fa0 RCX: 00007f778a0defc9
[  102.939231][ T5770] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000000
[  102.939247][ T5770] RBP: 00007f7788b3f090 R08: 0000000000000000 R09: 0000000000000000
[  102.939261][ T5770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  102.939277][ T5770] R13: 00007f778a336038 R14: 00007f778a335fa0 R15: 00007ffcc85b8908
[  102.939318][ T5770]  </TASK>
[  103.471183][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.481591][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.507672][ T5775] sch_fq: defrate 0 ignored.
[  104.020461][ T5783] netlink: 48 bytes leftover after parsing attributes in process `syz.2.785'.
[  104.309590][ T5795] netlink: 12 bytes leftover after parsing attributes in process `syz.3.778'.
[  104.324401][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.415891][ T5803] pim6reg: entered allmulticast mode
[  104.484402][ T5808] FAULT_INJECTION: forcing a failure.
[  104.484402][ T5808] name failslab, interval 1, probability 0, space 0, times 0
[  104.497229][ T5808] CPU: 0 UID: 0 PID: 5808 Comm: syz.1.790 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  104.497283][ T5808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  104.497298][ T5808] Call Trace:
[  104.497306][ T5808]  <TASK>
[  104.497315][ T5808]  __dump_stack+0x1d/0x30
[  104.497338][ T5808]  dump_stack_lvl+0xe8/0x140
[  104.497360][ T5808]  dump_stack+0x15/0x1b
[  104.497377][ T5808]  should_fail_ex+0x265/0x280
[  104.497471][ T5808]  ? __se_sys_mount+0xef/0x2e0
[  104.497549][ T5808]  should_failslab+0x8c/0xb0
[  104.497579][ T5808]  __kmalloc_cache_noprof+0x4c/0x4a0
[  104.497610][ T5808]  ? memdup_user+0x99/0xd0
[  104.497642][ T5808]  __se_sys_mount+0xef/0x2e0
[  104.497747][ T5808]  ? __bpf_trace_sys_enter+0x10/0x30
[  104.497773][ T5808]  ? __traceiter_sys_enter+0x5c/0x80
[  104.497864][ T5808]  ? trace_sys_enter+0xd0/0xf0
[  104.497894][ T5808]  __x64_sys_mount+0x67/0x80
[  104.497920][ T5808]  x64_sys_call+0x2b51/0x3000
[  104.498020][ T5808]  do_syscall_64+0xd2/0x200
[  104.498044][ T5808]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  104.498074][ T5808]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  104.498110][ T5808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.498145][ T5808] RIP: 0033:0x7fd54a14efc9
[  104.498162][ T5808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.498184][ T5808] RSP: 002b:00007fd548baf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  104.498205][ T5808] RAX: ffffffffffffffda RBX: 00007fd54a3a5fa0 RCX: 00007fd54a14efc9
[  104.498219][ T5808] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 0000000000000000
[  104.498232][ T5808] RBP: 00007fd548baf090 R08: 0000200000000600 R09: 0000000000000000
[  104.498317][ T5808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  104.498330][ T5808] R13: 00007fd54a3a6038 R14: 00007fd54a3a5fa0 R15: 00007fff81330a78
[  104.498352][ T5808]  </TASK>
[  104.991418][ T5823] loop1: detected capacity change from 0 to 4096
[  105.066181][   T29] kauditd_printk_skb: 650 callbacks suppressed
[  105.066199][   T29] audit: type=1326 audit(105.037:11723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5825 comm="syz.3.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x50000
[  105.176566][ T5829] netlink: 'syz.2.798': attribute type 2 has an invalid length.
[  105.212672][   T29] audit: type=1326 audit(105.037:11724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5825 comm="syz.3.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x50000
[  105.235453][   T29] audit: type=1326 audit(105.047:11725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5825 comm="syz.3.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x50000
[  105.258091][   T29] audit: type=1326 audit(105.047:11726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5825 comm="syz.3.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x50000
[  105.280808][   T29] audit: type=1326 audit(105.047:11727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5825 comm="syz.3.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x50000
[  105.303411][   T29] audit: type=1326 audit(105.047:11728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5825 comm="syz.3.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x50000
[  105.326015][   T29] audit: type=1326 audit(105.047:11729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5825 comm="syz.3.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x50000
[  105.348642][   T29] audit: type=1326 audit(105.047:11730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5825 comm="syz.3.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x50000
[  105.371253][   T29] audit: type=1326 audit(105.047:11731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5825 comm="syz.3.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x50000
[  105.393944][   T29] audit: type=1326 audit(105.047:11732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5825 comm="syz.3.797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547d3eefc9 code=0x50000
[  105.568613][ T5838] loop4: detected capacity change from 0 to 512
[  105.916900][ T5841] netlink: 664 bytes leftover after parsing attributes in process `syz.2.800'.
[  105.957826][ T5843] netlink: 'syz.1.801': attribute type 2 has an invalid length.
[  106.140067][ T5846] netlink: 48 bytes leftover after parsing attributes in process `syz.0.802'.
[  106.453020][ T5838] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  106.461170][ T5838] EXT4-fs (loop4): orphan cleanup on readonly fs
[  106.470261][ T5838] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #16: comm syz.4.799: corrupted inode contents
[  106.482657][ T5838] EXT4-fs (loop4): Remounting filesystem read-only
[  106.489356][ T5838] EXT4-fs (loop4): 1 truncate cleaned up
[  106.495546][ T4754] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  106.506089][ T4754] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  106.630781][ T4754] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  106.738354][ T5838] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  106.814090][ T5872] wireguard0: entered promiscuous mode
[  106.819743][ T5872] wireguard0: entered allmulticast mode
[  106.848125][ T5865] loop1: detected capacity change from 0 to 4096
[  106.914258][ T5876] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  106.917703][ T5865] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.924143][ T5876] SELinux: failed to load policy
[  107.754689][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.814323][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.925230][ T5895] netlink: 60 bytes leftover after parsing attributes in process `syz.1.816'.
[  107.934366][ T5895] IPVS: Unknown mcast interface: 
[  107.992348][ T5896] loop4: detected capacity change from 0 to 8192
[  108.011881][ T5901] netlink: 6024 bytes leftover after parsing attributes in process `syz.1.820'.
[  108.046351][ T5896]  loop4: p1 p2 p4[DM]
[  108.051187][ T5896] loop4: p1 size 835329 extends beyond EOD, truncated
[  108.064456][ T5896] loop4: p2 size 327680 extends beyond EOD, truncated
[  108.077528][ T5896] loop4: p4 size 262144 extends beyond EOD, truncated
[  108.108728][ T5896] netlink: 664 bytes leftover after parsing attributes in process `syz.4.817'.
[  108.333545][ T5917] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  108.345657][ T5915] wireguard0: entered promiscuous mode
[  108.351300][ T5915] wireguard0: entered allmulticast mode
[  108.358111][ T5910] loop1: detected capacity change from 0 to 8192
[  108.390886][ T5925] SELinux: failed to load policy
[  108.399760][ T5910]  loop1: p1 p2 p4[DM]
[  108.404328][ T5910] loop1: p1 size 835329 extends beyond EOD, truncated
[  108.419205][ T5910] loop1: p2 size 327680 extends beyond EOD, truncated
[  108.432331][ T5917] macvtap0: refused to change device tx_queue_len
[  108.450302][ T5910] loop1: p4 size 262144 extends beyond EOD, truncated
[  108.741047][ T5936] netlink: 'syz.4.833': attribute type 2 has an invalid length.
[  108.817970][ T5938] SELinux:  Context system_u:object_r:setrans_initrc_exec_t:s0 is not valid (left unmapped).
[  109.240545][ T5945] FAULT_INJECTION: forcing a failure.
[  109.240545][ T5945] name failslab, interval 1, probability 0, space 0, times 0
[  109.253467][ T5945] CPU: 0 UID: 0 PID: 5945 Comm: syz.2.838 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  109.253494][ T5945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  109.253506][ T5945] Call Trace:
[  109.253511][ T5945]  <TASK>
[  109.253518][ T5945]  __dump_stack+0x1d/0x30
[  109.253541][ T5945]  dump_stack_lvl+0xe8/0x140
[  109.253583][ T5945]  dump_stack+0x15/0x1b
[  109.253606][ T5945]  should_fail_ex+0x265/0x280
[  109.253627][ T5945]  ? pfifo_fast_change_tx_queue_len+0x86/0x5e0
[  109.253664][ T5945]  should_failslab+0x8c/0xb0
[  109.253692][ T5945]  __kmalloc_cache_noprof+0x4c/0x4a0
[  109.253807][ T5945]  pfifo_fast_change_tx_queue_len+0x86/0x5e0
[  109.253848][ T5945]  ? qdisc_reset+0x214/0x2f0
[  109.253884][ T5945]  ? _raw_spin_unlock_bh+0x36/0x40
[  109.253908][ T5945]  ? dev_reset_queue+0xb3/0xc0
[  109.253947][ T5945]  ? _raw_spin_unlock_bh+0x36/0x40
[  109.253969][ T5945]  ? dev_deactivate_many+0x701/0x730
[  109.254045][ T5945]  ? __pfx_pfifo_fast_change_tx_queue_len+0x10/0x10
[  109.254077][ T5945]  dev_qdisc_change_tx_queue_len+0x1c8/0x280
[  109.254125][ T5945]  netif_change_tx_queue_len+0xf9/0x170
[  109.254240][ T5945]  dev_change_tx_queue_len+0xc0/0x170
[  109.254267][ T5945]  dev_ifsioc+0x1a1/0xaa0
[  109.254288][ T5945]  ? __rcu_read_unlock+0x4f/0x70
[  109.254388][ T5945]  dev_ioctl+0x70a/0x960
[  109.254414][ T5945]  sock_do_ioctl+0x197/0x220
[  109.254447][ T5945]  sock_ioctl+0x41b/0x610
[  109.254496][ T5945]  ? __pfx___bpf_trace_sys_enter+0x10/0x10
[  109.254583][ T5945]  ? __pfx_sock_ioctl+0x10/0x10
[  109.254610][ T5945]  __se_sys_ioctl+0xce/0x140
[  109.254638][ T5945]  __x64_sys_ioctl+0x43/0x50
[  109.254715][ T5945]  x64_sys_call+0x1816/0x3000
[  109.254750][ T5945]  do_syscall_64+0xd2/0x200
[  109.254819][ T5945]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  109.254903][ T5945]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  109.254966][ T5945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.254993][ T5945] RIP: 0033:0x7f0287d0efc9
[  109.255012][ T5945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  109.255029][ T5945] RSP: 002b:00007f028676f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  109.255050][ T5945] RAX: ffffffffffffffda RBX: 00007f0287f65fa0 RCX: 00007f0287d0efc9
[  109.255092][ T5945] RDX: 0000200000000100 RSI: 0000000000008943 RDI: 0000000000000007
[  109.255108][ T5945] RBP: 00007f028676f090 R08: 0000000000000000 R09: 0000000000000000
[  109.255123][ T5945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  109.255139][ T5945] R13: 00007f0287f66038 R14: 00007f0287f65fa0 R15: 00007ffebf10edb8
[  109.255160][ T5945]  </TASK>
[  109.255168][ T5945] macvtap0: refused to change device tx_queue_len
[  110.085827][   T29] kauditd_printk_skb: 141 callbacks suppressed
[  110.085845][   T29] audit: type=1326 audit(110.057:11868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5942 comm="syz.1.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd54a14efc9 code=0x7ffc0000
[  110.252159][ T4758] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.318971][ T4758] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.423626][ T4758] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.479592][ T5975] netlink: 'syz.2.852': attribute type 2 has an invalid length.
[  110.490429][ T4758] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.649120][ T4758] bridge_slave_1: left allmulticast mode
[  110.654984][ T4758] bridge_slave_1: left promiscuous mode
[  110.660711][ T4758] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.677173][ T4758] bridge_slave_0: left allmulticast mode
[  110.682908][ T4758] bridge_slave_0: left promiscuous mode
[  110.688725][ T4758] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.708589][   T29] audit: type=1326 audit(110.687:11869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  110.731371][   T29] audit: type=1326 audit(110.687:11870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  110.754008][   T29] audit: type=1326 audit(110.687:11871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  110.776653][   T29] audit: type=1326 audit(110.687:11872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  110.799513][   T29] audit: type=1326 audit(110.687:11873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  110.822134][   T29] audit: type=1326 audit(110.687:11874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  110.844730][   T29] audit: type=1326 audit(110.687:11875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  110.867286][   T29] audit: type=1326 audit(110.687:11876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  110.889979][   T29] audit: type=1326 audit(110.687:11877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5986 comm="syz.2.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  111.150895][ T5992] netlink: 664 bytes leftover after parsing attributes in process `syz.0.856'.
[  111.169190][ T4758] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  111.180590][ T4758] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  111.190389][ T4758] bond0 (unregistering): Released all slaves
[  111.268783][ T4758] hsr_slave_0: left promiscuous mode
[  111.274776][ T4758] hsr_slave_1: left promiscuous mode
[  111.281281][ T4758] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  111.288774][ T4758] batman_adv: batadv0: Removing interface: batadv_slave_0
[  111.309417][ T4758] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  111.316939][ T4758] batman_adv: batadv0: Removing interface: batadv_slave_1
[  111.344409][ T4758] veth1_macvtap: left promiscuous mode
[  111.354255][ T4758] veth0_macvtap: left promiscuous mode
[  111.429333][ T4758] team0 (unregistering): Port device team_slave_1 removed
[  111.441093][ T4758] team0 (unregistering): Port device team_slave_0 removed
[  111.683755][ T5969] chnl_net:caif_netlink_parms(): no params data found
[  111.889612][ T6017] loop1: detected capacity change from 0 to 512
[  111.994442][ T6021] netlink: 'syz.2.865': attribute type 2 has an invalid length.
[  112.011886][ T6017] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  112.020165][ T6017] EXT4-fs (loop1): orphan cleanup on readonly fs
[  112.047388][ T6017] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.862: corrupted inode contents
[  112.059791][ T6017] EXT4-fs (loop1): Remounting filesystem read-only
[  112.066621][ T6017] EXT4-fs (loop1): 1 truncate cleaned up
[  112.073843][ T4754] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  112.084467][ T4754] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  112.114001][ T6025] SELinux: failed to load policy
[  112.130257][ T4754] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  112.171940][ T6017] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  112.207233][ T6022] wireguard0: entered promiscuous mode
[  112.212771][ T6022] wireguard0: entered allmulticast mode
[  112.253281][ T5547] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  112.259550][ T3590] Bluetooth: hci0: command 0x1003 tx timeout
[  112.477563][ T5969] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.484699][ T5969] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.585929][ T6028] loop4: detected capacity change from 0 to 8192
[  112.646176][ T5969] bridge_slave_0: entered allmulticast mode
[  112.676641][ T5969] bridge_slave_0: entered promiscuous mode
[  112.692146][ T5969] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.699285][ T5969] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.737640][ T6028]  loop4: p1 p2 p4[DM]
[  112.741903][ T6028] loop4: p1 size 835329 extends beyond EOD, truncated
[  112.749349][ T6028] loop4: p2 size 327680 extends beyond EOD, truncated
[  112.758579][ T5969] bridge_slave_1: entered allmulticast mode
[  112.776270][ T6028] loop4: p4 size 262144 extends beyond EOD, truncated
[  112.785461][ T5969] bridge_slave_1: entered promiscuous mode
[  112.854236][ T5969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  112.887357][ T5969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  112.989615][ T5969] team0: Port device team_slave_0 added
[  113.013411][ T5969] team0: Port device team_slave_1 added
[  113.033784][ T6035] netlink: 'syz.4.868': attribute type 2 has an invalid length.
[  113.083758][ T5969] batman_adv: batadv0: Adding interface: batadv_slave_0
[  113.090848][ T5969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  113.116765][ T5969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  113.240328][ T6037] qrtr: Invalid version 195
[  113.257927][ T5969] batman_adv: batadv0: Adding interface: batadv_slave_1
[  113.264950][ T5969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  113.291143][ T5969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  113.390542][ T5969] hsr_slave_0: entered promiscuous mode
[  113.396737][ T5969] hsr_slave_1: entered promiscuous mode
[  113.402731][ T5969] debugfs: 'hsr0' already exists in 'hsr'
[  113.408522][ T5969] Cannot create hsr debugfs directory
[  113.512648][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.529910][ T6053] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  113.529910][ T6053]    program syz.0.876 not setting count and/or reply_len properly
[  113.546755][ T6053] FAULT_INJECTION: forcing a failure.
[  113.546755][ T6053] name failslab, interval 1, probability 0, space 0, times 0
[  113.559517][ T6053] CPU: 1 UID: 0 PID: 6053 Comm: syz.0.876 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  113.559551][ T6053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  113.559573][ T6053] Call Trace:
[  113.559579][ T6053]  <TASK>
[  113.559587][ T6053]  __dump_stack+0x1d/0x30
[  113.559622][ T6053]  dump_stack_lvl+0xe8/0x140
[  113.559714][ T6053]  dump_stack+0x15/0x1b
[  113.559731][ T6053]  should_fail_ex+0x265/0x280
[  113.559751][ T6053]  should_failslab+0x8c/0xb0
[  113.559794][ T6053]  __kmalloc_noprof+0xa5/0x570
[  113.559865][ T6053]  ? blk_rq_map_user_iov+0x23e/0x1520
[  113.559888][ T6053]  blk_rq_map_user_iov+0x23e/0x1520
[  113.559922][ T6053]  blk_rq_map_user_io+0x18f/0x260
[  113.559943][ T6053]  ? alloc_pages_mpol+0x217/0x260
[  113.559966][ T6053]  ? alloc_pages_noprof+0xa9/0x130
[  113.560002][ T6053]  ? sg_build_indirect+0x3a5/0x450
[  113.560036][ T6053]  sg_common_write+0xb06/0xc30
[  113.560078][ T6053]  sg_write+0x6b5/0x750
[  113.560121][ T6053]  vfs_writev+0x406/0x8b0
[  113.560153][ T6053]  ? __pfx_sg_write+0x10/0x10
[  113.560190][ T6053]  do_writev+0xe7/0x210
[  113.560282][ T6053]  __x64_sys_writev+0x45/0x50
[  113.560310][ T6053]  x64_sys_call+0x1e9a/0x3000
[  113.560389][ T6053]  do_syscall_64+0xd2/0x200
[  113.560408][ T6053]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  113.560437][ T6053]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  113.560469][ T6053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.560536][ T6053] RIP: 0033:0x7f778a0defc9
[  113.560551][ T6053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.560571][ T6053] RSP: 002b:00007f7788b3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  113.560590][ T6053] RAX: ffffffffffffffda RBX: 00007f778a335fa0 RCX: 00007f778a0defc9
[  113.560602][ T6053] RDX: 0000000000000002 RSI: 0000200000000080 RDI: 0000000000000006
[  113.560690][ T6053] RBP: 00007f7788b3f090 R08: 0000000000000000 R09: 0000000000000000
[  113.560702][ T6053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  113.560714][ T6053] R13: 00007f778a336038 R14: 00007f778a335fa0 R15: 00007ffcc85b8908
[  113.560734][ T6053]  </TASK>
[  113.565817][ T6055] netlink: 4 bytes leftover after parsing attributes in process `syz.1.875'.
[  113.614904][ T5969] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  113.802730][ T5969] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  113.813952][ T5969] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  113.824283][ T5969] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  113.870070][ T6063] loop4: detected capacity change from 0 to 512
[  113.906267][ T6070] netlink: 'syz.0.880': attribute type 2 has an invalid length.
[  113.931094][ T5969] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.948055][ T6063] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  113.975655][ T6063] EXT4-fs (loop4): orphan cleanup on readonly fs
[  114.003779][ T5969] 8021q: adding VLAN 0 to HW filter on device team0
[  114.047332][ T4758] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.054430][ T4758] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.066514][ T6063] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #16: comm syz.4.878: corrupted inode contents
[  114.168653][ T6063] EXT4-fs (loop4): Remounting filesystem read-only
[  114.192289][ T6063] EXT4-fs (loop4): 1 truncate cleaned up
[  114.198198][ T4752] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  114.208769][ T4752] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  114.235755][ T4752] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[  114.268973][ T4758] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.276207][ T4758] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.286023][ T6063] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  114.314161][ T5969] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  114.324658][ T5969] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  114.520748][ T5969] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.742529][ T6097] wireguard0: entered promiscuous mode
[  114.748186][ T6097] wireguard0: entered allmulticast mode
[  114.842748][ T6110] netlink: 12 bytes leftover after parsing attributes in process `syz.1.887'.
[  114.942511][ T6113] SELinux: failed to load policy
[  115.113193][ T5969] veth0_vlan: entered promiscuous mode
[  115.133197][ T5969] veth1_vlan: entered promiscuous mode
[  115.215406][ T5969] veth0_macvtap: entered promiscuous mode
[  115.264599][ T5969] veth1_macvtap: entered promiscuous mode
[  115.329808][ T5969] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.390881][ T5969] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.455294][   T37] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.511033][   T37] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.606542][   T37] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.643770][   T37] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.677982][ T6129] netlink: 48 bytes leftover after parsing attributes in process `syz.5.848'.
[  115.877909][ T6132] loop1: detected capacity change from 0 to 8192
[  115.928568][   T29] kauditd_printk_skb: 544 callbacks suppressed
[  115.928585][   T29] audit: type=1326 audit(115.907:12410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6137 comm="syz.5.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  115.966844][ T6132]  loop1: p1 p2 p4[DM]
[  115.971053][ T6132] loop1: p1 size 835329 extends beyond EOD, truncated
[  116.062943][ T6132] loop1: p2 size 327680 extends beyond EOD, truncated
[  116.091465][ T6132] loop1: p4 size 262144 extends beyond EOD, truncated
[  116.294452][ T6146] netlink: 'syz.1.899': attribute type 2 has an invalid length.
[  116.393560][   T29] audit: type=1326 audit(115.907:12411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6137 comm="syz.5.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  116.416469][   T29] audit: type=1326 audit(116.027:12412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6137 comm="syz.5.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  116.439362][   T29] audit: type=1326 audit(116.027:12413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6137 comm="syz.5.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  116.462182][   T29] audit: type=1326 audit(116.027:12414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6137 comm="syz.5.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  116.485078][   T29] audit: type=1326 audit(116.027:12415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6137 comm="syz.5.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  116.507887][   T29] audit: type=1326 audit(116.027:12416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6137 comm="syz.5.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  116.530820][   T29] audit: type=1326 audit(116.027:12417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6137 comm="syz.5.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  116.553658][   T29] audit: type=1326 audit(116.027:12418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6137 comm="syz.5.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  116.576577][   T29] audit: type=1326 audit(116.027:12419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6137 comm="syz.5.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  116.621608][ T6151] geneve2: entered promiscuous mode
[  116.626909][ T6151] geneve2: entered allmulticast mode
[  116.716123][ T6156] wireguard0: entered promiscuous mode
[  116.721704][ T6156] wireguard0: entered allmulticast mode
[  116.775047][ T6162] SELinux: failed to load policy
[  116.809900][ T6166] netlink: 48 bytes leftover after parsing attributes in process `syz.2.905'.
[  117.062479][ T6172] geneve2: entered promiscuous mode
[  117.067862][ T6172] geneve2: entered allmulticast mode
[  117.216704][ T6179] loop5: detected capacity change from 0 to 4096
[  117.387296][ T6179] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  117.506419][ T6185] netlink: 12 bytes leftover after parsing attributes in process `syz.0.913'.
[  117.626700][ T6192] netlink: 48 bytes leftover after parsing attributes in process `syz.2.916'.
[  117.928132][ T6201] loop1: detected capacity change from 0 to 8192
[  117.980026][ T5969] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.990231][ T6201]  loop1: p1 p2 p4[DM]
[  117.994439][ T6201] loop1: p1 size 835329 extends beyond EOD, truncated
[  118.021793][ T6201] loop1: p2 size 327680 extends beyond EOD, truncated
[  118.042054][ T6201] loop1: p4 size 262144 extends beyond EOD, truncated
[  118.078259][ T6201] netlink: 664 bytes leftover after parsing attributes in process `syz.1.918'.
[  118.115664][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.227744][ T6205] loop5: detected capacity change from 0 to 8192
[  118.263516][ T6207] loop4: detected capacity change from 0 to 8192
[  118.286724][ T6210] loop1: detected capacity change from 0 to 128
[  118.295260][ T6205]  loop5: p1 p2 p4[DM]
[  118.299886][ T6205] loop5: p1 size 835329 extends beyond EOD, truncated
[  118.318210][ T6205] loop5: p2 size 327680 extends beyond EOD, truncated
[  118.325637][ T6205] loop5: p4 size 262144 extends beyond EOD, truncated
[  118.326720][ T6207]  loop4: p1 p2 p4[DM]
[  118.336985][ T6207] loop4: p1 size 835329 extends beyond EOD, truncated
[  118.357096][ T6207] loop4: p2 size 327680 extends beyond EOD, truncated
[  118.376458][ T6207] loop4: p4 size 262144 extends beyond EOD, truncated
[  118.478104][ T6207] netlink: 664 bytes leftover after parsing attributes in process `syz.4.921'.
[  118.506119][ T6216] netlink: 12 bytes leftover after parsing attributes in process `syz.5.923'.
[  118.515094][ T6213] wireguard0: entered promiscuous mode
[  118.520690][ T6213] wireguard0: entered allmulticast mode
[  118.528330][ T6216] netlink: 48 bytes leftover after parsing attributes in process `syz.5.923'.
[  118.652393][ T6217] SELinux: failed to load policy
[  118.768204][ T6220] FAULT_INJECTION: forcing a failure.
[  118.768204][ T6220] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  118.781393][ T6220] CPU: 0 UID: 0 PID: 6220 Comm: syz.5.927 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  118.781528][ T6220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  118.781544][ T6220] Call Trace:
[  118.781552][ T6220]  <TASK>
[  118.781563][ T6220]  __dump_stack+0x1d/0x30
[  118.781591][ T6220]  dump_stack_lvl+0xe8/0x140
[  118.781611][ T6220]  dump_stack+0x15/0x1b
[  118.781638][ T6220]  should_fail_ex+0x265/0x280
[  118.781663][ T6220]  should_fail+0xb/0x20
[  118.781683][ T6220]  should_fail_usercopy+0x1a/0x20
[  118.781748][ T6220]  _copy_from_user+0x1c/0xb0
[  118.781781][ T6220]  ___sys_sendmsg+0xc1/0x1d0
[  118.781845][ T6220]  __x64_sys_sendmsg+0xd4/0x160
[  118.781906][ T6220]  x64_sys_call+0x191e/0x3000
[  118.781926][ T6220]  do_syscall_64+0xd2/0x200
[  118.781949][ T6220]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  118.782050][ T6220]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  118.782153][ T6220]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.782180][ T6220] RIP: 0033:0x7fba1fdfefc9
[  118.782199][ T6220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  118.782222][ T6220] RSP: 002b:00007fba1e85f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  118.782272][ T6220] RAX: ffffffffffffffda RBX: 00007fba20055fa0 RCX: 00007fba1fdfefc9
[  118.782286][ T6220] RDX: 0000000000004000 RSI: 0000200000005cc0 RDI: 0000000000000004
[  118.782302][ T6220] RBP: 00007fba1e85f090 R08: 0000000000000000 R09: 0000000000000000
[  118.782318][ T6220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  118.782362][ T6220] R13: 00007fba20056038 R14: 00007fba20055fa0 R15: 00007ffeaa510eb8
[  118.782394][ T6220]  </TASK>
[  119.270844][ T6241] loop5: detected capacity change from 0 to 512
[  119.287519][ T6241] EXT4-fs: Ignoring removed nobh option
[  119.311504][ T6238] loop4: detected capacity change from 0 to 8192
[  119.326748][ T6241] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #3: comm syz.5.933: corrupted inode contents
[  119.344581][ T6245] loop1: detected capacity change from 0 to 512
[  119.351162][ T6241] EXT4-fs error (device loop5): ext4_dirty_inode:6517: inode #3: comm syz.5.933: mark_inode_dirty error
[  119.372760][ T6241] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #3: comm syz.5.933: corrupted inode contents
[  119.386353][ T6241] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #3: comm syz.5.933: mark_inode_dirty error
[  119.398175][ T6238]  loop4: p1 p2 p4[DM]
[  119.402290][ T6238] loop4: p1 size 835329 extends beyond EOD, truncated
[  119.416345][ T6245] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  119.424367][ T6245] EXT4-fs (loop1): orphan cleanup on readonly fs
[  119.437390][ T6245] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.931: corrupted inode contents
[  119.440064][ T6250] netlink: 8 bytes leftover after parsing attributes in process `syz.0.934'.
[  119.449739][ T6245] EXT4-fs (loop1): Remounting filesystem read-only
[  119.458139][ T6250] netlink: 12 bytes leftover after parsing attributes in process `syz.0.934'.
[  119.464936][ T6245] EXT4-fs (loop1): 1 truncate cleaned up
[  119.476452][ T6241] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.933: Failed to acquire dquot type 0
[  119.490659][ T6238] loop4: p2 size 327680 extends beyond EOD, truncated
[  119.497584][ T4754] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  119.508215][ T4754] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  119.522220][ T6238] loop4: p4 size 262144 extends beyond EOD, truncated
[  119.538336][ T6241] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #16: comm syz.5.933: corrupted inode contents
[  119.544718][ T4754] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  119.552825][ T6251] netlink: 664 bytes leftover after parsing attributes in process `syz.4.932'.
[  119.576661][ T6245] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  119.627956][ T6241] EXT4-fs error (device loop5): ext4_dirty_inode:6517: inode #16: comm syz.5.933: mark_inode_dirty error
[  119.640538][ T6241] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #16: comm syz.5.933: corrupted inode contents
[  119.654655][ T6241] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #16: comm syz.5.933: mark_inode_dirty error
[  119.698738][ T6253] netlink: 12 bytes leftover after parsing attributes in process `syz.0.935'.
[  119.708032][ T6241] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #16: comm syz.5.933: corrupted inode contents
[  119.733642][ T6241] EXT4-fs error (device loop5) in ext4_orphan_del:301: Corrupt filesystem
[  119.755836][ T6241] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #16: comm syz.5.933: corrupted inode contents
[  119.770654][ T6256] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  119.780712][ T6256] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  119.792460][ T6241] EXT4-fs error (device loop5): ext4_truncate:4637: inode #16: comm syz.5.933: mark_inode_dirty error
[  119.827299][ T6241] EXT4-fs error (device loop5) in ext4_process_orphan:343: Corrupt filesystem
[  119.837750][ T6258] netlink: 'syz.4.936': attribute type 12 has an invalid length.
[  119.858972][ T6241] EXT4-fs (loop5): 1 truncate cleaned up
[  119.866961][ T6256] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  119.876948][ T6256] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  119.878915][ T6241] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  119.960395][ T6256] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  119.970252][ T6256] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  120.087523][ T6256] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  120.097529][ T6256] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  120.151353][ T6260] netlink: 28 bytes leftover after parsing attributes in process `syz.5.933'.
[  120.196278][ T6241] netlink: 28 bytes leftover after parsing attributes in process `syz.5.933'.
[  120.223021][ T4752] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  120.231318][ T4752] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  120.256246][ T6241] syz.5.933 (6241) used greatest stack depth: 9680 bytes left
[  120.263822][   T37] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  120.272050][   T37] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  120.325878][ T5969] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.344630][   T37] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  120.352932][   T37] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  120.382726][   T37] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  120.391009][   T37] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  120.755376][ T6285] netlink: 8 bytes leftover after parsing attributes in process `syz.2.944'.
[  120.790455][   T37] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  120.829220][   T37] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  120.849863][   T37] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  120.866088][   T37] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  120.981900][ T6289] netlink: 664 bytes leftover after parsing attributes in process `syz.2.946'.
[  120.998769][ T6287] loop4: detected capacity change from 0 to 8192
[  121.060570][ T6287]  loop4: p1 p2 p4[DM]
[  121.064797][ T6287] loop4: p1 size 835329 extends beyond EOD, truncated
[  121.083780][ T6287] loop4: p2 size 327680 extends beyond EOD, truncated
[  121.090555][ T6293] netlink: 664 bytes leftover after parsing attributes in process `syz.4.945'.
[  121.108998][ T6295] wireguard0: entered promiscuous mode
[  121.114528][ T6295] wireguard0: entered allmulticast mode
[  121.128294][ T6287] loop4: p4 size 262144 extends beyond EOD, truncated
[  121.166704][ T6291] SELinux: failed to load policy
[  121.331303][   T29] kauditd_printk_skb: 199 callbacks suppressed
[  121.331332][   T29] audit: type=1326 audit(121.307:12611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6299 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  121.360371][   T29] audit: type=1326 audit(121.307:12612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6299 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  121.383131][   T29] audit: type=1326 audit(121.307:12613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6299 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  121.405997][   T29] audit: type=1326 audit(121.307:12614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6299 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  121.428733][   T29] audit: type=1326 audit(121.307:12615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6299 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  121.451625][   T29] audit: type=1326 audit(121.307:12616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6299 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  121.474240][   T29] audit: type=1326 audit(121.307:12617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6299 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  121.496919][   T29] audit: type=1326 audit(121.307:12618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6299 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  121.519611][   T29] audit: type=1326 audit(121.307:12619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6299 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  121.542273][   T29] audit: type=1326 audit(121.307:12620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6299 comm="syz.2.950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0287d0efc9 code=0x50000
[  121.684603][ T6309] loop4: detected capacity change from 0 to 128
[  121.806327][ T6316] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  121.806327][ T6316]    program syz.0.955 not setting count and/or reply_len properly
[  122.361520][ T6329] wireguard0: entered promiscuous mode
[  122.367087][ T6329] wireguard0: entered allmulticast mode
[  122.546751][ T6337] SELinux: failed to load policy
[  122.561725][ T6339] loop5: detected capacity change from 0 to 512
[  122.792813][ T6339] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  122.936457][ T6339] EXT4-fs (loop5): orphan cleanup on readonly fs
[  123.049141][ T6339] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #16: comm syz.5.961: corrupted inode contents
[  123.303696][ T6339] EXT4-fs (loop5): Remounting filesystem read-only
[  123.346209][ T6339] EXT4-fs (loop5): 1 truncate cleaned up
[  123.352011][ T4752] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  123.362578][ T4752] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  123.445538][ T4752] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  123.516729][ T6339] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  123.642416][ T6339] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.439762][ T6358] netlink: 12 bytes leftover after parsing attributes in process `syz.2.965'.
[  124.490412][ T6358] netlink: 8 bytes leftover after parsing attributes in process `syz.2.965'.
[  124.797467][ T6366] loop4: detected capacity change from 0 to 512
[  124.804099][ T6366] /dev/loop4: Can't open blockdev
[  125.032327][ T6373] geneve2: entered promiscuous mode
[  125.037665][ T6373] geneve2: entered allmulticast mode
[  125.316172][ T5547] Bluetooth: hci0: sending frame failed (-49)
[  125.322603][ T3590] Bluetooth: hci0: Opcode 0x1003 failed: -49
[  125.508594][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.806233][ T6385] geneve2: entered promiscuous mode
[  125.811890][ T6385] geneve2: entered allmulticast mode
[  125.871450][ T6390] loop1: detected capacity change from 0 to 8192
[  125.946405][ T6390]  loop1: p1 p2 p4[DM]
[  125.956184][ T6390] loop1: p1 size 835329 extends beyond EOD, truncated
[  125.985313][ T6398] netlink: 12 bytes leftover after parsing attributes in process `syz.5.980'.
[  125.994962][ T6390] loop1: p2 size 327680 extends beyond EOD, truncated
[  126.016659][ T6390] loop1: p4 size 262144 extends beyond EOD, truncated
[  126.042808][ T6398] netlink: 8 bytes leftover after parsing attributes in process `syz.5.980'.
[  126.164980][ T6396] netlink: 112 bytes leftover after parsing attributes in process `syz.2.979'.
[  126.321992][ T6404] loop1: detected capacity change from 0 to 8192
[  126.372768][   T29] kauditd_printk_skb: 118 callbacks suppressed
[  126.372837][   T29] audit: type=1326 audit(126.347:12733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6397 comm="syz.5.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  126.407470][ T6404]  loop1: p1 p2 p4[DM]
[  126.411671][ T6404] loop1: p1 size 835329 extends beyond EOD, truncated
[  126.446289][ T6404] loop1: p2 size 327680 extends beyond EOD, truncated
[  126.478375][ T6404] loop1: p4 size 262144 extends beyond EOD, truncated
[  126.499234][   T29] audit: type=1326 audit(126.407:12734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6397 comm="syz.5.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  126.562238][ T6415] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  126.581512][ T6404] netlink: 664 bytes leftover after parsing attributes in process `syz.1.982'.
[  126.583853][ T6410] wireguard0: entered promiscuous mode
[  126.596266][ T6410] wireguard0: entered allmulticast mode
[  126.607155][ T6415] SELinux: failed to load policy
[  126.915101][ T6428] netlink: 8 bytes leftover after parsing attributes in process `syz.1.991'.
[  127.047682][ T6434] netlink: 48 bytes leftover after parsing attributes in process `syz.2.993'.
[  127.064019][ T6432] wireguard0: entered promiscuous mode
[  127.069683][ T6432] wireguard0: entered allmulticast mode
[  127.115359][ T6438] SELinux: failed to load policy
[  127.239818][ T6437] netlink: 112 bytes leftover after parsing attributes in process `syz.2.994'.
[  127.704669][ T6455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1002'.
[  127.874126][ T6463] loop1: detected capacity change from 0 to 8192
[  127.926287][ T6463]  loop1: p1 p2 p4[DM]
[  127.936173][ T6463] loop1: p1 size 835329 extends beyond EOD, truncated
[  127.972531][ T6463] loop1: p2 size 327680 extends beyond EOD, truncated
[  127.992839][ T6463] loop1: p4 size 262144 extends beyond EOD, truncated
[  128.097309][ T6465] netlink: 664 bytes leftover after parsing attributes in process `syz.4.1006'.
[  128.181261][ T6471] netlink: 'syz.1.1009': attribute type 2 has an invalid length.
[  128.422344][ T6486] tipc: Started in network mode
[  128.427341][ T6486] tipc: Node identity ac14140f, cluster identity 4711
[  128.434338][ T6486] tipc: New replicast peer: 255.255.255.255
[  128.440733][ T6486] tipc: Enabled bearer <udp:syz2>, priority 10
[  128.513137][ T6499] netlink: 'syz.1.1017': attribute type 2 has an invalid length.
[  128.610299][ T6507] geneve2: entered promiscuous mode
[  128.615635][ T6507] geneve2: entered allmulticast mode
[  128.821768][ T6533] netlink: 'syz.0.1022': attribute type 2 has an invalid length.
[  129.079339][ T6559] wireguard0: entered promiscuous mode
[  129.085065][ T6559] wireguard0: entered allmulticast mode
[  129.124334][ T6575] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  129.135051][ T6575] SELinux: failed to load policy
[  129.148289][   T29] audit: type=1326 audit(129.127:12735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6566 comm="syz.1.1030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd54a14efc9 code=0x7ffc0000
[  129.153803][ T6567] blktrace: Concurrent blktraces are not allowed on loop2
[  129.189044][ T6572] wireguard0: entered promiscuous mode
[  129.189724][   T29] audit: type=1326 audit(129.127:12736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6566 comm="syz.1.1030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd54a14efc9 code=0x7ffc0000
[  129.194625][ T6572] wireguard0: entered allmulticast mode
[  129.223233][   T29] audit: type=1326 audit(129.127:12737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6566 comm="syz.1.1030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7fd54a14efc9 code=0x7ffc0000
[  129.223343][   T29] audit: type=1326 audit(129.127:12738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6566 comm="syz.1.1030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd54a14efc9 code=0x7ffc0000
[  129.223377][   T29] audit: type=1326 audit(129.127:12739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6566 comm="syz.1.1030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd54a14efc9 code=0x7ffc0000
[  129.223411][   T29] audit: type=1326 audit(129.127:12740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6566 comm="syz.1.1030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fd54a150e5c code=0x7ffc0000
[  129.223513][   T29] audit: type=1326 audit(129.127:12741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6566 comm="syz.1.1030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fd54a150d94 code=0x7ffc0000
[  129.223548][   T29] audit: type=1326 audit(129.127:12742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6566 comm="syz.1.1030" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fd54a150d94 code=0x7ffc0000
[  129.267447][ T6574] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  129.267466][ T6574] batman_adv: batadv0: Removing interface: batadv_slave_0
[  129.279752][ T6574] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  129.279775][ T6574] batman_adv: batadv0: Removing interface: batadv_slave_1
[  129.438368][ T3384] tipc: Node number set to 2886997007
[  129.599627][ T6633] loop1: detected capacity change from 0 to 512
[  129.614850][ T6636] __nla_validate_parse: 8 callbacks suppressed
[  129.614867][ T6636] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1043'.
[  129.622904][ T6633] EXT4-fs warning (device loop1): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  129.630053][ T6636] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1043'.
[  129.654844][ T6633] EXT4-fs (loop1): mount failed
[  129.664792][ T6633] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1041'.
[  129.736814][ T6645] loop1: detected capacity change from 0 to 4096
[  129.745940][ T6645] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  129.971131][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.031582][ T6652] wireguard0: entered promiscuous mode
[  130.037280][ T6652] wireguard0: entered allmulticast mode
[  130.097803][ T6658] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1050'.
[  130.118079][ T6667] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1053'.
[  130.128868][ T6669] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1055'.
[  130.137865][ T6669] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1055'.
[  130.152629][ T6671] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1054'.
[  130.166172][ T4750] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  130.179199][ T4750] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  130.196794][ T4750] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  130.230401][ T6673] loop1: detected capacity change from 0 to 4096
[  130.253458][ T4750] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  130.276007][ T6673] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  130.357790][ T6677] netlink: 664 bytes leftover after parsing attributes in process `syz.0.1057'.
[  130.407518][ T6684] wireguard0: entered promiscuous mode
[  130.413037][ T6684] wireguard0: entered allmulticast mode
[  130.452398][ T6691] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  130.463863][ T6693] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1062'.
[  130.472415][ T6691] SELinux: failed to load policy
[  130.563164][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.586739][ T6703] loop5: detected capacity change from 0 to 2048
[  130.597744][ T6703] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  130.638530][ T6710] loop1: detected capacity change from 0 to 4096
[  130.647753][ T6710] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  130.696976][ T5969] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.019704][ T6732] capability: warning: `syz.0.1075' uses 32-bit capabilities (legacy support in use)
[  131.036708][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.137025][ T6747] FAULT_INJECTION: forcing a failure.
[  131.137025][ T6747] name failslab, interval 1, probability 0, space 0, times 0
[  131.149742][ T6747] CPU: 0 UID: 0 PID: 6747 Comm: syz.0.1082 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  131.149819][ T6747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  131.149836][ T6747] Call Trace:
[  131.149843][ T6747]  <TASK>
[  131.149854][ T6747]  __dump_stack+0x1d/0x30
[  131.149890][ T6747]  dump_stack_lvl+0xe8/0x140
[  131.149917][ T6747]  dump_stack+0x15/0x1b
[  131.149935][ T6747]  should_fail_ex+0x265/0x280
[  131.149954][ T6747]  should_failslab+0x8c/0xb0
[  131.150012][ T6747]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  131.150043][ T6747]  ? __alloc_skb+0x101/0x320
[  131.150089][ T6747]  __alloc_skb+0x101/0x320
[  131.150123][ T6747]  netlink_alloc_large_skb+0xbf/0xf0
[  131.150166][ T6747]  netlink_sendmsg+0x3cf/0x6b0
[  131.150193][ T6747]  ? __pfx_netlink_sendmsg+0x10/0x10
[  131.150275][ T6747]  __sock_sendmsg+0x145/0x180
[  131.150312][ T6747]  ____sys_sendmsg+0x31e/0x4e0
[  131.150416][ T6747]  ___sys_sendmsg+0x17b/0x1d0
[  131.150521][ T6747]  __x64_sys_sendmsg+0xd4/0x160
[  131.150567][ T6747]  x64_sys_call+0x191e/0x3000
[  131.150589][ T6747]  do_syscall_64+0xd2/0x200
[  131.150623][ T6747]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  131.150692][ T6747]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  131.150727][ T6747]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.150754][ T6747] RIP: 0033:0x7f778a0defc9
[  131.150778][ T6747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  131.150840][ T6747] RSP: 002b:00007f7788b3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  131.150876][ T6747] RAX: ffffffffffffffda RBX: 00007f778a335fa0 RCX: 00007f778a0defc9
[  131.150892][ T6747] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000006
[  131.150903][ T6747] RBP: 00007f7788b3f090 R08: 0000000000000000 R09: 0000000000000000
[  131.150917][ T6747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  131.150931][ T6747] R13: 00007f778a336038 R14: 00007f778a335fa0 R15: 00007ffcc85b8908
[  131.150974][ T6747]  </TASK>
[  131.371952][ T6749] loop1: detected capacity change from 0 to 256
[  132.632224][ T6765] SELinux: failed to load policy
[  133.233475][   T29] kauditd_printk_skb: 109 callbacks suppressed
[  133.233492][   T29] audit: type=1400 audit(133.207:12851): avc:  denied  { mounton } for  pid=6779 comm="syz.1.1094" path="/syzcgroup/unified/syz1" dev="cgroup2" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  133.516192][   T29] audit: type=1326 audit(133.467:12852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6786 comm="syz.5.1096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  133.539294][   T29] audit: type=1326 audit(133.467:12853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6786 comm="syz.5.1096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  133.562229][   T29] audit: type=1326 audit(133.467:12854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6786 comm="syz.5.1096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  133.585190][   T29] audit: type=1326 audit(133.467:12855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6786 comm="syz.5.1096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  133.608187][   T29] audit: type=1326 audit(133.467:12856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6786 comm="syz.5.1096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  133.631172][   T29] audit: type=1326 audit(133.467:12857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6786 comm="syz.5.1096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  133.654158][   T29] audit: type=1326 audit(133.467:12858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6786 comm="syz.5.1096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  133.677083][   T29] audit: type=1326 audit(133.467:12859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6786 comm="syz.5.1096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  133.700027][   T29] audit: type=1326 audit(133.467:12860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6786 comm="syz.5.1096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1fdfefc9 code=0x7ffc0000
[  133.726985][ T6787] ÿÿÿÿÿÿ: renamed from vlan1 (while UP)
[  133.830457][ T6797] netlink: 'syz.5.1100': attribute type 2 has an invalid length.
[  133.852814][ T6793] loop1: detected capacity change from 0 to 8192
[  133.926508][ T6793]  loop1: p1 p2 p4[DM]
[  133.930902][ T6793] loop1: p1 size 835329 extends beyond EOD, truncated
[  133.957050][ T6793] loop1: p2 size 327680 extends beyond EOD, truncated
[  133.976662][ T6793] loop1: p4 size 262144 extends beyond EOD, truncated
[  134.509982][ T6820] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  134.509982][ T6820]    program syz.5.1110 not setting count and/or reply_len properly
[  134.664811][ T6833] __nla_validate_parse: 4 callbacks suppressed
[  134.664828][ T6833] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1115'.
[  134.806200][ T3590] Bluetooth: hci0: command 0x1003 tx timeout
[  134.812374][ T5547] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  134.991024][ T6847] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  134.997652][ T6847] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  135.006599][ T6847] vhci_hcd vhci_hcd.0: Device attached
[  135.039091][ T6852] vhci_hcd: connection closed
[  135.039240][ T4750] vhci_hcd: stop threads
[  135.048399][ T4750] vhci_hcd: release socket
[  135.052832][ T4750] vhci_hcd: disconnect device
[  135.657003][   T10] ==================================================================
[  135.665126][   T10] BUG: KCSAN: data-race in __set_task_comm / strlen
[  135.671734][   T10] 
[  135.674054][   T10] write to 0xffff88811a57ea78 of 8 bytes by task 6902 on cpu 1:
[  135.681683][   T10]  __set_task_comm+0x4d/0x140
[  135.686363][   T10]  begin_new_exec+0xebe/0x1170
[  135.691124][   T10]  load_elf_binary+0x62b/0x1a20
[  135.695986][   T10]  bprm_execve+0x477/0x970
[  135.700422][   T10]  kernel_execve+0x617/0x660
[  135.705011][   T10]  call_usermodehelper_exec_async+0x197/0x250
[  135.711092][   T10]  ret_from_fork+0x122/0x1b0
[  135.715681][   T10]  ret_from_fork_asm+0x1a/0x30
[  135.720445][   T10] 
[  135.722761][   T10] read to 0xffff88811a57ea79 of 1 bytes by task 10 on cpu 0:
[  135.730123][   T10]  strlen+0x19/0x40
[  135.733925][   T10]  perf_trace_sched_stat_runtime+0x3c/0x150
[  135.739819][   T10]  update_se+0x129/0x140
[  135.744056][   T10]  update_curr+0x2c/0x1b0
[  135.748387][   T10]  enqueue_task_fair+0x146/0x980
[  135.753329][   T10]  activate_task+0x59/0xb0
[  135.757751][   T10]  ttwu_do_activate+0x69/0x210
[  135.762509][   T10]  try_to_wake_up+0x37f/0x630
[  135.767183][   T10]  kthread_insert_work+0x104/0x1f0
[  135.772307][   T10]  kthread_queue_work+0x78/0xa0
[  135.777158][   T10]  synchronize_rcu_expedited+0x587/0x790
[  135.782804][   T10]  synchronize_rcu+0x45/0x320
[  135.787476][   T10]  xfrm_state_gc_task+0x96/0x4a0
[  135.792417][   T10]  process_scheduled_works+0x4ce/0x9d0
[  135.798039][   T10]  worker_thread+0x582/0x770
[  135.802651][   T10]  kthread+0x489/0x510
[  135.806732][   T10]  ret_from_fork+0x122/0x1b0
[  135.811326][   T10]  ret_from_fork_asm+0x1a/0x30
[  135.816090][   T10] 
[  135.818500][   T10] value changed: 0x77 -> 0x6f
[  135.823161][   T10] 
[  135.825477][   T10] Reported by Kernel Concurrency Sanitizer on:
[  135.831622][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  135.841247][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  135.851299][   T10] Workqueue: events xfrm_state_gc_task
[  135.856853][   T10] ==================================================================
[  137.046104][ T3590] Bluetooth: hci0: command 0x1003 tx timeout
[  137.046115][ T5547] Bluetooth: hci0: Opcode 0x1003 failed: -110