last executing test programs:

2m23.376647876s ago: executing program 1 (id=1385):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x3, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e24, @broadcast}}, 0x7, 0x5, 0x3, 0x7fffffff, 0x12, 0x9, 0x1}, &(0x7f00000002c0)=0x9c)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440), 0x0, 0x0)
r1 = memfd_create(&(0x7f0000000ec0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\x8f\xf8\xd2\x1c\xc0\xfb\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6\x03\x00\x00\x00A\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcas\xf4D\xd4\xd0s\r3\xcb\x9a&\xdf+(\xc9S\x9eL5\x84\xb1\x90pN\xe7/\r\b\x9a\xf13Q\xf9\xdf\x7fX\xa0\xafK\xefh\xbfOv\x9bh\xb3\xc0\xf5\x80\xba\"@\'\x02\xafi\xeaE\xa6a6F\xde\xd4\xfa\x84\xe4+A\xb7\xa2\x8f\xc9\xee|xxn\xefw\x93]%\xd0\x19\x132\x86\xabn\xfe\x91\xb6Cl\xcf\x04\x1cq\xc1\x1d~\x8d\x01\x83\x93_\x83\x8a`v\xb0K,|S\xe4\xba\xb1\f\xc8`\xa6s\xad\x11\xd4wG\x80u\x87u\xff\x87\xee', 0x2)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r2, 0x114, 0xa, &(0x7f0000000140)=ANY=[], 0x4)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x940a, 0x1000007})
fcntl$addseals(r1, 0x409, 0xb)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000340)=0x41ee, 0x4)
getsockopt$inet_sctp_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000140)={0x4, [0x9, 0x1, 0x2, 0x4]}, &(0x7f00000001c0)=0xc)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xb, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x58, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r5}, 0x10)
sendmmsg$inet(r3, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800)
recvfrom(r3, 0x0, 0x2a00, 0x2101, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="8b04e54639a28a760400001500005c21f1f27387a1"], 0x20}}, 0x0)
sendto(0xffffffffffffffff, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd30, 0x720, 0x0, 0xfffffffffffffd25)

2m22.467334279s ago: executing program 1 (id=1402):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000900)=ANY=[@ANYBLOB="1800000000000000000000000000000895"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r0, 0x0, 0x1000000000000000}, 0x18)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x5e21, 0x0, @empty, 0x1000}, 0x1c)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000240)='tunl0\x00', 0x10)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, 0x0, 0x0)

2m22.408392235s ago: executing program 1 (id=1403):
r0 = socket$pptp(0x18, 0x1, 0x2)
r1 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x2a200)
io_uring_setup(0x5b54, &(0x7f0000000040)={0x0, 0x2df0, 0x0, 0x0, 0x2b2})
ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c000000"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18)
ioctl$MON_IOCX_GETX(r1, 0x80089203, &(0x7f0000000a40)={0x0, 0x0})
close_range(r0, 0xffffffffffffffff, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180), 0x8)

2m22.405819075s ago: executing program 1 (id=1404):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000001c0)={@private2, 0x4, 0x1, 0x3, 0x4, 0x3, 0xfffd}, 0x20)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000004c0)=0x8)
getpid()
chown(0x0, 0x0, 0xee01)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeea, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016000000"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x20000000000001d2, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000001000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300), 0x0, 0x0, 0x0, 0x1}}, 0x40)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0xcc, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0xb8, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0xffffffff, 0x5, 0x0, 0x0, 0x0, {0x81, 0x1, 0x0, 0xd85}, {}, 0x4}}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x84040}, 0x0)

2m21.25594407s ago: executing program 1 (id=1425):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x1000040, &(0x7f0000000200)={[{@nouid32}, {@nodioread_nolock}, {@noquota}, {@delalloc}, {@journal_dev={'journal_dev', 0x3d, 0x8}}, {@nodioread_nolock}]}, 0x1, 0x5a3, &(0x7f00000002c0)="$eJzs3T1sG3UbAPDnznHTj7xv+krvK72gDhUgFamqk/QDClO7IipV6oDEApHjRlWcuIodaKJIpHuF6IAAdSkbDIwgBgbEwsjKwseMVNEIpKYDGDk+p2nqFCfEMcS/n3TJ/3939vP8fX7OvtOdHEDfOtr4k0Y8EREXk4jhdcsGIlt4tLneyvJi8f7yYjGJev3Sz0kkEXFvebHYWj/J/h+KiKWI+H9EfJWPOJ6uPeW+VqM6vzA1Xi6XZrP+SG366kh1fuHElenxydJkaebU8y+cOXv6zNjJsfXp3q+v7+W3NtYb3998+8Y3L92++fEnR5aK744ncS6GsmXrx7GTmq9JPs5tmH+6G8F6KOl1AmxLLqvzRin9L4Yjl1V9O/X1O4fBXUkP6KL6YER9zbom0AcSRQ99qvU9oHH825p28/vHnfPNA5BG3JXlxeJb0Yo/0Dw3EftXj00O/pI8dGTSON48vJuJsictXY+I0YGBR9//Sfb+277RnUiQrvryfHNDPbr907X9T7TZ/wy1zp3+Ra3930q2/1tpEz+3yf7vYocxfnv1xw82jX99MJ5sGz9Zi5+0iZ9GxOsdxr/1yudnN1tW/zDiWLSP35I8/vzwyOUr5dJo82/bGF8cO/Li5uOPOLhJ/OY52/2riawf/74sp7TD8X/29adPLT0m/rNPP377t3v9D0TEOx3G/8+9j17ebNmd68ndxreArW7/JPJxu8P4z507+l3WdNYQAAAAAAAAAAB2ULp6LVuSFtbaaVooNO/h/W8cTMuVau345crczETzmrfDkU9bV1oNN/tJoz+WXY/b6p/c0D+VywLmDqz2C8VKeaLHYwcAAAAAAAAAAAAAAAAAAIC/i0Mb7v//Nbd6///Gn6sG9qrNf/Ib2OvUP/Svh+s/6VkewO7z+Q99q67+oX+pf+hf6h/6l/qH/tW2/g/sfh7A7vP5D/1L/QMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChMdXvLy8WG/2Jgfm5qcobJyZK1anC9FyxUKzMXi1MViqT5VKhWJn+s+dLKpWrozEzd22kVqrWRqrzC69NV+ZmWr8pWsp3fUQAAAAAAAAAAAAAAAAAAADwzzO0OiVpISLf7KdpoRDxr4g4nERy+Uq5NBoR/46Ib3P5wUZ/rNdJAwAAAAAAAAAAAAAAAAAAwB5TnV+YGi+XS7PdawxkoTp71A+1ruYzsJWVI2JpZ9NoPOOWH5XPXsDubqY+aeQ6fB/2faOHOyUAAAAAAAAAAAAAAAAAAOhTD2767fQRv3c3IQAAAAAAAAAAAAAAAAAAAOhL6U9JRDSmY8PPDG1cui9Zya3+j4g3b11679p4rTY71ph/d21+7f1s/sle5A90qlWnaUQ06hgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4oDq/MDVeLpdmt9kY7GCdXo8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYDv+CAAA//9bQM66")
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1, 0xa}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8090}, 0x4)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10)

2m21.184281996s ago: executing program 1 (id=1426):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x9)
socket$inet6(0xa, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x45, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010400000000000000000100000a74000000060a0b04000000000000000002000008400004803c000180080001006c6f670030000280060004400001000008000340fffffffa0a0002407d5def2e2100000008f503400000000806000140000100000900010073797a30000000000900020073797a32"], 0x9c}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8003}, 0x94)
r6 = socket$l2tp(0x2, 0x2, 0x73)
sendto$l2tp(r6, &(0x7f0000000200)="e5786a9a66b8a6d06837df6ac96f5fee0077a6f807c1ed94b6e48b80795500"/44, 0xfffffffffffffebf, 0x8000, &(0x7f0000000240)={0x2, 0x0, @broadcast}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x3c}}, 0x0)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/time_for_children\x00')
open_by_handle_at(r8, &(0x7f0000000040)=ANY=[@ANYBLOB="20000000f1000000", @ANYRES64=r7], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', r5, 0x0, 0x100000000}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
chmod(&(0x7f0000000740)='./cgroup.cpu/cgroup.procs\x00', 0x1ac)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0xffffffffffffffff], 0x1}, 0x58)

2m6.145348399s ago: executing program 32 (id=1426):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x9)
socket$inet6(0xa, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x45, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010400000000000000000100000a74000000060a0b04000000000000000002000008400004803c000180080001006c6f670030000280060004400001000008000340fffffffa0a0002407d5def2e2100000008f503400000000806000140000100000900010073797a30000000000900020073797a32"], 0x9c}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8003}, 0x94)
r6 = socket$l2tp(0x2, 0x2, 0x73)
sendto$l2tp(r6, &(0x7f0000000200)="e5786a9a66b8a6d06837df6ac96f5fee0077a6f807c1ed94b6e48b80795500"/44, 0xfffffffffffffebf, 0x8000, &(0x7f0000000240)={0x2, 0x0, @broadcast}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x3c}}, 0x0)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/time_for_children\x00')
open_by_handle_at(r8, &(0x7f0000000040)=ANY=[@ANYBLOB="20000000f1000000", @ANYRES64=r7], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', r5, 0x0, 0x100000000}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
chmod(&(0x7f0000000740)='./cgroup.cpu/cgroup.procs\x00', 0x1ac)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0xffffffffffffffff], 0x1}, 0x58)

2m5.421001555s ago: executing program 2 (id=1634):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0xd9}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000020000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff5}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

2m5.336543612s ago: executing program 2 (id=1635):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$PTP_SYS_OFFSET(r0, 0x43403d05, 0x0)

2m5.292217257s ago: executing program 2 (id=1637):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x2c)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x1b, &(0x7f0000001800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000008500000017000000180100002020690000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0x2}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x8)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r4}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
openat2(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', &(0x7f0000000280)={0x591002, 0x1, 0xc}, 0x18)

2m5.25948573s ago: executing program 2 (id=1638):
r0 = getpid()
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x14, &(0x7f0000000600)=ANY=[@ANYBLOB="180000040000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b708000000000000d48b71950cef9442d31c08747b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x42, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000000)=0x2)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x3fffffffc}, 0x0, 0x0, 0x0, 0x3, 0xfff, 0x8001, 0x7fff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
io_cancel(0x0, 0x0, 0x0)
ioctl$PPPIOCSPASS(r3, 0x40107447, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6, 0xfc}]})
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r4 = syz_pidfd_open(r0, 0x0)
setns(r4, 0x0)
syz_clone(0x7002b180, 0x0, 0x0, 0x0, 0x0, 0x0)

2m5.02922635s ago: executing program 2 (id=1641):
fsopen(0x0, 0x0)
fchdir(0xffffffffffffffff)
openat$dir(0xffffffffffffff9c, &(0x7f0000000980)='./file0\x00', 0x551301, 0x102)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r2}, 0x10)
capset(&(0x7f00000000c0)={0x19980330}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x2, 0x7})
setrlimit(0x40000000000008, &(0x7f0000000080)={0x0, 0x6})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f0000000200)=0x1, 0x4)
sendmmsg$inet(r3, &(0x7f0000002800)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4000804)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000100000004"], 0x48)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x200000a, 0x13, r4, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001500)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x50)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r5, &(0x7f0000001240)=[{&(0x7f0000000a40), 0x17b}, {&(0x7f0000001740)="9b5937bbf46a0a752f10243253d99fbb3227121bb4836b8073322d1ac20976026ad7649ec309fb239ebb9c2cd94e3c0a9d3ae6ba455d59f9121db45c1e3f9819cdbc953deaafd98b8131db4b498bc0addfc7e4ee821a6bcee9b07b6b4c5e8997f930a6f3fd18d2eb7de5346e9a72baa07d1096a2cf190170c4afda7fa59bd94e11bb77019f82de797869753f2b1bebfed1fdbd0f1edc487e9bf6bb46a696fd31f957a4b9069df7026a6d091626387f9b551cdb820d568a83df198b9c4ec31516929c32f9294778c656d42591359cf5057865524d34723463a5eeff4a8d73cf4855269f931281e4a72770858c1e321e454d4de06b2689ce63ab625583cec82ce42ccfd6ddc1e2c266d34016d508ef38bfc5f89cce170e9cb662c1884499a82524ac9cd366da3dbd9a03bef7381dae4008ec14a7181d8f6ba4497cedfe80907720ed4fe71ea378264b431e483bc1dd1b782d9dcd4bb3b26fe5341098692102ffff4f19699d25da82320bfa0debb44622328b452c505d20e8f46bc73f", 0x17b}, {&(0x7f0000000500)="2a6dfe6b588f0649b7c62468b77834dbabbd4b954da4", 0x16}, {&(0x7f0000001640)="acf5964b4d2aba2c68c363b6bc49a8c7becac3bbb7dfcc8b79d6d4f52be12eeb2b79d208ff301d18aa1e5b70729f3b4aa941103981c5f58d8d4971d20b6aa6c7bc3d371b296f014d7bec9aed7f966e46d306d93dabbef889580d6d6e78ba9c72b644dfe391899db31310e59eb3e734ccda545701b2fc7dbb748af3f4f2f22510c8965985c95e73ec6c46ac80a4a74288351133b2890706681f10d66dec0d89e27fdd35fe7ddfe33b4a8d99acecc1586f6d1d257e22e1bf7e390d6d4dbe967e616ccaba4ce0491838ad8469dbfe3c4280330a5c7fc0192c113affde67d5805e2181281f44c32efa30", 0xe8}, {&(0x7f0000000d00)="35b67d93a84d33eb70ff581e3a9d9d0da6dc5d9e513fd7f0d6a7e1a170a9fd02e1e8ab7be3d54f2942d30bb052ff1db99d44bbba505f4ec35bbda360e6b433a93f22eaa64d7024893d4a99395bd583c81e435a0b3c52004bf44246828d6b76a7bdae3a6cfbb9fb", 0x67}, {&(0x7f0000000d80)="3737510ba7998eb0a92eb479b9ac482e6adde06f82a7ed40961de2f2044db9ddc090c9ad2b99c28af1c0147e8302afcf6fdcf929bec6a1a7739a151623ff9e7b9f32748cb18596b18766bb9ec5d09bce07fd8016aeef37d95a4474f8c7a9299958fe", 0x62}, {0x0}, {&(0x7f0000000c00)="41c7c229ebe174b727f00ec3f1d02a27c4bab19ef5ff046bb5aaec1fa8b6d8b49c4ca80426f1d27aaa0a3a5f74b020a430b1cc1f485e8c9013fdfe42f6f11c3e2686e59c5a7738096c5826f4443b74e6640b8b42e5b049f8dd9b7ef8aca94c0a7f7553c48bca6b78498c8f52bea41749243422a96cabd158f601376639e11bd9acdcca6296ab8f4212d1c47c37329f2aa90197826b918c914e4d11f8a79eaaddf1", 0xa1}, {&(0x7f0000001040)="02e5570de9bd58f3ae924514eb95d3085d5b4ffc3ad1b8cdf7f7086f87dfad4ff604ecaacc625a44eea266710d093ac57e807436b57559bc78129208b4f028c7e81351dfef9e381d85c5d7f74e505af08f656fc416ece1fe515b610553eae1493e", 0x61}], 0x9)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESOCT, @ANYRES32, @ANYBLOB="0000000000000000b7080000008000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095", @ANYRESOCT=r4], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000200000000000000000000008500000041"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0x0, &(0x7f0000000500)="b973295358aef04543c1b88d672d", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
timerfd_create(0x1, 0x800)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xf, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000009000000000000000200000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7020000cba327d3b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='tlb_flush\x00', r8}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

2m4.959432227s ago: executing program 2 (id=1642):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r0}, &(0x7f0000000740), &(0x7f0000000780)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200fffe540004802800018007000100637400001c0002800800014000000002080002400000001405000300010000002800018007000100637400001c0002800800024000000011080004400000000c05000300010000000900010073797a30000000000900020073797a320000000014000000110001"], 0xa8}, 0x1, 0x0, 0x0, 0x840}, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0)

2m4.886111474s ago: executing program 33 (id=1642):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r0}, &(0x7f0000000740), &(0x7f0000000780)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200fffe540004802800018007000100637400001c0002800800014000000002080002400000001405000300010000002800018007000100637400001c0002800800024000000011080004400000000c05000300010000000900010073797a30000000000900020073797a320000000014000000110001"], 0xa8}, 0x1, 0x0, 0x0, 0x840}, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0)

3.355324994s ago: executing program 4 (id=3977):
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}, 0x0, 0x40000000})
syz_io_uring_setup(0x64d, &(0x7f0000000100)={0x0, 0x11f8, 0x8, 0x2, 0x801e7}, &(0x7f0000000300)=<r0=>0x0, &(0x7f0000000080))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x18)
readv(0xffffffffffffffff, &(0x7f00000014c0)=[{&(0x7f0000000000)=""/22, 0x16}], 0x1)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x31, 0x4, 0x0, 0x2}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

3.28819459s ago: executing program 4 (id=3978):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000800)=@urb_type_control={0x2, {}, 0x3, 0xe0, &(0x7f0000000240)={0x60, 0x0, 0xfffa, 0x4360, 0x300}, 0x8, 0x6, 0x8, 0x0, 0x1, 0x101, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x2716, 0x0, &(0x7f0000000000))
r3 = socket$netlink(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[], &(0x7f0000001640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x3, &(0x7f0000000000)=[{0x20, 0x0, 0xf5, 0xfffff010}, {0x20, 0x0, 0x0, 0xfbfff00c}, {0x6}]}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet(0xa, 0x1, 0x0)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r4, 0x1, 0x200000, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40840d4}, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000080)=ANY=[], 0xfe37, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x5, 0x5, &(0x7f0000000480)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7056}, 0x94)
listen(0xffffffffffffffff, 0x8)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r5, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)

1.673751797s ago: executing program 0 (id=4018):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r1}, 0x10)
pipe2$9p(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])

1.673302307s ago: executing program 5 (id=4019):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r3=>0x0)
io_submit(r3, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x7f000000, 0x1, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, r1}])
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0500000004000000ff0f000005", @ANYRESOCT=r1], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDSKBLED(r7, 0x4b65, 0x3)
r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r6}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES16=<r10=>r8, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r9, 0x0, 0x4}, 0x18)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r11, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a70000000090a010400000000000000000a0000040900020073797a310000000008000a40fffffffc0900010073797a3100000000080005400000000d2c00128014000180090001006c6173740000000004000280140001800c000100636f756e746572000400028008000340000001"], 0x98}, 0x1, 0x0, 0x0, 0x4044050}, 0x40)
close(r0)
r12 = syz_open_dev$loop(&(0x7f0000000140), 0x101, 0xc800)
ioctl$BLKPBSZGET(r12, 0x127b, &(0x7f00000001c0))
socket$inet6(0xa, 0x1, 0x0)
r13 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="160000000000000005000000ff"], 0x50)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x7000006, 0x1010, r0, 0x78df8000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="1800008500000000000000000000000218120000", @ANYRES32, @ANYBLOB="00000000000094f321a87ba4d7d80000b703000000000000850000000c000000b7951300000000009500"/54], &(0x7f0000000640)='syzkaller\x00', 0x7, 0xf9, &(0x7f0000000080)=""/249, 0x0, 0x4}, 0x94)
r14 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r13, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90)
r15 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYRES8=r10, @ANYRESHEX=r5, @ANYRESDEC=r5, @ANYRESHEX=r2, @ANYRES64=r1, @ANYRESHEX, @ANYRESDEC=r14, @ANYRES64=r13, @ANYRES32=r5], &(0x7f0000000240)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r15}, 0x10)
r16 = perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000, 0xffffffffffffffff}, 0x0, 0x3, 0x0, 0x0, 0xfff, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r16, 0x40082406, &(0x7f0000000180)='cpu~=0||!')

1.626931611s ago: executing program 0 (id=4020):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000280)={@remote}, 0x14)
close(r1)

1.615375163s ago: executing program 0 (id=4021):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000000012"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r0}, 0x5d)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x10, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)

1.602781384s ago: executing program 0 (id=4022):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x3, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e24, @broadcast}}, 0x7, 0x5, 0x3, 0x7fffffff, 0x12, 0x9, 0x1}, &(0x7f00000002c0)=0x9c)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440), 0x0, 0x0)
r1 = memfd_create(&(0x7f0000000ec0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\x8f\xf8\xd2\x1c\xc0\xfb\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6\x03\x00\x00\x00A\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcas\xf4D\xd4\xd0s\r3\xcb\x9a&\xdf+(\xc9S\x9eL5\x84\xb1\x90pN\xe7/\r\b\x9a\xf13Q\xf9\xdf\x7fX\xa0\xafK\xefh\xbfOv\x9bh\xb3\xc0\xf5\x80\xba\"@\'\x02\xafi\xeaE\xa6a6F\xde\xd4\xfa\x84\xe4+A\xb7\xa2\x8f\xc9\xee|xxn\xefw\x93]%\xd0\x19\x132\x86\xabn\xfe\x91\xb6Cl\xcf\x04\x1cq\xc1\x1d~\x8d\x01\x83\x93_\x83\x8a`v\xb0K,|S\xe4\xba\xb1\f\xc8`\xa6s\xad\x11\xd4wG\x80u\x87u\xff\x87\xee', 0x2)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r2, 0x114, 0xa, &(0x7f0000000140)=ANY=[], 0x4)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x940a, 0x1000007})
fcntl$addseals(r1, 0x409, 0xb)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000340)=0x41ee, 0x4)
getsockopt$inet_sctp_SCTP_HMAC_IDENT(r3, 0x84, 0x16, &(0x7f0000000140)={0x3, [0x9, 0x1, 0x2]}, &(0x7f00000001c0)=0xa)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xb, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x58, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r6}, 0x10)
sendmmsg$inet(r4, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800)
recvfrom(r4, 0x0, 0x2a00, 0x2101, 0x0, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="8b04e54639a28a760400001500005c21f1f27387a1"], 0x20}}, 0x0)
sendto(r3, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd30, 0x720, 0x0, 0xfffffffffffffd25)

1.556752368s ago: executing program 5 (id=4023):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
arch_prctl$ARCH_GET_CPUID(0x1011)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r2}, 0x38)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r3, 0x0, 0x115}, 0x18)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0xc9028ba210c11f8b)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000000)={'\x00', 0xc, 0x2, 0x803fd, 0x1, 0x800})
sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x48801}, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r6, <r7=>0xffffffffffffffff}, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r8}, 0x10)
execve(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085006d28b5a4bba683bb0000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f00000010c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa3)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0662ed1877dc11ca000000040800f94c0d8cbb455fcf6d4e6c208dc9b37f97378835512d6f305f0ef3ab6a3717dac6749959d007d3d96abd05443f43e499176266b8631e8003949fd65ad0747f7436aabf8843351ded441bd8d5d718e5a47b74e14d89a2f35905abd233d1b0806471771c05"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6, 0x0, 0x0, 0x0, 0x200}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x27, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r10}, 0x10)
mkdir(&(0x7f0000000580)='./file0\x00', 0x92)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0)

1.52712732s ago: executing program 5 (id=4024):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
fchdir(r2)
open(&(0x7f0000000480)='.\x00', 0x48800, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0xf)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8205, &(0x7f0000001340)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x15}}, {@stripe}, {@grpid}, {@errors_remount}, {@data_err_ignore}, {@noblock_validity}, {@minixdf}, {@min_batch_time={'min_batch_time', 0x3d, 0x13}}]}, 0x1, 0x60a, &(0x7f0000001c40)="$eJzs3c9rHNcdAPDvzEqqZKuVXYqpTUsFPdhQrB+uqduebF/qg6GG+lBCDhaW5AivbGHJEDuGyJBDAgmEkGsIvuQfyD2YXHMLgSS3nANOCA45JMEbZnbHXla78lrR/pDn84FZvXkzu+999+lp3uzo7QRQWtPZQxpxOCIuJRFTTdsmo75xurHfw+/uXM6WJGq1/32bRNLIK/Z/1Pi5P3tIIsYj4tOzEb+vbC13/dbtqwvVWt2rEbMbq2uz67duH19ZXbiydGXp2vyJf548Nfev+ZPzuxJnEde58//901uvvfSP5c+qx5M4HRdHX1mMljh2y3RMx6NGiM35IxFxKku0eV/2miKEZMD1YGcqjd/H0Yg4FFNRydfqpmLlzYFWDuipWiWiBpRUov9DSRXjgOLcvhfnwcPswZn6CdDW+Efqn43EeH5utO9h0nRmVD/fPbAL5Wdl/HznyHvZEh0+hxjZhXI62bwbEX9sF3+S1+1A/ilOFn8aadPzsvRcRIw13ot0h+VPt6z3+/fvWeJvbocs3tONn1n+2R2WP+j4ASin+2caB/LNbO3J8S8bGRbjn2gz/plsc+zaiUEf/zqP/4rj/Xj+GXnaMg7LxjwX2r/kaGvGV2+ce6dT+c3jv2zJyi/Ggv3w4G7EkZb4X88Hc8nj9k/atH+2y6Uuy/jP59+c67Rt0PHX7kUcbXv+8+SKVpaa3VhdK/Jark/OLq9Ul+bqj23L+OiTFz/oVP6g48/aPzrEv137Z3lrXZbx4YV7q522TT41/vTrseRinhpr5Ly8sLFxYz5iLDnf2KUp/8T2dSn2KV4ji//YX9v3/23izxt6s8v41/5/9WE9tfUqadftv+WvSu5Rrcs6dJLFv7jD9n+7yzJ+eOHmn1uyJorEdvFPbH2ppNv3HAAAAAAAAMooza/BJunM43SazszU5/D+Ifal1evrG39bvn7z2mLEsfz/IUfT4kr3VH09ydbnG/8PW6yfaFn/e0QcjIh3KxP5+szl69XFQQcPAAAAAAAAAAAAAAAAAAAAQ2J/Y/5/cZ/q7yv1+f9d2TjU49oBPdfLG8wBw03/h/LK+/9O7+AK7GmO/1Be+j+Ul/4P5aX/Q3np/1Be+j+Ul/4P5aX/AwAAAMBz6eBf7n+ZRMTmvyfyJTPW2DY60JoBvfbsfXy6J/UA+q/S16cBw+TxpX/T/6F0uhr//9j4csDeVwcYgKRdZj44qG3f+e+3fSYAAAAAAAAAAAAA0ANHD5v/D2WVxseDrgIwIL9iIr/vAIA9zlf/Q3k5xweeNot/vNMG8/8BAAAAAAAAAAAAoG8m8yVJZxq3AJ2MNJ2ZifhtRByI0WR5pbo0FxG/i4gvKqO/ydbnB11pAAAAAAAAAAAAAAAAAAAAeM6s37p9daFaXbrRnPhpS87znSjugjos9WlORNL/QiciYhhi701ipCknidjMWn4oKnZjPYaiGmlejQH/YQIAAAAAAAAAAAAAAAAAgBJqmnvc3pH3+1wjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOi/J/f/33kiecrrDDpGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBv+iUAAP//q+Q5KA==")

1.413741441s ago: executing program 5 (id=4025):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f00000002c0), &(0x7f0000000840)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000002840)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8c0}, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0xf)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
syz_usb_disconnect(0xffffffffffffffff)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', 0xffffffffffffffff, 0x0, 0xec4}, 0x18)
syz_mount_image$iso9660(&(0x7f0000000380), &(0x7f00000000c0)='./file0\x00', 0x204818, &(0x7f0000000ac0)=ANY=[@ANYBLOB='map=off,check=relaxed,map=off,norock,overriderockperm,unOide,map=off,check=strict,\x00'], 0xff, 0x572, &(0x7f00000003c0)="$eJzs3V1vE8cawPFnQ3LiY6To6JwjhKIQhtBWQQpmbYORxdV2PXYG7F1rd42SKxQRB0U4UBEqNbmh3NBWaj8EveyH6EW/D+pHaLW7dl6IX8gLSRr9fxbMeHd25xnH2ifreGcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI5VZsO29J3XitJTWYWwn8xu7T7tYHFsitfcWQfkWs+J9kMnI1XXT1/7urr8T/zclM+mxGMnGRke3LV/7z4H/jY73thwR8KL8edk//TjfY3Np+vtLptF+dVCDn0LXJwetq2jOhbxpOTSsT+qpcKtl3Fquhqpq6DpfDSDeUG2gn8gM1795S+XK5qHRu2W95tYpT172F928XbLukHuaa2glC37vzMDflLpp63Xi1pE28Om5zP34jPjKRirTTUGptvdMujhpA3Cj/KY0KoxoV7EIhny8U8qV75Xv3bXv8wAL7I3Kgxcm9afHPdIJHb+B4xrr5X+pixJOWLInq+3ClIoH40hiwvquX/7+8o4f2uzf/97L81d3V05Lk/1mRSRGZHZT/B8Ryeo9N2ZJteS4r0pGOtOXVmUd0uo+aaPHESCi+GGmIkyxR3SVKylKSktjyRBalKqEoqYqRumgJZVlCiUQn7yhXgssijkTiSyBK5sWVW6IkL2UpS1GUaMnJsvjSEk9qUhEn2cuarCeve1GUNSjGnUb5gcPI9t53bSkMGS35H8d30odw4Mj+6uV/AAAAAABwYVnJp+/x+f+EXEtqVVPX9lmHBQAAAAAATlDyl/+ZuJiIa9fE4vwfAAAAAICLxpLZ7qcAWbme1tbESi6X4kMAAAAAAAAuiOTv/7NxkcyBcl2snelSOP8HAAAAAOCC+HHkHPthc9L6/U8JggnrbXPpC2sjmZvX2biUbnfp4z1G1WlrqruTpCj9IXExPu7qGSuTNtqZBPNDt1gbFYe1G4CzE8D3nxbAePeZ/Cw30jY3VtNytbcm7SVbNXWdc/36g7w4ztRYpJeib1+sfyfJ8H/yGlNWRtY77dzTl53VJJa38V7ebnQnUDwwj+KQWF4n8y0k11z0HfFEciFGt9+sJWvrnba9d/xj6eZj+3t8MzWkz3cyl7aa6854m90//kzcZz43aPTdKPLHHPk7uZm2uTl/My36RFEYFUVhbxT9X4vjR1EcFUXxmFEAwFlZG5GFLDmQd49wlDtadpdDZvd3Mp+2mZ9ODqzj032O6PaoI7p9zOz224F7IA3KsXG/v3yUVd/HG7wf2G9YL1jxS3jp9cY3cmVza/v2+sbKs/az9otCoViy79r2vYJMJMPoFuQeAEAfyT12JL3HjtUvM2d2mg66C491d8RZ9X93vlKQk6fyUjqyKgvJ1QbJNw767jW752sICyPOWrNJmkzv8LIw5KzuX8lVDr39Foa23R9D8XP/GAAAOFVzI/Kwte83hL4trIUR5937c/nws+Psnru1AQCAz0MHH6xs9IMVBKb5JF8u551oUavAdx+pwFRqWhkv0oG76Hg1rZqBH/muX48rj01FhypsNZt+EKmqH6imH5qlZPpA1b31e6gbjhcZN2zWtRNq5fpe5LiRqpjQVc3W13UTLuog2ThsatdUjetExvdU6LcCV+eUCrXe09BUtBeZqomrnmoGpuEEGfXYr7caWlV06AamGfnpDnt9Ga/qB41kt7mzfrEBADgnNre2n690Ou1Xh6hMxmfth9iqb8eZUx8qAADoGpGlAQAAAAAAAAAAAAAAAAAAAADAOXCU6/9OufKViBxl894Et+djFBe50psK+lMa934qZx0zlRGVkYeON5/toATgVPwdAAD//6r8RMI=")
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x404c885)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=@newtaction={0x64, 0x30, 0x9e54f29ff072a93b, 0x0, 0x25dfdbfc, {}, [{0x50, 0x1, [@m_csum={0x32, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x4}, 0x2d}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000940)='svcsock_marker\x00'}, 0x18)
epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.185856232s ago: executing program 6 (id=4030):
recvmmsg(0xffffffffffffffff, &(0x7f0000006940)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)=""/6, 0x6}], 0x1}, 0x85}], 0x1, 0x40, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b703000000030000850000001b000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002200000018010000202070250000"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x10, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x200, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x10000, 0xfb, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdir(&(0x7f0000000ac0)='./file0\x00', 0x18b)
mount$bpf(0x20000000f0ff, &(0x7f0000000440)='./file0/../file0\x00', &(0x7f0000000000), 0x40, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$sock(r0, &(0x7f00000044c0), 0x4000000000001c0, 0x0)
recvfrom(r1, &(0x7f0000000040)=""/60, 0xdb, 0x40, 0x0, 0x0)

1.146321376s ago: executing program 6 (id=4031):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r1}, 0x10)
pipe2$9p(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])

849.570023ms ago: executing program 6 (id=4035):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x400e, &(0x7f0000000180)={[{@i_version}, {@mb_optimize_scan}, {@noauto_da_alloc}, {@nolazytime}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@jqfmt_vfsold}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") (async)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
write(r1, &(0x7f0000000540)="953820a61a166fd5dd4b4b", 0xfdef) (async)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x2, 0x3, &(0x7f0000000740)=@framed, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="9feb01001800000000000000400000004000000002000000000000000000000904000000000000000000000105000000080000000000000000000003"], 0x0, 0x5a}, 0x28) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6c000000020605000000000000000000000000070e0003006269746d61703a697000000005000400010000000900020073797a3000000000240007800c00028008000140000000020c0001800800014000009895080008400000005c05000500020000000500010006"], 0x6c}}, 0x8000) (async)
pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0xfecc)

849.262843ms ago: executing program 3 (id=4036):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="71da0300231a05002400128009000100626f6e640000000014000280050001000400000005001500fd"], 0x44}, 0x1, 0x0, 0x0, 0x28004801}, 0x20040040)

784.158829ms ago: executing program 6 (id=4037):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x12, 0xa, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x4000}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000780), &(0x7f0000000740)=r0}, 0x22)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000440)={r2, &(0x7f0000000180), 0x0}, 0x20)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendto$inet6(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRES8], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r6, <r7=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r7, @ANYBLOB="0000000020000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x28, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='signal_generate\x00', r5}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000002c0)=<r8=>0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x120c042, &(0x7f0000000340)={[], [{@euid_gt={'euid>', r8}}]}, 0x1, 0x5e7, &(0x7f0000001400)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pt22s4Uubacyn0+ydOa9nb7vsP3uvH373m4AlTWY/lOL2BsR00lEfzK/WNcZWeXgwv3u/f3J6fSWRL3+xp9JJFlZfv8k+9mXHdwTET//lMSejtXtzsxdOT8+NTV5Odsfnr0wPTwzd+XguQvjZyfPTl4cfWn02NEjR4+N7G/rvK4WlJ28/v6H/Z+Nvf3dN/8kI9//NpbE8Xg1u2PzeWyUwRhs/J8kq6v6jm10YyXpyP5Omh/ipLPEgFiX/PHrioinoj86YunB649PXys1OGBT1ZOIOlBRifyHisr7Aflr+5Wvg2ul9EqArXD3xMIAwOr871wYG4yextjAzntJNA/rJBFxaAPa3xURt2+NXT9za+x6bNI4HFBs/lpEPF2U/0kj/weiJwYa+V9blv9pv+BU9jMtf73N9lcOFct/2DoL+d+zZv5Hi/x/pyn/322z/cGlzfd6l+V/b7unBAAAAAAAAJV180REvFj0/n9tcf5PFMz/6YuI4xvQ/uCK/dXv/9fubEAzQIG7JyJeaZ7/G7XF/M9m/w50ZFuPNeYDdCVnzk1NHoqIxyPiQHTtSPdH1mjj4Od7vm5VN5jN/8tvaQy3s7mAWRx3OncsP2ZifHb8Yc8biLh7LeKZwvm/yeL1Pym4/qfPB9Nr/N7m9eB7nr9xqtX97p//wGapfxuxv3D9z9KnViRrfj7HoeFGf2A47xWs9uzHX/zQqv12899HTMDDS6//O9fO/4Gk+fN6ZtbfxuG5znqrunb7/93Jm40uRndW9tH47OzlkYju5GRHWrqsfHT9McMjp2spH/J8SfP/wHNrj/8V9f97I2J+xa9P/lq+pjj35L99v7cKSf8fypPm/8S6rv/r3xi9MfBjq/Yf7Pp/pHGtP5CVGP+DBV/ladq9vLwgHTuLqrY6XgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHF7VptaCiiLyKeiJ21qUszsy+cufTBxYm0rvH9/7X8m377F/aT/Pv/B5r2R1fsH46I3RHxZUdvY3/o9KWpibJPHgAAAAAAAAAAAAAAAAAAALaJvhbr/1N/dJQdHbDpOssOAChNQf7/UkYcwNZz/Yfqkv9QXfIfqkv+Q3XJf6gu+Q/VJf+hutrJf3MDAQAAAABg29q97+avSUTMv9zbuKW6s7quUiMDNlut7ACA0ngbH6rL1D+oLq/xgeQ+9T0tD7rfkWuZPv0QBwMAAAAAAAAAAABA5ezfa/0/VJX1/1Bd1v9DdeXr//eVHAew9bzGB6JgJX/zc0Ph+v/CowAAAAAAAAAAAACAzTIzd+X8+NTU5GUbb22PMLZyo16vX03/CrZLPP/zjXwq/HaJZ8VGvtbvwY4q7zkJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY7r8AAAD//7wNI2E=")
set_mempolicy(0x3, &(0x7f0000000080)=0x1ff, 0x5)
r9 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
writev(r9, &(0x7f00000025c0)=[{&(0x7f0000000240)}], 0x1)
lchown(&(0x7f0000000240)='./file0\x00', 0x0, 0xee01)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0)

783.810989ms ago: executing program 3 (id=4038):
creat(0x0, 0x12e)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, 0x0, 0x0)
connect$inet(r0, 0x0, 0x0)
setsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
recvmmsg(r0, 0x0, 0x0, 0x45833af92e4b38ff, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e21}, 0xa3)
listen(0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000440)) (fail_nth: 3)

781.832569ms ago: executing program 3 (id=4039):
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x89f0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000002001000001"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000010000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f3ca1664fe2f3ced8416dc180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8070000001fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491d04aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de453f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5b5a182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291a76456ed7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124ee3df3a35e8014d6cb5fd6c054a10bb2146174c1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba5187fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4db5a5df9d62ea6d805dfce568b885a50ed8e2eaf8a932287a1d3bfac17774e58875a63b77e07298e4b4f515189c6fcac3cd35dac9240e633219bb6a5a25865e6ed8e16caa5406b56702afe0befcabbc9a2a772a1a087f0d633d457bceb695b2cba3a1a2daa2dda796373cc0fe0a53236d028fc1076bb746b2717c8b6052f58c91bb8cc19474ab9d4d2160773829f078727f6c684ca749136a7f46ca28b00bb4237695b409859a3cb7dbf298c7802264387811e20a0d78489eab0b0e"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x2e0, 0xfe, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e0cf086dd0de0ffff00184000630677fbac141414e000000162079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x3f, 0x0, &(0x7f0000000040)="ded6e0966ec1cf6ba4b897a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380), 0x0, 0x3}, 0x50)

754.741261ms ago: executing program 3 (id=4040):
bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0)
sendmsg$IPSET_CMD_TEST(r0, 0x0, 0x4800)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000007c0)=ANY=[@ANYBLOB="1c0000000306010200000000000000000700000a0500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40814)

706.159975ms ago: executing program 0 (id=4041):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x9, 0x4, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0], &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x21c91c, &(0x7f0000000440)={[{@nomblk_io_submit}, {@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@jqfmt_vfsold}, {@noinit_itable}, {@quota}, {@noauto_da_alloc}, {@sysvgroups}, {@resgid, 0x32}]}, 0x1, 0x4e0, &(0x7f0000001a40)="$eJzs3d9rW9cdAPDvla0sP5zZYXvIAsvCkmGHLZIdL4nZQ7bB2J4C27L3zLNlYyxbxpKT2ITNYX/AYIy10Kc+9aXQP6BQ8ieUQqB9L21pKW3SPhTaRkVXUuI4UuwQWUqtzweOdO7Rvfqeo4uO7rn3cBVA3zoVEacj4kG1Wj0bEcON8kwjxWY91da7f+/WTC0lUa1e/SyJSOpltdXGtrznkcZmByPir3+K+EfyZNzy+sbidLFYWG0s5ytLK/ny+sa5haXp+cJ8YXlycuLi1KWpC1PjHWnnUERc/sNH///Pa3+8/Navbrx/7ZOxfyaN8ohH7ei0etOz6WfRNBgRq3sRrEcG0xYCAPB90DzO/3lEnI3hGEiP5gAAAID9pPrbofgmiagCAAAA+1YmnQObZHKNeQBDkcnkcvU5vD+Ow5liqVz55VxpbXm2Pld2JLKZuYViYbwxV3gksklteSLNP1o+v215MiKORcT/hg+ly7mZUnG21yc/AAAAoE8c2Tb+/3K4Pv7f4uueVQ4AAADonJFeVwAAAADYc8b/AAAAsP8Z/wMAAMC+9ucrV2qp2vz/69nr62uLpevnZgvlxdzS2kxuprS6kpsvlebTe/Yt7fR+xVJp5dexvHYzXymUK/ny+sa1pdLacuXawmN/gQ0AAAB00bGf3XkviYjN3xxKU82BXlcK6IrBZ1n5w72rB9B9A72uANAzz/T7D+wr2V5XAOi5ZIfX207eebvzdQEAAPbG6E9aX/8f2PHcwGamS1UE9ojzf9C/XP+H/uX6P/SvbAyEgTz0t51uAfr81/+r1WeqEAAA0HFDaUoyuYj0PMBQZDK5XMTRdEyQTeYWioXxiPhhRLw7nP1BbXki3TLZcc4wAAAAAAAAAAAAAAAAAAAAAAAAAFBXrSZRBQAAAPa1iMzHSXo3/4jR4TND288PHEi+Gk6fI+LGK1dfujldqaxO1Mo/f1heeblRfr4XZzAAAACA7Zrj9OY4HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA66f69WzPN1M24n/4+IkZaxR+Mg+nzwchGxOEvkhjcsl0SEQMdiL95OyKOt4qf1KoVI41atIp/qMfxj3QgPvSzO7X+53etvn+ZOJU+t/7+XUx7qOfXvv/LPOz/BlrEr5Ud3WWME3ffyLeNfzvixGDr/qcZP2nT/5zeZfy//21jo91r1VcjRlv+/iSPxcpXllby5fWNcwtL0/OF+cLy5OTExalLUxemxvNzC8VC47FljP/+9M0HT2v/4TbxR3Zo/5ldtv/buzfv/aiezT7cPHkUf+x06/1/vE38TGP//6KRr70+2sxv1vNbnXz9nZNPa/9sm/bvtP/Hdtn+s3/59we7XBUA6ILy+sbidLFYWO3rzHN9GrXDoheiFS9mpva5vgDVaJn51x68c+3IvNft6kSmp90SAACwB54cAwMAAAAAAAAAAAAAAAAAAADd1o3biWW3xdxMHztx93wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM75LgAA///6fNJN")
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r4, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}})
getpeername$packet(r3, &(0x7f0000000400), &(0x7f0000000500)=0x14)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000580)={'team0\x00', <r5=>0x0})
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1, 0xa}}]}}, @TCA_RATE={0x6}]}, 0x4c}}, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', <r9=>0x0})
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000024c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="50000000100001042abd70000000000000000000", @ANYRES32=r9, @ANYBLOB="824900000000000028003780090001007665746800000000100002"], 0x50}, 0x1, 0x0, 0x0, 0xc10}, 0x8000)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000005c0)={'syztnl1\x00', &(0x7f0000000780)={'tunl0\x00', <r11=>0x0, 0x7800, 0x10, 0x8, 0x7ff, {{0x9, 0x4, 0x2, 0x4, 0x24, 0x68, 0x0, 0x1, 0x29, 0x0, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0xc, 0x48, 0x1, 0x1, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4d}]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000800)={'team0\x00', <r12=>0x0})
r13 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f00000000c0)={'dummy0\x00', <r14=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=<r15=>r14, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0xb4}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000840))
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000880)={'team0\x00', <r16=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f00000008c0))
sendmsg$TEAM_CMD_NOOP(r4, &(0x7f0000000e80)={&(0x7f0000000340), 0xc, &(0x7f0000000e40)={&(0x7f0000000f80)=ANY=[@ANYRES8=r3, @ANYRES16=0x0, @ANYBLOB="040026bd7000fddbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="fc0002807c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b0000004c0004000001800103000000050002087800000009000900010000000300051b0300000001007f0005000800f7ffbacf0900000006000509030000000000803c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600"/184, @ANYRES32=r16, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b00000008000400ff030000080007000000000008000100", @ANYRES32=0x0, @ANYRESOCT=r16, @ANYRES32=r11, @ANYBLOB="44000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000110004006163746976656261636b75700000000008000100", @ANYRES32=r5, @ANYBLOB="0400028008000100", @ANYRES32=r12, @ANYBLOB="b800028040000100240001006c625f74785f686173685f746f5f706f", @ANYRES32=r14, @ANYRESDEC=r15, @ANYRES32=r16, @ANYBLOB="780002803c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005", @ANYRES32=r7, @ANYBLOB="38000100240001006c625f73746174735f726566726573685f696e74657276616c0000000000000005000300030000000800040000000000"], 0x42c}, 0x1, 0x0, 0x0, 0x1}, 0x24000000)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f00000000c0)='./file0\x00', 0x200026, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))

585.437536ms ago: executing program 3 (id=4042):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$smc(&(0x7f00000033c0), 0xffffffffffffffff)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES8=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='kfree\x00', r3}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000018c0)={'ip6tnl0\x00', &(0x7f0000001840)={'syztnl2\x00', <r4=>0x0, 0x2f, 0xae, 0x4, 0x101, 0x3a, @dev={0xfe, 0x80, '\x00', 0x34}, @mcast2, 0x8000, 0x1, 0x8, 0x2}})
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000001900)={@loopback, @dev, <r5=>0x0}, &(0x7f0000001940)=0xc)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001980)={r2, 0x58, &(0x7f0000001a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r10=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2c, r9, 0x1, 0x70bd27, 0x4, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r10}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000001a80)={'wg0\x00', <r11=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000001b40)={'syztnl0\x00', &(0x7f0000001ac0)={'syztnl1\x00', <r12=>0x0, 0x4, 0x5, 0xfd, 0x5, 0x43, @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7, 0x10, 0x0, 0x8001}})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001c00)={r2, 0x58, &(0x7f0000001b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r13=>0x0}}, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000001e80)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001e40)={&(0x7f0000001c40)={0x1c0, 0x0, 0x2, 0x70bd27, 0x25dfdbff, {}, [@HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @HEADER={0x9c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}]}]}, 0x1c0}, 0x1, 0x0, 0x0, 0x4008000}, 0x20000004)
sendmsg$SMC_PNETID_ADD(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x34, r1, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'ip6gretap0\x00'}]}, 0x34}}, 0x800)
sendmsg$SMC_PNETID_FLUSH(r0, &(0x7f0000000000)={0x0, 0x19, &(0x7f0000000080)={&(0x7f00000019c0)={0x14, r1, 0x1, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x200048c0}, 0x800)
r14 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r14, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xc}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x40f00}, 0x94)
r15 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
preadv(r15, &(0x7f00000000c0)=[{&(0x7f0000000740)=""/4100, 0x1004}], 0x1, 0x144, 0x2)

500.518284ms ago: executing program 6 (id=4043):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f00003f0000/0x2000)=nil, 0x2000, 0x4, 0x11012, r0, 0x308000)
r1 = syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r3 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x1, 0x4, 0x80, 0x0, 0x0, 0xfffffffffffffffd, 0x802, 0x7, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x17, 0x4, @perf_bp={&(0x7f0000000040), 0xf}, 0x200, 0x0, 0x6, 0x9, 0x6ce80b8, 0x8, 0x81, 0x0, 0x6, 0x0, 0x80000001}, r1, 0x4, 0xffffffffffffffff, 0x3)
ioctl$AUTOFS_IOC_EXPIRE(r3, 0x810c9365, &(0x7f0000000580)={{0xe, 0x401}, 0x100, './file0\x00'})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b70400000000000085000000"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)

499.878514ms ago: executing program 5 (id=4044):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000000012"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r0}, 0x5d)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x10, &(0x7f0000000100)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)

458.735848ms ago: executing program 5 (id=4045):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x1}, 0x106200, 0x10004, 0x20da, 0x5, 0xa, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffe}, 0x18)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x1c, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REJECT_TYPE={0x8}]}}}]}]}], {0x14}}, 0xd0}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000480)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000006a0004002abd7000ffdbdf2500000000000000000400090008000a00020000000400090008000a000100000008000a00000000a4"], 0x38}, 0x1, 0x0, 0x0, 0x801}, 0x4000880)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x40)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r3, 0xc0bc5351, &(0x7f00000003c0)={0x2, 0x2, 'client0\x00', 0x40000002, "faf15f45cdac01e1", "a312884ca675c4640bf094de4772885973b698a3b8d6e52cbfe89a65eccd6e5c", 0x1, 0x9})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0)

450.051749ms ago: executing program 3 (id=4046):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req3={0x410000, 0x100000001, 0x210000, 0x1, 0xa, 0x0, 0xffffffff}, 0x1c)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000003b40)=@ipv4_getnexthop={0x20, 0x6a, 0xf5c1404b35d587dd, 0x0, 0x0, {0x2, 0x2}, [@NHA_MASTER={0x8, 0xa, 0xffffffff}]}, 0x20}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f00000500070084000000060005"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[@ANYBLOB="5c000000090601080000000000000000070000000900020073797a31000000000500010007000000340007801800018014000240fe8000000000000000000000000000bb060004400e1f00cd0500070088000000060005"], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)

384.198855ms ago: executing program 6 (id=4047):
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8458, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x9, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="5400000002060102000000000000000000007a30000000000500010007000000050005000a0000000c000780080012400000ffff0d000300686173683a6e657400000000"], 0x54}, 0x1, 0x0, 0x0, 0x84}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000180))
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(r1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv4_newrule={0x24, 0x20, 0x301, 0xfffffffc, 0x0, {0x2, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, [@FRA_GENERIC_POLICY=@FRA_PRIORITY={0x8, 0x6, 0x8001}]}, 0x24}}, 0x42094)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_local\x00', r3, 0x0, 0x80000001}, 0x18)
socket$kcm(0x21, 0x2, 0x2)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r4, 0xfffffffe)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
accept(r4, 0x0, 0x0)

382.874825ms ago: executing program 0 (id=4048):
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8458, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x9, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="5400000002060102000000000000000000007a30000000000500010007000000050005000a0000000c000780080012400000ffff0d000300686173683a6e657400000000"], 0x54}, 0x1, 0x0, 0x0, 0x84}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000180))
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(r1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv4_newrule={0x24, 0x20, 0x301, 0xfffffffc, 0x0, {0x2, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, [@FRA_GENERIC_POLICY=@FRA_PRIORITY={0x8, 0x6, 0x8001}]}, 0x24}}, 0x42094)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_local\x00', r3, 0x0, 0x80000001}, 0x18)
socket$kcm(0x21, 0x2, 0x2)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r4, 0xfffffffe)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
accept(r4, 0x0, 0x0)

197.833082ms ago: executing program 4 (id=4049):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)={0x94, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e24}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x8}, @WGDEVICE_A_PEERS={0x4c, 0x8, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e24, 0x4, @mcast2, 0x644bb87c}}]}]}]}, 0x94}}, 0x20000010)

56.954215ms ago: executing program 4 (id=4050):
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x89f0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000002001000001"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000010000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f3ca1664fe2f3ced8416dc180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8070000001fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491d04aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de453f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5b5a182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291a76456ed7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124ee3df3a35e8014d6cb5fd6c054a10bb2146174c1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba5187fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4db5a5df9d62ea6d805dfce568b885a50ed8e2eaf8a932287a1d3bfac17774e58875a63b77e07298e4b4f515189c6fcac3cd35dac9240e633219bb6a5a25865e6ed8e16caa5406b56702afe0befcabbc9a2a772a1a087f0d633d457bceb695b2cba3a1a2daa2dda796373cc0fe0a53236d028fc1076bb746b2717c8b6052f58c91bb8cc19474ab9d4d2160773829f078727f6c684ca749136a7f46ca28b00bb4237695b409859a3cb7dbf298c7802264387811e20a0d78489eab0b0e"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x2e0, 0xfe, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e0cf086dd0de0ffff00184000630677fbac141414e000000162079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x3f, 0x29, &(0x7f0000000040)="ded6e0966ec1cf6ba4b897a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380)="af5fa441b438b5156d8a9fcc090f586e979858f64170cde36889dcc8539ffcca62621a4c3ea3f7acee", 0x0, 0x3}, 0x50)

342.42µs ago: executing program 4 (id=4051):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3}}, 0x10)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0)
read(r1, &(0x7f00000003c0)=""/178, 0xb2)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
bind$tipc(r0, 0x0, 0x0)

0s ago: executing program 4 (id=4052):
ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x98)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYRESDEC=r1, @ANYRESOCT=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=<r3=>0xffffffffffffffff], 0x50)
write(r1, &(0x7f0000000a00)="c7885a8f24f458bed7211672288cfc5eb321cf4074dc13", 0x17)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x12, 0xb, &(0x7f0000000300)=ANY=[@ANYRES16=r2, @ANYRES64=0x0, @ANYRES16=0x0, @ANYRES16=r0, @ANYRES16=r0, @ANYRESOCT, @ANYRESHEX, @ANYRESOCT=r3], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x7, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x68040200)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, 0x0, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000640)=0x1802, 0x4)
r5 = socket$kcm(0x10, 0x2, 0x0)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, &(0x7f0000000200))
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0xfd, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x4008084)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000440), &(0x7f0000000080)=0x4)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="5c00000002060108000000000000000000000000050005000a000000050001000700000005000400000000000900020073797a310000000015000300686173683a69702c706f72742c6e6574"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040883}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r7, 0x107, 0x14, &(0x7f0000000380)=0x9, 0x4)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
sendto$packet(r7, &(0x7f00000003c0)="10", 0x1, 0x20040010, &(0x7f00000001c0)={0x11, 0xf7, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14)

kernel console output (not intermixed with test programs):

rmissive=1
[  225.087715][T17150] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  225.095755][T17150] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  225.176510][T17158] loop0: detected capacity change from 0 to 512
[  225.184878][T17158] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  225.204531][T17158] EXT4-fs (loop0): 1 truncate cleaned up
[  225.224532][T17158] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.316937][T17158] EXT4-fs error (device loop0): ext4_append:79: inode #2: comm syz.0.3347: Logical block already allocated
[  225.405743][T17158] EXT4-fs (loop0): Remounting filesystem read-only
[  225.457270][T15827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.478025][T17170] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.558867][T17189] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  225.567562][T17170] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.578137][T17189] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  225.658814][T17170] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.720192][T17170] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.863663][   T42] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  225.871961][   T42] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  225.884117][   T42] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  225.896613][   T42] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  225.942960][T17204] syzkaller1: entered promiscuous mode
[  225.948613][T17204] syzkaller1: entered allmulticast mode
[  226.026669][T17206] validate_nla: 2 callbacks suppressed
[  226.026691][T17206] netlink: 'syz.4.3361': attribute type 10 has an invalid length.
[  226.075488][T17206] bond0: (slave dummy0): Releasing backup interface
[  226.093866][T17212] loop6: detected capacity change from 0 to 512
[  226.102133][T17213] netlink: 'syz.4.3361': attribute type 10 has an invalid length.
[  226.112365][T17212] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -2
[  226.120726][T17206] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  226.130156][T17212] EXT4-fs (loop6): 1 truncate cleaned up
[  226.142454][T17206] team0: Failed to send options change via netlink (err -105)
[  226.150200][T17206] team0: Port device dummy0 added
[  226.155851][T17212] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  226.174694][T17205] lo speed is unknown, defaulting to 1000
[  226.182949][T17212] EXT4-fs error (device loop6): ext4_append:79: inode #2: comm syz.6.3366: Logical block already allocated
[  226.189188][T17215] tipc: Started in network mode
[  226.199368][T17215] tipc: Node identity aaaaaaaaaa38, cluster identity 4711
[  226.206585][T17215] tipc: Enabled bearer <eth:veth0_macvtap>, priority 0
[  226.213770][T17212] EXT4-fs (loop6): Remounting filesystem read-only
[  226.215591][T17206] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3361'.
[  226.236880][T17213] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  226.330234][T17213] team0: Failed to send options change via netlink (err -105)
[  226.344024][T17213] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  226.363029][T17213] team0: Port device dummy0 removed
[  226.377725][T17213] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  226.402189][T17225] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  226.419172][T17227] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  226.480299][T17230] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3370'.
[  226.812667][T17212] Set syz1 is full, maxelem 65536 reached
[  226.887957][ T8765] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.074768][T17254] loop6: detected capacity change from 0 to 8192
[  227.261130][T17264] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.271248][   T29] audit: type=1400 audit(227.237:9799): avc:  denied  { accept } for  pid=17253 comm="Ptp" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  227.289744][   T29] audit: type=1400 audit(227.237:9800): avc:  denied  { mounton } for  pid=17253 comm="Ptp" path="/327/file2/bus" dev="loop6" ino=32 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1
[  227.329484][ T3422] tipc: Node number set to 9611946
[  227.355895][T17264] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.489739][T17264] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.508077][T17284] netlink: 'syz.3.3392': attribute type 1 has an invalid length.
[  227.526824][T17284] 8021q: adding VLAN 0 to HW filter on device bond1
[  227.550015][T17284] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3392'.
[  227.584420][T17264] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.613042][   T29] audit: type=1400 audit(227.587:9801): avc:  denied  { getopt } for  pid=17281 comm="syz.3.3392" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  227.646086][T17289] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17289 comm=syz.0.3393
[  227.660058][T17284] bond1 (unregistering): Released all slaves
[  227.682588][   T42] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  227.696408][   T42] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  227.705859][T17278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  227.711337][   T42] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  227.722845][   T42] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  227.731548][T17278] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  227.771277][T17278] bridge0: entered promiscuous mode
[  227.779516][T17278] bridge0: port 3(macvtap1) entered blocking state
[  227.786412][T17278] bridge0: port 3(macvtap1) entered disabled state
[  227.795932][T17278] macvtap1: entered allmulticast mode
[  227.801393][T17278] bridge0: entered allmulticast mode
[  227.808020][T17278] macvtap1: left allmulticast mode
[  227.813225][T17278] bridge0: left allmulticast mode
[  227.821841][T17278] bridge0: left promiscuous mode
[  227.864593][T17303] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  227.872336][T17303] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  228.034981][T17297] loop4: detected capacity change from 0 to 164
[  228.041765][T17297] iso9660: Unknown parameter 'unOide'
[  228.048569][T17297] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3398'.
[  228.057496][T17297] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3398'.
[  228.300172][T17324] netlink: 'syz.3.3406': attribute type 1 has an invalid length.
[  228.324252][T17324] 8021q: adding VLAN 0 to HW filter on device bond1
[  228.351946][T17324] 8021q: adding VLAN 0 to HW filter on device bond1
[  228.364249][T17324] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  228.382652][T17324] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  228.420085][T17327] gretap1: entered promiscuous mode
[  228.426706][   T29] audit: type=1400 audit(228.407:9802): avc:  denied  { setopt } for  pid=17323 comm="syz.3.3406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  228.450393][T17329] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.472066][T17322] lo speed is unknown, defaulting to 1000
[  228.495845][T17329] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.536143][T17329] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.566090][T17329] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.601948][T17320] netlink: 'syz.0.3405': attribute type 10 has an invalid length.
[  228.648724][T17320] bond0: (slave dummy0): Releasing backup interface
[  228.677085][T17320] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  228.703951][T17320] team0: Failed to send options change via netlink (err -105)
[  228.711520][T17320] team0: Port device dummy0 added
[  228.805781][T17320] netlink: 'syz.0.3405': attribute type 10 has an invalid length.
[  228.855621][   T29] audit: type=1400 audit(228.837:9803): avc:  denied  { ioctl } for  pid=17341 comm="syz.5.3412" path="socket:[48209]" dev="sockfs" ino=48209 ioctlcmd=0x662a scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  228.857803][T17320] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  228.894648][T17322] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3405'.
[  228.909755][T17320] team0: Failed to send options change via netlink (err -105)
[  228.929115][T17320] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  228.938240][T17320] team0: Port device dummy0 removed
[  228.945766][T17320] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  229.269928][T17356] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3418'.
[  229.300051][T17354] IPv6: sit1: Disabled Multicast RS
[  229.363785][T17364] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3422'.
[  229.596407][T17385] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3430'.
[  229.622877][T17393] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 !
[  229.632865][   T29] audit: type=1400 audit(229.607:9804): avc:  denied  { getopt } for  pid=17392 comm="syz.0.3433" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  229.635492][T17393] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3433'.
[  229.665621][   T29] audit: type=1400 audit(229.607:9805): avc:  denied  { ioctl } for  pid=17392 comm="syz.0.3433" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=48280 ioctlcmd=0x4b3a scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  229.690239][T17399] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  229.700391][T17399] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  229.768618][   T29] audit: type=1326 audit(229.747:9806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17404 comm="syz.0.3439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad8bb5f749 code=0x7ffc0000
[  229.791915][   T29] audit: type=1326 audit(229.747:9807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17404 comm="syz.0.3439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad8bb5f749 code=0x7ffc0000
[  229.815015][   T29] audit: type=1326 audit(229.747:9808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17404 comm="syz.0.3439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad8bb5f749 code=0x7ffc0000
[  229.838021][   T29] audit: type=1326 audit(229.747:9809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17404 comm="syz.0.3439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad8bb5f749 code=0x7ffc0000
[  229.860976][   T29] audit: type=1326 audit(229.767:9810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17404 comm="syz.0.3439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad8bb5f749 code=0x7ffc0000
[  229.884143][   T29] audit: type=1326 audit(229.767:9811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17404 comm="syz.0.3439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad8bb5f749 code=0x7ffc0000
[  229.907456][   T29] audit: type=1326 audit(229.777:9812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17404 comm="syz.0.3439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7fad8bb5f749 code=0x7ffc0000
[  229.997858][T17414] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3443'.
[  230.023349][T17422] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3446'.
[  230.052662][T17428] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  230.060646][T17428] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  230.081274][ T9203] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  230.096112][ T9203] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  230.112184][ T9203] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  230.124350][ T9203] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  230.312214][T17460] loop4: detected capacity change from 0 to 256
[  230.320208][T17460] msdos: Unknown parameter 'dont_hash'
[  230.353750][T17467] sg_write: data in/out 989/126 bytes for SCSI command 0x7-- guessing data in;
[  230.353750][T17467]    program syz.3.3466 not setting count and/or reply_len properly
[  230.374884][T17468] loop3: detected capacity change from 0 to 512
[  230.398380][T17463] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  230.435250][T17463] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  230.483610][T17462] netlink: 'syz.6.3459': attribute type 10 has an invalid length.
[  230.492829][T17468] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  230.507099][T17450] lo speed is unknown, defaulting to 1000
[  230.550057][T17466] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.3466: corrupted xattr block 6: invalid header
[  230.596087][T17466] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=12
[  230.624704][T17466] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.3466: corrupted xattr block 6: invalid header
[  230.640507][T17466] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=12
[  230.650228][T17466] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.3466: corrupted xattr block 6: invalid header
[  230.677305][T17466] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=12
[  230.709476][T17466] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.3466: corrupted xattr block 6: invalid header
[  230.760604][T17466] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=12
[  230.775602][T17466] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.3466: corrupted xattr block 6: invalid header
[  230.789671][T17466] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=12
[  230.799496][T17466] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #12: comm syz.3.3466: corrupted xattr block 6: invalid header
[  230.828834][T16049] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.865559][T17505] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  230.873331][T17505] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  231.101015][T17513] lo speed is unknown, defaulting to 1000
[  231.164859][T17531] netlink: 'syz.3.3482': attribute type 10 has an invalid length.
[  231.624879][T17554] netlink: 'syz.0.3497': attribute type 10 has an invalid length.
[  231.711839][T17569] netlink: 'syz.0.3497': attribute type 10 has an invalid length.
[  231.768232][T17554] bond0: (slave dummy0): Releasing backup interface
[  231.820750][T17554] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  231.867537][T17554] team0: Failed to send options change via netlink (err -105)
[  231.875099][T17554] team0: Port device dummy0 added
[  231.940700][T17569] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  231.977207][T17573] loop5: detected capacity change from 0 to 164
[  231.984032][T17573] iso9660: Unknown parameter 'unOide'
[  232.009060][T17569] team0: Failed to send options change via netlink (err -105)
[  232.028911][T17585] loop6: detected capacity change from 0 to 512
[  232.032136][T17569] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  232.045821][T17585] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x05417272 (sector = 1)
[  232.051825][T17569] team0: Port device dummy0 removed
[  232.072318][T17569] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  232.082659][T17558] lo speed is unknown, defaulting to 1000
[  232.122423][T17585] FAT-fs (loop6): FAT read failed (blocknr 128)
[  232.221925][T17601] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.279279][T17606] FAULT_INJECTION: forcing a failure.
[  232.279279][T17606] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  232.292433][T17606] CPU: 0 UID: 0 PID: 17606 Comm: syz.3.3516 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  232.292557][T17606] Tainted: [W]=WARN
[  232.292564][T17606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  232.292577][T17606] Call Trace:
[  232.292583][T17606]  <TASK>
[  232.292590][T17606]  __dump_stack+0x1d/0x30
[  232.292644][T17606]  dump_stack_lvl+0x95/0xd0
[  232.292664][T17606]  dump_stack+0x15/0x1b
[  232.292683][T17606]  should_fail_ex+0x265/0x280
[  232.292711][T17606]  should_fail+0xb/0x20
[  232.292735][T17606]  should_fail_usercopy+0x1a/0x20
[  232.292763][T17606]  _copy_from_user+0x1c/0xb0
[  232.292794][T17606]  __sys_connect+0xd0/0x2b0
[  232.292826][T17606]  __x64_sys_connect+0x3f/0x50
[  232.292908][T17606]  x64_sys_call+0x2e09/0x3000
[  232.293006][T17606]  do_syscall_64+0xca/0x2b0
[  232.293091][T17606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.293116][T17606] RIP: 0033:0x7f9c4f52f749
[  232.293134][T17606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.293228][T17606] RSP: 002b:00007f9c4df97038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  232.293298][T17606] RAX: ffffffffffffffda RBX: 00007f9c4f785fa0 RCX: 00007f9c4f52f749
[  232.293310][T17606] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000003
[  232.293335][T17606] RBP: 00007f9c4df97090 R08: 0000000000000000 R09: 0000000000000000
[  232.293350][T17606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  232.293365][T17606] R13: 00007f9c4f786038 R14: 00007f9c4f785fa0 R15: 00007ffcc68091c8
[  232.293386][T17606]  </TASK>
[  232.520606][T17610] netlink: 'syz.6.3514': attribute type 10 has an invalid length.
[  232.539249][T17601] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.554863][T17610] __nla_validate_parse: 13 callbacks suppressed
[  232.554880][T17610] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3514'.
[  232.587565][T17614] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  232.601845][T17601] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.619956][T17614] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  232.627737][T17608] lo speed is unknown, defaulting to 1000
[  232.790429][T17601] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.815793][T17630] bridge0: port 3(gretap0) entered blocking state
[  232.822311][T17630] bridge0: port 3(gretap0) entered disabled state
[  232.855002][T17630] gretap0: entered allmulticast mode
[  232.868024][T17630] gretap0: entered promiscuous mode
[  232.880105][T17630] bridge0: port 3(gretap0) entered blocking state
[  232.886717][T17630] bridge0: port 3(gretap0) entered forwarding state
[  232.938387][T17638] gretap0: left allmulticast mode
[  232.943681][T17638] gretap0: left promiscuous mode
[  232.948789][T17638] bridge0: port 3(gretap0) entered disabled state
[  233.049138][T17641] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  233.057414][T17641] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  233.064379][T17630] netlink: 'syz.3.3524': attribute type 13 has an invalid length.
[  233.079062][T17647] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  233.097025][   T12] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  233.123078][   T12] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  233.292997][T17646] loop6: detected capacity change from 0 to 164
[  233.299892][T17646] iso9660: Unknown parameter 'unOide'
[  233.455573][T17630] bridge0: port 2(bridge_slave_1) entered disabled state
[  233.462865][T17630] bridge0: port 1(bridge_slave_0) entered disabled state
[  233.704870][T17666] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  233.723314][T17666] loop5: detected capacity change from 0 to 128
[  233.789081][T17666] bio_check_eod: 3 callbacks suppressed
[  233.789118][T17666] syz.5.3539: attempt to access beyond end of device
[  233.789118][T17666] loop5: rw=2049, sector=145, nr_sectors = 896 limit=128
[  233.894403][T17630] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  233.938840][T17630] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  234.048076][   T12] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  234.060933][T17625] lo speed is unknown, defaulting to 1000
[  234.082657][T17646] netlink: 2 bytes leftover after parsing attributes in process `syz.6.3532'.
[  234.091748][T17646] netlink: 2 bytes leftover after parsing attributes in process `syz.6.3532'.
[  234.117732][   T12] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  234.185012][   T12] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  234.196514][   T12] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  234.205349][   T12] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  234.213796][   T12] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  234.289630][T17671] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.335427][T17671] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.404775][   T29] kauditd_printk_skb: 161 callbacks suppressed
[  234.404795][   T29] audit: type=1400 audit(234.387:9974): avc:  denied  { bind } for  pid=17683 comm="syz.5.3547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  234.468169][   T29] audit: type=1326 audit(234.417:9975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17683 comm="syz.5.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f395aeef749 code=0x7ffc0000
[  234.491368][   T29] audit: type=1326 audit(234.417:9976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17683 comm="syz.5.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f395aeef749 code=0x7ffc0000
[  234.514531][   T29] audit: type=1326 audit(234.417:9977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17683 comm="syz.5.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f395aeef749 code=0x7ffc0000
[  234.537767][   T29] audit: type=1326 audit(234.417:9978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17683 comm="syz.5.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f395aeef783 code=0x7ffc0000
[  234.560853][   T29] audit: type=1326 audit(234.417:9979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17683 comm="syz.5.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f395aeef783 code=0x7ffc0000
[  234.584212][   T29] audit: type=1326 audit(234.417:9980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17683 comm="syz.5.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f395aeef749 code=0x7ffc0000
[  234.607733][   T29] audit: type=1326 audit(234.417:9981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17683 comm="syz.5.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f395aeef749 code=0x7ffc0000
[  234.607773][   T29] audit: type=1326 audit(234.417:9982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17683 comm="syz.5.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f395aeef749 code=0x7ffc0000
[  234.607864][   T29] audit: type=1326 audit(234.417:9983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17683 comm="syz.5.3547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f395aeef749 code=0x7ffc0000
[  234.635515][T17671] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.715067][T17671] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.750487][T17696] FAULT_INJECTION: forcing a failure.
[  234.750487][T17696] name failslab, interval 1, probability 0, space 0, times 0
[  234.763400][T17696] CPU: 1 UID: 0 PID: 17696 Comm: syz.3.3551 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  234.763438][T17696] Tainted: [W]=WARN
[  234.763447][T17696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  234.763462][T17696] Call Trace:
[  234.763489][T17696]  <TASK>
[  234.763500][T17696]  __dump_stack+0x1d/0x30
[  234.763538][T17696]  dump_stack_lvl+0x95/0xd0
[  234.763560][T17696]  dump_stack+0x15/0x1b
[  234.763582][T17696]  should_fail_ex+0x265/0x280
[  234.763641][T17696]  should_failslab+0x8c/0xb0
[  234.763668][T17696]  __kmalloc_cache_noprof+0x65/0x4c0
[  234.763697][T17696]  ? sctp_auth_set_key+0x115/0x4f0
[  234.763729][T17696]  sctp_auth_set_key+0x115/0x4f0
[  234.763834][T17696]  ? _raw_spin_lock_bh+0x56/0xb0
[  234.763864][T17696]  sctp_setsockopt_auth_key+0x2d7/0x3e0
[  234.763890][T17696]  sctp_setsockopt+0x4ba/0xe30
[  234.763919][T17696]  sock_common_setsockopt+0x69/0x80
[  234.764006][T17696]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  234.764030][T17696]  __sys_setsockopt+0x184/0x200
[  234.764055][T17696]  __x64_sys_setsockopt+0x64/0x80
[  234.764094][T17696]  x64_sys_call+0x21d5/0x3000
[  234.764124][T17696]  do_syscall_64+0xca/0x2b0
[  234.764165][T17696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.764264][T17696] RIP: 0033:0x7f9c4f52f749
[  234.764306][T17696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  234.764324][T17696] RSP: 002b:00007f9c4df97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  234.764451][T17696] RAX: ffffffffffffffda RBX: 00007f9c4f785fa0 RCX: 00007f9c4f52f749
[  234.764465][T17696] RDX: 0000000000000017 RSI: 0000000000000084 RDI: 0000000000000003
[  234.764479][T17696] RBP: 00007f9c4df97090 R08: 0000000000000009 R09: 0000000000000000
[  234.764494][T17696] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[  234.764533][T17696] R13: 00007f9c4f786038 R14: 00007f9c4f785fa0 R15: 00007ffcc68091c8
[  234.764556][T17696]  </TASK>
[  234.970357][T17698] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.016266][T17698] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.050566][T17700] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3553'.
[  235.090649][T17698] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.146118][T17698] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.217383][   T42] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  235.245307][   T42] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  235.261944][   T42] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  235.281338][   T42] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  235.443592][T17716] loop5: detected capacity change from 0 to 164
[  235.450351][T17716] iso9660: Unknown parameter 'unOide'
[  235.456925][T17716] netlink: 2 bytes leftover after parsing attributes in process `syz.5.3559'.
[  235.465845][T17716] netlink: 2 bytes leftover after parsing attributes in process `syz.5.3559'.
[  236.024234][T17753] FAULT_INJECTION: forcing a failure.
[  236.024234][T17753] name failslab, interval 1, probability 0, space 0, times 0
[  236.037040][T17753] CPU: 0 UID: 0 PID: 17753 Comm: syz.0.3574 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  236.037081][T17753] Tainted: [W]=WARN
[  236.037090][T17753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  236.037105][T17753] Call Trace:
[  236.037112][T17753]  <TASK>
[  236.037192][T17753]  __dump_stack+0x1d/0x30
[  236.037266][T17753]  dump_stack_lvl+0x95/0xd0
[  236.037291][T17753]  dump_stack+0x15/0x1b
[  236.037322][T17753]  should_fail_ex+0x265/0x280
[  236.037425][T17753]  should_failslab+0x8c/0xb0
[  236.037450][T17753]  kmem_cache_alloc_node_noprof+0x6b/0x4c0
[  236.037523][T17753]  ? __alloc_skb+0x2ff/0x4b0
[  236.037550][T17753]  __alloc_skb+0x2ff/0x4b0
[  236.037574][T17753]  ? __alloc_skb+0x228/0x4b0
[  236.037666][T17753]  netlink_alloc_large_skb+0xbf/0xf0
[  236.037715][T17753]  netlink_sendmsg+0x3cf/0x6b0
[  236.037751][T17753]  ? __pfx_netlink_sendmsg+0x10/0x10
[  236.037842][T17753]  __sock_sendmsg+0x145/0x180
[  236.037864][T17753]  ____sys_sendmsg+0x31e/0x4a0
[  236.037898][T17753]  ___sys_sendmsg+0x17b/0x1d0
[  236.037942][T17753]  __x64_sys_sendmsg+0xd4/0x160
[  236.037990][T17753]  x64_sys_call+0x17ba/0x3000
[  236.038017][T17753]  do_syscall_64+0xca/0x2b0
[  236.038054][T17753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.038098][T17753] RIP: 0033:0x7fad8bb5f749
[  236.038117][T17753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  236.038139][T17753] RSP: 002b:00007fad8a5bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  236.038251][T17753] RAX: ffffffffffffffda RBX: 00007fad8bdb5fa0 RCX: 00007fad8bb5f749
[  236.038266][T17753] RDX: 0000000000008000 RSI: 0000200000001c00 RDI: 0000000000000005
[  236.038281][T17753] RBP: 00007fad8a5bf090 R08: 0000000000000000 R09: 0000000000000000
[  236.038303][T17753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  236.038378][T17753] R13: 00007fad8bdb6038 R14: 00007fad8bdb5fa0 R15: 00007ffc7f90a208
[  236.038400][T17753]  </TASK>
[  236.041585][T17758] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3577'.
[  236.198552][T17766] tipc: Enabling of bearer <|th:s> rejected, media not registered
[  236.326844][T17774] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[  236.444242][T17790] loop3: detected capacity change from 0 to 8192
[  236.545664][T17779] loop5: detected capacity change from 0 to 164
[  236.552483][T17779] iso9660: Unknown parameter 'unOide'
[  236.559061][T17779] netlink: 2 bytes leftover after parsing attributes in process `syz.5.3586'.
[  236.568022][T17779] netlink: 2 bytes leftover after parsing attributes in process `syz.5.3586'.
[  236.658465][T17804] loop3: detected capacity change from 0 to 8192
[  236.960860][T17827] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  236.968949][T17827] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  236.998980][T17829] loop0: detected capacity change from 0 to 512
[  237.006427][T17829] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  237.022248][  T850] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  237.031719][T17831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3610'.
[  237.034496][T17829] EXT4-fs (loop0): too many log groups per flexible block group
[  237.051648][T14842] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  237.054264][T17829] EXT4-fs (loop0): failed to initialize mballoc (-12)
[  237.069937][T14842] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  237.074421][T17829] EXT4-fs (loop0): mount failed
[  237.091343][T14842] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  237.144750][T17844] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[  237.157096][T17843] hsr_slave_0: left promiscuous mode
[  237.166191][T17843] hsr_slave_1: left promiscuous mode
[  237.275779][T17860] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  237.285717][T17860] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  237.296124][T17866] FAULT_INJECTION: forcing a failure.
[  237.296124][T17866] name failslab, interval 1, probability 0, space 0, times 0
[  237.308869][T17866] CPU: 1 UID: 0 PID: 17866 Comm: syz.6.3623 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  237.308945][T17866] Tainted: [W]=WARN
[  237.308952][T17866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  237.309020][T17866] Call Trace:
[  237.309026][T17866]  <TASK>
[  237.309088][T17866]  __dump_stack+0x1d/0x30
[  237.309112][T17866]  dump_stack_lvl+0x95/0xd0
[  237.309185][T17866]  dump_stack+0x15/0x1b
[  237.309204][T17866]  should_fail_ex+0x265/0x280
[  237.309227][T17866]  should_failslab+0x8c/0xb0
[  237.309252][T17866]  kmem_cache_alloc_noprof+0x69/0x4b0
[  237.309277][T17866]  ? getname_flags+0x80/0x3b0
[  237.309381][T17866]  getname_flags+0x80/0x3b0
[  237.309408][T17866]  __x64_sys_rename+0x40/0x70
[  237.309430][T17866]  x64_sys_call+0x24e/0x3000
[  237.309561][T17866]  do_syscall_64+0xca/0x2b0
[  237.309600][T17866]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.309648][T17866] RIP: 0033:0x7f82fd18f749
[  237.309664][T17866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.309681][T17866] RSP: 002b:00007f82fbbef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[  237.309704][T17866] RAX: ffffffffffffffda RBX: 00007f82fd3e5fa0 RCX: 00007f82fd18f749
[  237.309758][T17866] RDX: 0000000000000000 RSI: 0000200000001300 RDI: 0000200000000040
[  237.309770][T17866] RBP: 00007f82fbbef090 R08: 0000000000000000 R09: 0000000000000000
[  237.309857][T17866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.309870][T17866] R13: 00007f82fd3e6038 R14: 00007f82fd3e5fa0 R15: 00007ffd22392d28
[  237.309888][T17866]  </TASK>
[  237.511426][T17873] loop6: detected capacity change from 0 to 512
[  237.518232][T17873] EXT4-fs: Ignoring removed nomblk_io_submit option
[  237.526639][T17873] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  237.534734][T17873] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002]
[  237.543182][T17873] EXT4-fs (loop6): orphan cleanup on readonly fs
[  237.549838][T17873] EXT4-fs warning (device loop6): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  237.564462][T17873] EXT4-fs (loop6): Cannot turn on quotas: error -22
[  237.572039][T17873] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.3626: bg 0: block 40: padding at end of block bitmap is not set
[  237.586601][T17873] EXT4-fs (loop6): Remounting filesystem read-only
[  237.593272][T17873] EXT4-fs (loop6): 1 truncate cleaned up
[  237.599701][T17873] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  237.634960][ T8765] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.706366][T17871] loop5: detected capacity change from 0 to 164
[  237.713091][T17871] iso9660: Unknown parameter 'unOide'
[  237.719827][T17871] __nla_validate_parse: 2 callbacks suppressed
[  237.719846][T17871] netlink: 2 bytes leftover after parsing attributes in process `syz.5.3624'.
[  237.735013][T17871] netlink: 2 bytes leftover after parsing attributes in process `syz.5.3624'.
[  237.807379][T17890] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3633'.
[  237.854993][T17892] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  237.862960][T17892] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  238.008167][T17897] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17897 comm=syz.6.3636
[  238.070755][T17897] loop6: detected capacity change from 0 to 164
[  238.295807][T17913] netlink: 'syz.6.3637': attribute type 10 has an invalid length.
[  238.350832][T17921] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3637'.
[  238.434081][T17909] lo speed is unknown, defaulting to 1000
[  238.904168][T17931] netlink: 'syz.4.3646': attribute type 10 has an invalid length.
[  238.997336][T17930] lo speed is unknown, defaulting to 1000
[  239.050277][T17928] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3646'.
[  239.381269][T17954] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3656'.
[  239.457235][T17958] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3658'.
[  239.504949][T17946] loop6: detected capacity change from 0 to 164
[  239.514234][T17946] iso9660: Unknown parameter 'unOide'
[  239.537648][T17946] netlink: 2 bytes leftover after parsing attributes in process `syz.6.3652'.
[  239.546626][T17946] netlink: 2 bytes leftover after parsing attributes in process `syz.6.3652'.
[  239.566437][T17964] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  239.574309][T17964] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  239.736104][T17983] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3668'.
[  239.749773][T17987] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  239.757779][T17987] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  239.818650][T17992] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17992 comm=syz.3.3672
[  239.861659][T17996] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  239.869353][T17992] loop3: detected capacity change from 0 to 164
[  239.879992][T17996] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  239.949885][   T29] kauditd_printk_skb: 93 callbacks suppressed
[  239.949901][   T29] audit: type=1400 audit(239.927:10076): avc:  denied  { read write } for  pid=18005 comm="syz.5.3677" name="rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  239.980447][   T29] audit: type=1400 audit(239.927:10077): avc:  denied  { open } for  pid=18005 comm="syz.5.3677" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  240.009814][T18006] macvlan2: entered promiscuous mode
[  240.056495][T18007] macvlan3: entered promiscuous mode
[  240.079058][T18006] macvlan3: entered promiscuous mode
[  240.202800][T18034] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -2
[  240.211351][T18035] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  240.214535][T18034] EXT4-fs (loop6): 1 truncate cleaned up
[  240.225485][T18034] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  240.234457][T18035] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  240.250612][T18034] EXT4-fs error (device loop6): ext4_append:79: inode #2: comm syz.6.3686: Logical block already allocated
[  240.263122][T18034] EXT4-fs (loop6): Remounting filesystem read-only
[  240.306699][ T8765] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.354369][   T29] audit: type=1400 audit(240.337:10078): avc:  denied  { nlmsg_read } for  pid=18049 comm="syz.5.3695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  240.478689][   T29] audit: type=1326 audit(240.457:10079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18065 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82fd18f749 code=0x7ffc0000
[  240.501496][   T29] audit: type=1326 audit(240.457:10080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18065 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f82fd18f749 code=0x7ffc0000
[  240.524244][   T29] audit: type=1326 audit(240.457:10081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18065 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f82fd18f749 code=0x7ffc0000
[  240.546986][   T29] audit: type=1326 audit(240.457:10082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18065 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f82fd18f749 code=0x7ffc0000
[  240.555963][T18072] FAULT_INJECTION: forcing a failure.
[  240.555963][T18072] name failslab, interval 1, probability 0, space 0, times 0
[  240.569815][   T29] audit: type=1326 audit(240.457:10083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18065 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f82fd18f749 code=0x7ffc0000
[  240.582383][T18072] CPU: 0 UID: 0 PID: 18072 Comm: syz.5.3702 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  240.582537][T18072] Tainted: [W]=WARN
[  240.582545][T18072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  240.582558][T18072] Call Trace:
[  240.582565][T18072]  <TASK>
[  240.582574][T18072]  __dump_stack+0x1d/0x30
[  240.582667][T18072]  dump_stack_lvl+0x95/0xd0
[  240.582690][T18072]  dump_stack+0x15/0x1b
[  240.582711][T18072]  should_fail_ex+0x265/0x280
[  240.582879][T18072]  should_failslab+0x8c/0xb0
[  240.582901][T18072]  kmem_cache_alloc_noprof+0x69/0x4b0
[  240.583028][T18072]  ? dst_alloc+0xbd/0x100
[  240.583054][T18072]  ? ip_mc_output+0x25d/0x340
[  240.583078][T18072]  dst_alloc+0xbd/0x100
[  240.583114][T18072]  ip_route_output_key_hash_rcu+0xf29/0x1380
[  240.583147][T18072]  ip_route_output_flow+0x65/0x110
[  240.583229][T18072]  udp_sendmsg+0x11b0/0x13c0
[  240.583257][T18072]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  240.583355][T18072]  ? avc_has_perm+0xf7/0x180
[  240.583379][T18072]  ? __pfx_udp_sendmsg+0x10/0x10
[  240.583405][T18072]  inet_sendmsg+0xac/0xd0
[  240.583446][T18072]  __sock_sendmsg+0x102/0x180
[  240.583548][T18072]  ____sys_sendmsg+0x345/0x4a0
[  240.583580][T18072]  ___sys_sendmsg+0x17b/0x1d0
[  240.583697][T18072]  __sys_sendmmsg+0x178/0x300
[  240.583734][T18072]  __x64_sys_sendmmsg+0x57/0x70
[  240.583763][T18072]  x64_sys_call+0x1e28/0x3000
[  240.583849][T18072]  do_syscall_64+0xca/0x2b0
[  240.583893][T18072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.583990][T18072] RIP: 0033:0x7f395aeef749
[  240.584008][T18072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  240.584027][T18072] RSP: 002b:00007f3959957038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  240.584049][T18072] RAX: ffffffffffffffda RBX: 00007f395b145fa0 RCX: 00007f395aeef749
[  240.584063][T18072] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000003
[  240.584077][T18072] RBP: 00007f3959957090 R08: 0000000000000000 R09: 0000000000000000
[  240.584130][T18072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  240.584143][T18072] R13: 00007f395b146038 R14: 00007f395b145fa0 R15: 00007ffd9a8aa708
[  240.584162][T18072]  </TASK>
[  240.712776][T18079] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  240.714362][   T29] audit: type=1326 audit(240.457:10084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18065 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f82fd18f749 code=0x7ffc0000
[  240.719817][T18079] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  240.723821][   T29] audit: type=1326 audit(240.457:10085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18065 comm=",&#^%" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f82fd18f749 code=0x7ffc0000
[  240.942560][T18097] FAULT_INJECTION: forcing a failure.
[  240.942560][T18097] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  240.955875][T18097] CPU: 1 UID: 0 PID: 18097 Comm: syz.6.3715 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  240.955938][T18097] Tainted: [W]=WARN
[  240.956023][T18097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  240.956035][T18097] Call Trace:
[  240.956041][T18097]  <TASK>
[  240.956051][T18097]  __dump_stack+0x1d/0x30
[  240.956113][T18097]  dump_stack_lvl+0x95/0xd0
[  240.956163][T18097]  dump_stack+0x15/0x1b
[  240.956184][T18097]  should_fail_ex+0x265/0x280
[  240.956208][T18097]  should_fail+0xb/0x20
[  240.956235][T18097]  should_fail_usercopy+0x1a/0x20
[  240.956264][T18097]  _copy_to_user+0x20/0xa0
[  240.956376][T18097]  simple_read_from_buffer+0xb5/0x130
[  240.956399][T18097]  proc_fail_nth_read+0x10e/0x150
[  240.956425][T18097]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  240.956473][T18097]  vfs_read+0x1a8/0x770
[  240.956494][T18097]  ? __rcu_read_unlock+0x4f/0x70
[  240.956519][T18097]  ? __fget_files+0x184/0x1c0
[  240.956621][T18097]  ? mutex_lock+0x58/0x90
[  240.956651][T18097]  ksys_read+0xda/0x1a0
[  240.956676][T18097]  __x64_sys_read+0x40/0x50
[  240.956703][T18097]  x64_sys_call+0x2889/0x3000
[  240.956726][T18097]  do_syscall_64+0xca/0x2b0
[  240.956756][T18097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.956860][T18097] RIP: 0033:0x7f82fd18e15c
[  240.956878][T18097] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  240.956969][T18097] RSP: 002b:00007f82fbbef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  240.956989][T18097] RAX: ffffffffffffffda RBX: 00007f82fd3e5fa0 RCX: 00007f82fd18e15c
[  240.957004][T18097] RDX: 000000000000000f RSI: 00007f82fbbef0a0 RDI: 0000000000000004
[  240.957019][T18097] RBP: 00007f82fbbef090 R08: 0000000000000000 R09: 0000000000000000
[  240.957035][T18097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  240.957050][T18097] R13: 00007f82fd3e6038 R14: 00007f82fd3e5fa0 R15: 00007ffd22392d28
[  240.957070][T18097]  </TASK>
[  240.959373][T18101] FAULT_INJECTION: forcing a failure.
[  240.959373][T18101] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  241.170697][T18101] CPU: 1 UID: 0 PID: 18101 Comm: syz.5.3714 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  241.170735][T18101] Tainted: [W]=WARN
[  241.170742][T18101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  241.170772][T18101] Call Trace:
[  241.170781][T18101]  <TASK>
[  241.170790][T18101]  __dump_stack+0x1d/0x30
[  241.170815][T18101]  dump_stack_lvl+0x95/0xd0
[  241.170889][T18101]  dump_stack+0x15/0x1b
[  241.170911][T18101]  should_fail_ex+0x265/0x280
[  241.170937][T18101]  should_fail+0xb/0x20
[  241.170959][T18101]  should_fail_usercopy+0x1a/0x20
[  241.170986][T18101]  _copy_from_user+0x1c/0xb0
[  241.171093][T18101]  do_sys_poll+0x149/0xbd0
[  241.171211][T18101]  do_restart_poll+0xb3/0x140
[  241.171247][T18101]  __ia32_sys_restart_syscall+0x38/0x50
[  241.171283][T18101]  x64_sys_call+0x2f53/0x3000
[  241.171376][T18101]  do_syscall_64+0xca/0x2b0
[  241.171417][T18101]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.171463][T18101] RIP: 0033:0x7f395aeef749
[  241.171479][T18101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  241.171500][T18101] RSP: 002b:00007f3959957038 EFLAGS: 00000246 ORIG_RAX: 00000000000000db
[  241.171527][T18101] RAX: ffffffffffffffda RBX: 00007f395b145fa0 RCX: 00007f395aeef749
[  241.171615][T18101] RDX: 0000000000000009 RSI: 0000000000000001 RDI: 0000200000000000
[  241.171630][T18101] RBP: 00007f3959957090 R08: 0000000000000000 R09: 0000000000000000
[  241.171646][T18101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  241.171661][T18101] R13: 00007f395b146038 R14: 00007f395b145fa0 R15: 00007ffd9a8aa708
[  241.171683][T18101]  </TASK>
[  241.180950][T18098] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.407949][T18125] set_capacity_and_notify: 2 callbacks suppressed
[  241.407969][T18125] loop5: detected capacity change from 0 to 512
[  241.429025][T18098] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.459433][T18125] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  241.475919][T18098] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.487370][T18125] EXT4-fs (loop5): 1 truncate cleaned up
[  241.500988][T18125] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.501995][T18136] FAULT_INJECTION: forcing a failure.
[  241.501995][T18136] name failslab, interval 1, probability 0, space 0, times 0
[  241.526252][T18136] CPU: 1 UID: 0 PID: 18136 Comm: syz.3.3725 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  241.526327][T18136] Tainted: [W]=WARN
[  241.526335][T18136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  241.526349][T18136] Call Trace:
[  241.526423][T18136]  <TASK>
[  241.526434][T18136]  __dump_stack+0x1d/0x30
[  241.526462][T18136]  dump_stack_lvl+0x95/0xd0
[  241.526487][T18136]  dump_stack+0x15/0x1b
[  241.526528][T18136]  should_fail_ex+0x265/0x280
[  241.526552][T18136]  should_failslab+0x8c/0xb0
[  241.526580][T18136]  kmem_cache_alloc_noprof+0x69/0x4b0
[  241.526647][T18136]  ? dst_alloc+0xbd/0x100
[  241.526744][T18136]  ? kernel_fpu_end+0x6c/0x80
[  241.526757][T18136]  dst_alloc+0xbd/0x100
[  241.526774][T18136]  ? ip_vs_sip_fill_param+0x4a2/0x5f0
[  241.526859][T18136]  ip_route_output_key_hash_rcu+0xf29/0x1380
[  241.526880][T18136]  ip_route_output_key_hash+0x63/0xa0
[  241.526900][T18136]  tcp_v4_connect+0x3e4/0xaf0
[  241.526962][T18136]  mptcp_connect+0x5d8/0x900
[  241.526977][T18136]  __inet_stream_connect+0x169/0x7d0
[  241.526992][T18136]  ? should_failslab+0x8c/0xb0
[  241.527023][T18136]  ? __kmalloc_cache_noprof+0x252/0x4c0
[  241.527039][T18136]  ? tcp_sendmsg_fastopen+0x172/0x520
[  241.527058][T18136]  tcp_sendmsg_fastopen+0x43a/0x520
[  241.527116][T18136]  mptcp_sendmsg_fastopen+0x122/0x320
[  241.527132][T18136]  mptcp_sendmsg+0xcf0/0xf50
[  241.527222][T18136]  ? avc_has_perm+0xf7/0x180
[  241.527232][T18136]  ? selinux_socket_sendmsg+0x175/0x1b0
[  241.527313][T18136]  ? __pfx_mptcp_sendmsg+0x10/0x10
[  241.527324][T18136]  inet_sendmsg+0xc5/0xd0
[  241.527335][T18136]  __sock_sendmsg+0x102/0x180
[  241.527346][T18136]  ____sys_sendmsg+0x31e/0x4a0
[  241.527418][T18136]  ___sys_sendmsg+0x17b/0x1d0
[  241.527517][T18136]  __x64_sys_sendmsg+0xd4/0x160
[  241.527533][T18136]  x64_sys_call+0x17ba/0x3000
[  241.527545][T18136]  do_syscall_64+0xca/0x2b0
[  241.527615][T18136]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.527627][T18136] RIP: 0033:0x7f9c4f52f749
[  241.527636][T18136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  241.527646][T18136] RSP: 002b:00007f9c4df97038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  241.527733][T18136] RAX: ffffffffffffffda RBX: 00007f9c4f785fa0 RCX: 00007f9c4f52f749
[  241.527740][T18136] RDX: 0000000030006041 RSI: 0000200000000000 RDI: 0000000000000004
[  241.527746][T18136] RBP: 00007f9c4df97090 R08: 0000000000000000 R09: 0000000000000000
[  241.527753][T18136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  241.527759][T18136] R13: 00007f9c4f786038 R14: 00007f9c4f785fa0 R15: 00007ffcc68091c8
[  241.527769][T18136]  </TASK>
[  241.804924][T18098] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.811076][T18125] ext4: Unknown parameter ''
[  241.835777][ T8679] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.857337][T18142] loop4: detected capacity change from 0 to 512
[  241.865911][T18142] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  241.874693][T18142] EXT4-fs (loop4): 1 truncate cleaned up
[  241.881249][T18142] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.903184][   T55] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  241.906331][T18142] EXT4-fs error (device loop4): ext4_append:79: inode #2: comm syz.4.3731: Logical block already allocated
[  241.943821][   T55] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  241.956072][T18142] EXT4-fs (loop4): Remounting filesystem read-only
[  241.964057][   T55] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  241.977276][   T55] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  242.055812][T18147] Cannot find add_set index 0 as target
[  242.331103][T18160] 9pnet_virtio: no channels available for device 127.0.0.1
[  242.379211][T18164] loop6: detected capacity change from 0 to 512
[  242.387269][T18142] Set syz1 is full, maxelem 65536 reached
[  242.396142][T18164] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -2
[  242.409292][T18164] EXT4-fs (loop6): 1 truncate cleaned up
[  242.418058][T18164] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.436752][T18164] EXT4-fs error (device loop6): ext4_append:79: inode #2: comm syz.6.3738: Logical block already allocated
[  242.448857][T15624] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.451546][T18164] EXT4-fs (loop6): Remounting filesystem read-only
[  242.475622][T18170] batadv_slave_0: entered promiscuous mode
[  242.482021][T18169] batadv_slave_0: left promiscuous mode
[  242.599633][T18176] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.727825][T18176] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.813648][T18176] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.830139][T18164] Set syz1 is full, maxelem 65536 reached
[  242.879979][ T8765] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.916974][T18176] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.037011][T18187] FAULT_INJECTION: forcing a failure.
[  243.037011][T18187] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  243.050184][T18187] CPU: 1 UID: 0 PID: 18187 Comm: syz.3.3744 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  243.050240][T18187] Tainted: [W]=WARN
[  243.050249][T18187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  243.050271][T18187] Call Trace:
[  243.050280][T18187]  <TASK>
[  243.050290][T18187]  __dump_stack+0x1d/0x30
[  243.050319][T18187]  dump_stack_lvl+0x95/0xd0
[  243.050388][T18187]  dump_stack+0x15/0x1b
[  243.050430][T18187]  should_fail_ex+0x265/0x280
[  243.050457][T18187]  should_fail+0xb/0x20
[  243.050479][T18187]  should_fail_usercopy+0x1a/0x20
[  243.050563][T18187]  strncpy_from_user+0x27/0x260
[  243.050598][T18187]  ? 0xffffffffa020165c
[  243.050616][T18187]  strncpy_from_user_nofault+0x68/0xf0
[  243.050648][T18187]  bpf_probe_read_compat_str+0xb4/0x130
[  243.050795][T18187]  bpf_prog_95f2e3557e98b35e+0x3e/0x44
[  243.050813][T18187]  bpf_trace_run2+0x107/0x1d0
[  243.050840][T18187]  ? __rcu_read_unlock+0x4f/0x70
[  243.050936][T18187]  ? security_compute_sid+0x11da/0x1290
[  243.050964][T18187]  ? security_compute_sid+0x11da/0x1290
[  243.050994][T18187]  kfree+0x353/0x3c0
[  243.051018][T18187]  security_compute_sid+0x11da/0x1290
[  243.051119][T18187]  ? kstrtouint+0x76/0xc0
[  243.051163][T18187]  security_transition_sid+0x5a/0x70
[  243.051192][T18187]  selinux_socket_create+0x120/0x180
[  243.051219][T18187]  security_socket_create+0x50/0x90
[  243.051245][T18187]  __sock_create+0xe0/0x580
[  243.051299][T18187]  ? mutex_unlock+0x4f/0x90
[  243.051323][T18187]  ? fput+0x8f/0xc0
[  243.051372][T18187]  __sys_socket+0xb0/0x180
[  243.051396][T18187]  __x64_sys_socket+0x3f/0x50
[  243.051420][T18187]  x64_sys_call+0x127b/0x3000
[  243.051447][T18187]  do_syscall_64+0xca/0x2b0
[  243.051538][T18187]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.051615][T18187] RIP: 0033:0x7f9c4f52f749
[  243.051633][T18187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  243.051682][T18187] RSP: 002b:00007f9c4df55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  243.051706][T18187] RAX: ffffffffffffffda RBX: 00007f9c4f786180 RCX: 00007f9c4f52f749
[  243.051722][T18187] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000028
[  243.051736][T18187] RBP: 00007f9c4df55090 R08: 0000000000000000 R09: 0000000000000000
[  243.051748][T18187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  243.051760][T18187] R13: 00007f9c4f786218 R14: 00007f9c4f786180 R15: 00007ffcc68091c8
[  243.051829][T18187]  </TASK>
[  243.052804][T18187] __nla_validate_parse: 3 callbacks suppressed
[  243.052820][T18187] netlink: 184 bytes leftover after parsing attributes in process `syz.3.3744'.
[  243.324306][   T12] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  243.332879][   T12] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  243.400943][   T12] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  243.415611][T18191] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3749'.
[  243.446178][   T12] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  243.546074][T18203] 9pnet_virtio: no channels available for device 127.0.0.1
[  243.573528][T18209] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3754'.
[  243.588157][T18205] loop4: detected capacity change from 0 to 512
[  243.612685][T18211] loop5: detected capacity change from 0 to 2048
[  243.620371][T18205] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  243.630822][T18205] EXT4-fs (loop4): 1 truncate cleaned up
[  243.637305][T18205] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  243.651660][T18211] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  243.667882][T18205] EXT4-fs error (device loop4): ext4_append:79: inode #2: comm syz.4.3755: Logical block already allocated
[  243.683640][T18205] EXT4-fs (loop4): Remounting filesystem read-only
[  243.702561][T15624] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.798767][T18222] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  243.834059][T18222] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 824 with error 28
[  243.846554][T18222] EXT4-fs (loop5): This should not happen!! Data will be lost
[  243.846554][T18222] 
[  243.856240][T18222] EXT4-fs (loop5): Total free blocks count 0
[  243.862351][T18222] EXT4-fs (loop5): Free/Dirty block details
[  243.868330][T18222] EXT4-fs (loop5): free_blocks=2415919104
[  243.874210][T18222] EXT4-fs (loop5): dirty_blocks=832
[  243.879418][T18222] EXT4-fs (loop5): Block reservation details
[  243.885458][T18222] EXT4-fs (loop5): i_reserved_data_blocks=52
[  243.915941][T18231] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3762'.
[  243.943395][T18233] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3763'.
[  244.006442][T18240] loop4: detected capacity change from 0 to 1024
[  244.036083][T18240] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  244.171491][T18236] loop6: detected capacity change from 0 to 164
[  244.178696][T18236] iso9660: Unknown parameter 'unOide'
[  244.186115][T18236] netlink: 2 bytes leftover after parsing attributes in process `syz.6.3764'.
[  244.195155][T18236] netlink: 2 bytes leftover after parsing attributes in process `syz.6.3764'.
[  244.343155][T18253] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3770'.
[  244.410664][T18255] loop3: detected capacity change from 0 to 512
[  244.449850][T18255] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  244.481962][T18255] EXT4-fs (loop3): 1 truncate cleaned up
[  244.490482][ T9203] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[  244.505696][T18255] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  244.533445][T18255] EXT4-fs error (device loop3): ext4_append:79: inode #2: comm syz.3.3771: Logical block already allocated
[  244.545633][T18255] EXT4-fs (loop3): Remounting filesystem read-only
[  244.778525][T18258] netlink: 24 bytes leftover after parsing attributes in process `'.
[  244.829374][T18260] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3774'.
[  244.989682][T15624] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.004861][T18267] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  245.012621][T18267] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  245.067130][T18266] loop6: detected capacity change from 0 to 8192
[  245.093752][T18255] Set syz1 is full, maxelem 65536 reached
[  245.142310][T16049] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.194536][T18279] loop4: detected capacity change from 0 to 512
[  245.212634][T18279] EXT4-fs: Ignoring removed i_version option
[  245.228046][T18279] EXT4-fs (loop4): orphan cleanup on readonly fs
[  245.248835][T18279] EXT4-fs warning (device loop4): ext4_xattr_inode_get:560: inode #11: comm syz.4.3779: EA inode hash validation failed
[  245.264391][   T29] kauditd_printk_skb: 251 callbacks suppressed
[  245.264409][   T29] audit: type=1326 audit(245.247:10337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18286 comm="syz.3.3783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c4f52f749 code=0x7ffc0000
[  245.274338][T18279] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  245.308525][T18279] EXT4-fs error (device loop4): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.4.3779: EA inode 11 ref wraparound: ref_count=0 ref_change=-1
[  245.333768][   T29] audit: type=1326 audit(245.247:10338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18286 comm="syz.3.3783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c4f52f749 code=0x7ffc0000
[  245.335668][T18279] EXT4-fs (loop4): Remounting filesystem read-only
[  245.356776][   T29] audit: type=1326 audit(245.247:10339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18286 comm="syz.3.3783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c4f52f749 code=0x7ffc0000
[  245.363308][T18279] EXT4-fs warning (device loop4): ext4_xattr_inode_dec_ref_all:1230: inode #11: comm syz.4.3779: ea_inode dec ref err=-117
[  245.395117][T18291] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  245.399397][   T29] audit: type=1326 audit(245.247:10340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18286 comm="syz.3.3783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=241 compat=0 ip=0x7f9c4f52f749 code=0x7ffc0000
[  245.434513][   T29] audit: type=1326 audit(245.247:10341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18286 comm="syz.3.3783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c4f52f749 code=0x7ffc0000
[  245.455456][T18291] EXT4-fs error (device loop5): ext4_free_blocks:6728: comm syz.5.3784: Freeing blocks not in datazone - block = 0, count = 16
[  245.457620][   T29] audit: type=1326 audit(245.247:10342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18286 comm="syz.3.3783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c4f52f749 code=0x7ffc0000
[  245.494067][   T29] audit: type=1326 audit(245.247:10343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18286 comm="syz.3.3783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c4f52f749 code=0x7ffc0000
[  245.517054][   T29] audit: type=1326 audit(245.247:10344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18286 comm="syz.3.3783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f9c4f52f749 code=0x7ffc0000
[  245.540120][   T29] audit: type=1326 audit(245.247:10345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18286 comm="syz.3.3783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c4f52f749 code=0x7ffc0000
[  245.563742][   T29] audit: type=1326 audit(245.247:10346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18286 comm="syz.3.3783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c4f52f749 code=0x7ffc0000
[  245.564017][T18279] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -30)
[  245.632533][T18279] EXT4-fs (loop4): 1 orphan inode deleted
[  245.648235][T18279] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  245.695794][T18308] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0
[  245.705315][T18307] IPVS: stopping master sync thread 18308 ...
[  245.755007][T15624] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.796780][T18316] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  245.804721][T18316] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  246.046732][T18328] netlink: 'syz.6.3792': attribute type 10 has an invalid length.
[  246.090792][T18328] bond0: (slave dummy0): Releasing backup interface
[  246.121277][T18329] netlink: 'syz.6.3792': attribute type 10 has an invalid length.
[  246.140881][T18328] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  246.169918][ T8679] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  246.180878][ T8679] CPU: 0 UID: 0 PID: 8679 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  246.180926][ T8679] Tainted: [W]=WARN
[  246.180934][ T8679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  246.180948][ T8679] Call Trace:
[  246.180957][ T8679]  <TASK>
[  246.180967][ T8679]  __dump_stack+0x1d/0x30
[  246.181034][ T8679]  dump_stack_lvl+0x95/0xd0
[  246.181064][ T8679]  dump_stack+0x15/0x1b
[  246.181087][ T8679]  dump_header+0x81/0x240
[  246.181109][ T8679]  oom_kill_process+0x295/0x350
[  246.181135][ T8679]  out_of_memory+0x97b/0xb80
[  246.181181][ T8679]  try_charge_memcg+0x610/0xa10
[  246.181225][ T8679]  charge_memcg+0x51/0xc0
[  246.181275][ T8679]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  246.181321][ T8679]  __read_swap_cache_async+0x17b/0x2d0
[  246.181405][ T8679]  swap_cluster_readahead+0x262/0x3c0
[  246.181440][ T8679]  swapin_readahead+0xde/0x820
[  246.181528][ T8679]  ? from_kuid+0x139/0x320
[  246.181557][ T8679]  ? __rcu_read_unlock+0x4f/0x70
[  246.181619][ T8679]  ? __perf_event_task_sched_in+0xa5b/0xac0
[  246.181641][ T8679]  ? __rcu_read_unlock+0x4f/0x70
[  246.181667][ T8679]  ? __rcu_read_unlock+0x4f/0x70
[  246.181686][ T8679]  ? swap_cache_get_folio+0x277/0x280
[  246.181712][ T8679]  do_swap_page+0x2b4/0x21e0
[  246.181808][ T8679]  ? _raw_spin_unlock+0x26/0x50
[  246.181836][ T8679]  ? __schedule+0x85f/0xcd0
[  246.181858][ T8679]  ? __pfx_default_wake_function+0x10/0x10
[  246.181889][ T8679]  handle_mm_fault+0x9d8/0x2c60
[  246.181944][ T8679]  do_user_addr_fault+0x630/0x1080
[  246.181974][ T8679]  exc_page_fault+0x62/0xa0
[  246.182016][ T8679]  asm_exc_page_fault+0x26/0x30
[  246.182036][ T8679] RIP: 0033:0x7f395af21fc5
[  246.182052][ T8679] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 9e 95 1f 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 <c3> 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74
[  246.182070][ T8679] RSP: 002b:00007ffd9a8aaa48 EFLAGS: 00010246
[  246.182086][ T8679] RAX: 0000000000000000 RBX: 0000000000000435 RCX: 00007f395af21fc3
[  246.182099][ T8679] RDX: 00007ffd9a8aaa60 RSI: 0000000000000000 RDI: 0000000000000000
[  246.182174][ T8679] RBP: 00007ffd9a8aaacc R08: 00000000047087e8 R09: 0000000000000000
[  246.182186][ T8679] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388
[  246.182199][ T8679] R13: 00000000000927c0 R14: 000000000003bf4d R15: 00007ffd9a8aab20
[  246.182238][ T8679]  </TASK>
[  246.182245][ T8679] memory: usage 307200kB, limit 307200kB, failcnt 224
[  246.189851][T18328] team0: Failed to send options change via netlink (err -105)
[  246.193842][ T8679] memory+swap: usage 307996kB, limit 9007199254740988kB, failcnt 0
[  246.197647][T18328] team0: Port device dummy0 added
[  246.207761][ T8679] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0
[  246.229551][T18327] lo speed is unknown, defaulting to 1000
[  246.231390][ T8679] Memory cgroup stats for /syz5:
[  246.285171][T18329] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  246.287332][ T8679] cache 8192
[  246.472961][ T8679] rss 12288
[  246.476341][ T8679] shmem 0
[  246.479460][ T8679] mapped_file 0
[  246.482989][ T8679] dirty 0
[  246.485962][ T8679] writeback 12288
[  246.489604][ T8679] workingset_refault_anon 19
[  246.494232][ T8679] workingset_refault_file 0
[  246.498937][ T8679] swap 815104
[  246.502247][ T8679] swapcached 16384
[  246.506092][ T8679] pgpgin 107324
[  246.509564][ T8679] pgpgout 107316
[  246.513112][ T8679] pgfault 127838
[  246.516947][ T8679] pgmajfault 7
[  246.520500][ T8679] inactive_anon 12288
[  246.524565][ T8679] active_anon 4096
[  246.528288][ T8679] inactive_file 0
[  246.531928][ T8679] active_file 16384
[  246.535772][ T8679] unevictable 0
[  246.539374][ T8679] hierarchical_memory_limit 314572800
[  246.544807][ T8679] hierarchical_memsw_limit 9223372036854771712
[  246.550968][ T8679] total_cache 8192
[  246.554811][ T8679] total_rss 12288
[  246.558555][ T8679] total_shmem 0
[  246.562026][ T8679] total_mapped_file 0
[  246.566178][ T8679] total_dirty 0
[  246.569637][ T8679] total_writeback 12288
[  246.573855][ T8679] total_workingset_refault_anon 19
[  246.579132][ T8679] total_workingset_refault_file 0
[  246.584240][ T8679] total_swap 815104
[  246.588057][ T8679] total_swapcached 16384
[  246.592300][ T8679] total_pgpgin 107324
[  246.596313][ T8679] total_pgpgout 107316
[  246.600389][ T8679] total_pgfault 127838
[  246.604561][ T8679] total_pgmajfault 7
[  246.608489][ T8679] total_inactive_anon 12288
[  246.613000][ T8679] total_active_anon 4096
[  246.617287][ T8679] total_inactive_file 0
[  246.621496][ T8679] total_active_file 16384
[  246.625925][ T8679] total_unevictable 0
[  246.629908][ T8679] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.3784,pid=18289,uid=0
[  246.644817][ T8679] Memory cgroup out of memory: Killed process 18289 (syz.5.3784) total-vm:93968kB, anon-rss:1264kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  246.662382][T18329] team0: Failed to send options change via netlink (err -105)
[  246.684709][T18329] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  246.693841][T18329] team0: Port device dummy0 removed
[  246.708013][T18329] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  246.813535][T18291] syz.5.3784 (18291) used greatest stack depth: 6120 bytes left
[  246.839910][ T8679] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  246.932856][T18351] set_capacity_and_notify: 1 callbacks suppressed
[  246.932874][T18351] loop4: detected capacity change from 0 to 512
[  246.956452][T18351] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  246.977433][T18351] EXT4-fs (loop4): 1 truncate cleaned up
[  246.983541][T18351] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  247.081024][T18351] EXT4-fs error (device loop4): ext4_append:79: inode #2: comm syz.4.3803: Logical block already allocated
[  247.104331][T18351] EXT4-fs (loop4): Remounting filesystem read-only
[  247.125334][T18357] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  247.168876][T18355] lo speed is unknown, defaulting to 1000
[  247.173545][T18357] vhci_hcd vhci_hcd.2: invalid port number 96
[  247.181031][T18357] vhci_hcd vhci_hcd.2: default hub control req: 0300 vfffa i0060 l0
[  247.215097][T18361] netlink: 'syz.3.3802': attribute type 10 has an invalid length.
[  247.297928][T18361] bond0: (slave dummy0): Releasing backup interface
[  247.331172][T18361] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  247.347925][T18365] netlink: 'syz.3.3802': attribute type 10 has an invalid length.
[  247.370374][T18361] team0: Failed to send options change via netlink (err -105)
[  247.378024][T18361] team0: Port device dummy0 added
[  247.408777][T18367] random: crng reseeded on system resumption
[  247.483599][T18365] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  247.516550][T18365] team0: Failed to send options change via netlink (err -105)
[  247.542720][T18365] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  247.574889][T18365] team0: Port device dummy0 removed
[  247.593047][T18365] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  247.611868][T18357] loop5: detected capacity change from 0 to 128
[  247.624256][T18364] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  247.796643][T18375] FAULT_INJECTION: forcing a failure.
[  247.796643][T18375] name failslab, interval 1, probability 0, space 0, times 0
[  247.809336][T18375] CPU: 1 UID: 0 PID: 18375 Comm: syz.6.3809 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  247.809424][T18375] Tainted: [W]=WARN
[  247.809448][T18375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  247.809461][T18375] Call Trace:
[  247.809470][T18375]  <TASK>
[  247.809480][T18375]  __dump_stack+0x1d/0x30
[  247.809524][T18375]  dump_stack_lvl+0x95/0xd0
[  247.809559][T18375]  dump_stack+0x15/0x1b
[  247.809578][T18375]  should_fail_ex+0x265/0x280
[  247.809631][T18375]  should_failslab+0x8c/0xb0
[  247.809656][T18375]  __kmalloc_node_track_caller_noprof+0xb9/0x5b0
[  247.809680][T18375]  ? sidtab_sid2str_get+0xa0/0x130
[  247.809736][T18375]  kmemdup_noprof+0x2b/0x70
[  247.809754][T18375]  sidtab_sid2str_get+0xa0/0x130
[  247.809785][T18375]  security_sid_to_context_core+0x1eb/0x2e0
[  247.809822][T18375]  security_sid_to_context+0x27/0x40
[  247.809887][T18375]  selinux_lsmprop_to_secctx+0x67/0xf0
[  247.809914][T18375]  security_lsmprop_to_secctx+0x1a3/0x1c0
[  247.809935][T18375]  audit_log_subj_ctx+0xa4/0x3e0
[  247.809959][T18375]  ? skb_put+0xa9/0xf0
[  247.810021][T18375]  audit_log_task_context+0x48/0x70
[  247.810048][T18375]  audit_log_task+0xf4/0x250
[  247.810083][T18375]  ? kstrtouint+0x76/0xc0
[  247.810153][T18375]  audit_seccomp+0x61/0x100
[  247.810248][T18375]  ? __seccomp_filter+0x832/0x1260
[  247.810275][T18375]  __seccomp_filter+0x843/0x1260
[  247.810383][T18375]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  247.810416][T18375]  ? vfs_write+0x7e8/0x960
[  247.810433][T18375]  ? __rcu_read_unlock+0x4f/0x70
[  247.810452][T18375]  ? __fget_files+0x184/0x1c0
[  247.810508][T18375]  __secure_computing+0x82/0x150
[  247.810538][T18375]  syscall_trace_enter+0xcf/0x1e0
[  247.810560][T18375]  do_syscall_64+0xa4/0x2b0
[  247.810591][T18375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.810645][T18375] RIP: 0033:0x7f82fd18f749
[  247.810664][T18375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  247.810682][T18375] RSP: 002b:00007f82fbbef038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fb
[  247.810703][T18375] RAX: ffffffffffffffda RBX: 00007f82fd3e5fa0 RCX: 00007f82fd18f749
[  247.810720][T18375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  247.810735][T18375] RBP: 00007f82fbbef090 R08: 0000000000000000 R09: 0000000000000000
[  247.810786][T18375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  247.810868][T18375] R13: 00007f82fd3e6038 R14: 00007f82fd3e5fa0 R15: 00007ffd22392d28
[  247.810889][T18375]  </TASK>
[  248.208866][T18351] Set syz1 is full, maxelem 65536 reached
[  248.249418][T15624] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.286069][T18380] bond0: option arp_validate: invalid value (18446744073709551615)
[  248.299907][T18385] __nla_validate_parse: 5 callbacks suppressed
[  248.299924][T18385] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3814'.
[  248.340879][T18393] netlink: 64 bytes leftover after parsing attributes in process `syz.6.3818'.
[  248.398899][T18397] IPVS: set_ctl: invalid protocol: 135 0.0.0.0:20003
[  248.509445][T18405] lo speed is unknown, defaulting to 1000
[  248.558653][T18407] loop4: detected capacity change from 0 to 512
[  248.573424][T18410] netlink: 'syz.5.3817': attribute type 10 has an invalid length.
[  248.590260][T18407] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  248.599654][T18407] EXT4-fs (loop4): 1 truncate cleaned up
[  248.606032][T18407] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.629063][T18407] EXT4-fs error (device loop4): ext4_append:79: inode #2: comm syz.4.3823: Logical block already allocated
[  248.689022][T18407] EXT4-fs (loop4): Remounting filesystem read-only
[  248.699980][T18415] netlink: 184 bytes leftover after parsing attributes in process `syz.3.3824'.
[  248.721874][T18415] loop3: detected capacity change from 0 to 1024
[  248.730037][T18415] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  248.740981][T18415] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  248.752065][T18415] JBD2: no valid journal superblock found
[  248.758010][T18415] EXT4-fs (loop3): Could not load journal inode
[  248.769191][T18415] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  248.818738][T15624] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.845648][T18405] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3817'.
[  249.086411][T18421] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3827'.
[  249.115827][T18423] loop4: detected capacity change from 0 to 512
[  249.123057][T18423] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  249.216185][T18423] EXT4-fs (loop4): 1 truncate cleaned up
[  249.222288][T18423] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  249.299129][T18427] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  249.325218][T18433] FAULT_INJECTION: forcing a failure.
[  249.325218][T18433] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  249.338345][T18433] CPU: 0 UID: 0 PID: 18433 Comm: syz.6.3831 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  249.338407][T18433] Tainted: [W]=WARN
[  249.338414][T18433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  249.338425][T18433] Call Trace:
[  249.338433][T18433]  <TASK>
[  249.338442][T18433]  __dump_stack+0x1d/0x30
[  249.338470][T18433]  dump_stack_lvl+0x95/0xd0
[  249.338515][T18433]  dump_stack+0x15/0x1b
[  249.338540][T18433]  should_fail_ex+0x265/0x280
[  249.338564][T18433]  should_fail+0xb/0x20
[  249.338587][T18433]  should_fail_usercopy+0x1a/0x20
[  249.338652][T18433]  _copy_from_user+0x1c/0xb0
[  249.338680][T18433]  ___sys_sendmsg+0xc1/0x1d0
[  249.338756][T18433]  __x64_sys_sendmsg+0xd4/0x160
[  249.338785][T18433]  x64_sys_call+0x17ba/0x3000
[  249.338808][T18433]  do_syscall_64+0xca/0x2b0
[  249.338890][T18433]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.338916][T18433] RIP: 0033:0x7f82fd18f749
[  249.338931][T18433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  249.338949][T18433] RSP: 002b:00007f82fbbef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  249.338974][T18433] RAX: ffffffffffffffda RBX: 00007f82fd3e5fa0 RCX: 00007f82fd18f749
[  249.339067][T18433] RDX: 0000000000000800 RSI: 0000200000000280 RDI: 0000000000000003
[  249.339079][T18433] RBP: 00007f82fbbef090 R08: 0000000000000000 R09: 0000000000000000
[  249.339091][T18433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  249.339103][T18433] R13: 00007f82fd3e6038 R14: 00007f82fd3e5fa0 R15: 00007ffd22392d28
[  249.339137][T18433]  </TASK>
[  249.509789][T18434] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  249.541604][T15624] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.580226][T18441] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3834'.
[  249.602133][T18439] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.662771][T18449] tipc: Enabling of bearer <|th:s> rejected, media not registered
[  249.781010][T18452] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3838'.
[  249.791352][T18439] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.836137][T18439] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.924116][T18439] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.973362][   T44] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  249.992864][   T44] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  250.001126][   T44] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  250.009683][   T44] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  250.174791][T18476] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3846'.
[  250.232229][T18485] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3849'.
[  250.270584][T18484] loop3: detected capacity change from 0 to 8192
[  250.276898][T18485] ip6gre1: entered allmulticast mode
[  250.316557][   T29] kauditd_printk_skb: 130 callbacks suppressed
[  250.316605][   T29] audit: type=1326 audit(250.297:10476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18487 comm="syz.0.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad8bb5f749 code=0x7ffc0000
[  250.356723][T18490] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  250.364714][T18490] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  250.381290][   T29] audit: type=1326 audit(250.307:10477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18487 comm="syz.0.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad8bb5f749 code=0x7ffc0000
[  250.404489][   T29] audit: type=1326 audit(250.307:10478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18487 comm="syz.0.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fad8bb5f749 code=0x7ffc0000
[  250.427513][   T29] audit: type=1326 audit(250.327:10479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18487 comm="syz.0.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fad8bb5f783 code=0x7ffc0000
[  250.450477][   T29] audit: type=1326 audit(250.327:10480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18487 comm="syz.0.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fad8bb5f783 code=0x7ffc0000
[  250.459078][T18496] 9p: Bad value for 'source'
[  250.473455][   T29] audit: type=1326 audit(250.327:10481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18487 comm="syz.0.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad8bb5f749 code=0x7ffc0000
[  250.487169][T18496] netlink: 'syz.0.3851': attribute type 6 has an invalid length.
[  250.501275][   T29] audit: type=1326 audit(250.327:10482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18487 comm="syz.0.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad8bb5f749 code=0x7ffc0000
[  250.532194][   T29] audit: type=1326 audit(250.337:10483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18487 comm="syz.0.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fad8bb5f749 code=0x7ffc0000
[  250.555594][   T29] audit: type=1326 audit(250.337:10484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18487 comm="syz.0.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad8bb5f749 code=0x7ffc0000
[  250.578916][   T29] audit: type=1326 audit(250.337:10485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18487 comm="syz.0.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad8bb5f749 code=0x7ffc0000
[  250.731131][T18516] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3861'.
[  250.743562][T18516] ip6gre4: entered allmulticast mode
[  250.775521][T18519] wireguard0: entered promiscuous mode
[  250.781076][T18519] wireguard0: entered allmulticast mode
[  250.830439][T18522] loop6: detected capacity change from 0 to 512
[  250.846997][T18523] netlink: 'syz.3.3860': attribute type 10 has an invalid length.
[  250.849356][T18521] lo speed is unknown, defaulting to 1000
[  250.867541][T18522] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  250.880809][T18522] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.891145][T18523] bond0: (slave dummy0): Releasing backup interface
[  250.907409][T18523] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  250.927612][T18523] team0: Failed to send options change via netlink (err -105)
[  250.935286][T18523] team0: Port device dummy0 added
[  250.958806][T18528] netlink: 'syz.6.3863': attribute type 11 has an invalid length.
[  251.041801][T18514] netlink: 'syz.3.3860': attribute type 10 has an invalid length.
[  251.050342][T18514] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  251.073621][T18514] team0: Failed to send options change via netlink (err -105)
[  251.089387][T18514] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  251.098616][T18514] team0: Port device dummy0 removed
[  251.105761][T18514] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  251.167245][T18535] wireguard0: entered promiscuous mode
[  251.172784][T18535] wireguard0: entered allmulticast mode
[  251.243367][T18537] FAULT_INJECTION: forcing a failure.
[  251.243367][T18537] name failslab, interval 1, probability 0, space 0, times 0
[  251.256133][T18537] CPU: 1 UID: 0 PID: 18537 Comm: syz.6.3866 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  251.256194][T18537] Tainted: [W]=WARN
[  251.256203][T18537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  251.256216][T18537] Call Trace:
[  251.256224][T18537]  <TASK>
[  251.256232][T18537]  __dump_stack+0x1d/0x30
[  251.256262][T18537]  dump_stack_lvl+0x95/0xd0
[  251.256296][T18537]  dump_stack+0x15/0x1b
[  251.256346][T18537]  should_fail_ex+0x265/0x280
[  251.256373][T18537]  should_failslab+0x8c/0xb0
[  251.256395][T18537]  __kmalloc_cache_noprof+0x65/0x4c0
[  251.256474][T18537]  ? __se_sys_memfd_create+0x1d6/0x6b0
[  251.256502][T18537]  ? mutex_unlock+0x4f/0x90
[  251.256553][T18537]  __se_sys_memfd_create+0x1d6/0x6b0
[  251.256592][T18537]  __x64_sys_memfd_create+0x31/0x40
[  251.256693][T18537]  x64_sys_call+0x28cb/0x3000
[  251.256718][T18537]  do_syscall_64+0xca/0x2b0
[  251.256751][T18537]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  251.256792][T18537] RIP: 0033:0x7f82fd18f749
[  251.256810][T18537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  251.256895][T18537] RSP: 002b:00007f82fbbcde18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  251.256918][T18537] RAX: ffffffffffffffda RBX: 00000000000004eb RCX: 00007f82fd18f749
[  251.257009][T18537] RDX: 00007f82fbbcdef0 RSI: 0000000000000000 RDI: 00007f82fd214960
[  251.257023][T18537] RBP: 0000200000000540 R08: 00007f82fbbcdbb7 R09: 00007f82fbbcde40
[  251.257037][T18537] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000500
[  251.257050][T18537] R13: 00007f82fbbcdef0 R14: 00007f82fbbcdeb0 R15: 0000200000000100
[  251.257070][T18537]  </TASK>
[  251.536288][T18546] tipc: Enabling of bearer <|th:s> rejected, media not registered
[  251.607341][T18550] ip6gre1: entered allmulticast mode
[  251.801982][T18557] netlink: 'syz.3.3874': attribute type 10 has an invalid length.
[  251.806780][T18556] lo speed is unknown, defaulting to 1000
[  252.292622][T18567] FAULT_INJECTION: forcing a failure.
[  252.292622][T18567] name failslab, interval 1, probability 0, space 0, times 0
[  252.305512][T18567] CPU: 1 UID: 0 PID: 18567 Comm: syz.0.3879 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  252.305575][T18567] Tainted: [W]=WARN
[  252.305585][T18567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  252.305600][T18567] Call Trace:
[  252.305608][T18567]  <TASK>
[  252.305616][T18567]  __dump_stack+0x1d/0x30
[  252.305640][T18567]  dump_stack_lvl+0x95/0xd0
[  252.305778][T18567]  dump_stack+0x15/0x1b
[  252.305860][T18567]  should_fail_ex+0x265/0x280
[  252.305887][T18567]  should_failslab+0x8c/0xb0
[  252.305915][T18567]  kmem_cache_alloc_noprof+0x69/0x4b0
[  252.305971][T18567]  ? audit_log_start+0x342/0x720
[  252.306051][T18567]  audit_log_start+0x342/0x720
[  252.306082][T18567]  ? kstrtouint+0x76/0xc0
[  252.306101][T18567]  audit_seccomp+0x48/0x100
[  252.306128][T18567]  ? __seccomp_filter+0x832/0x1260
[  252.306182][T18567]  __seccomp_filter+0x843/0x1260
[  252.306247][T18567]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  252.306316][T18567]  ? vfs_write+0x7e8/0x960
[  252.306339][T18567]  ? __rcu_read_unlock+0x4f/0x70
[  252.306365][T18567]  ? __fget_files+0x184/0x1c0
[  252.306409][T18567]  __secure_computing+0x82/0x150
[  252.306435][T18567]  syscall_trace_enter+0xcf/0x1e0
[  252.306465][T18567]  do_syscall_64+0xa4/0x2b0
[  252.306609][T18567]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.306644][T18567] RIP: 0033:0x7fad8bb5f749
[  252.306661][T18567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  252.306679][T18567] RSP: 002b:00007fad8a5bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075
[  252.306728][T18567] RAX: ffffffffffffffda RBX: 00007fad8bdb5fa0 RCX: 00007fad8bb5f749
[  252.306797][T18567] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  252.306810][T18567] RBP: 00007fad8a5bf090 R08: 0000000000000000 R09: 0000000000000000
[  252.306823][T18567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  252.306835][T18567] R13: 00007fad8bdb6038 R14: 00007fad8bdb5fa0 R15: 00007ffc7f90a208
[  252.306855][T18567]  </TASK>
[  252.640111][T18576] ip6gre2: entered allmulticast mode
[  252.756561][T18593] tipc: Enabling of bearer <|th:s> rejected, media not registered
[  252.838714][T18603] tipc: Enabling of bearer <|th:s> rejected, media not registered
[  253.032548][T18609] netlink: 'syz.3.3893': attribute type 10 has an invalid length.
[  253.101796][T18608] lo speed is unknown, defaulting to 1000
[  253.201148][T18611] 9p: Could not find request transport: rd
[  253.464985][T18616] __nla_validate_parse: 13 callbacks suppressed
[  253.465005][T18616] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3896'.
[  253.715424][T18626] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 !
[  253.780581][T18636] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3906'.
[  253.812430][T18634] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3904'.
[  253.922111][T18649] FAULT_INJECTION: forcing a failure.
[  253.922111][T18649] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  253.935379][T18649] CPU: 1 UID: 0 PID: 18649 Comm: syz.0.3910 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  253.935513][T18649] Tainted: [W]=WARN
[  253.935520][T18649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  253.935555][T18649] Call Trace:
[  253.935563][T18649]  <TASK>
[  253.935577][T18649]  __dump_stack+0x1d/0x30
[  253.935607][T18649]  dump_stack_lvl+0x95/0xd0
[  253.935633][T18649]  dump_stack+0x15/0x1b
[  253.935660][T18649]  should_fail_ex+0x265/0x280
[  253.935698][T18649]  should_fail+0xb/0x20
[  253.935797][T18649]  should_fail_usercopy+0x1a/0x20
[  253.935826][T18649]  _copy_to_user+0x20/0xa0
[  253.935856][T18649]  simple_read_from_buffer+0xb5/0x130
[  253.935883][T18649]  proc_fail_nth_read+0x10e/0x150
[  253.935988][T18649]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  253.936014][T18649]  vfs_read+0x1a8/0x770
[  253.936030][T18649]  ? __rcu_read_unlock+0x4f/0x70
[  253.936112][T18649]  ? __fget_files+0x184/0x1c0
[  253.936135][T18649]  ? mutex_lock+0x58/0x90
[  253.936167][T18649]  ksys_read+0xda/0x1a0
[  253.936258][T18649]  __x64_sys_read+0x40/0x50
[  253.936276][T18649]  x64_sys_call+0x2889/0x3000
[  253.936302][T18649]  do_syscall_64+0xca/0x2b0
[  253.936364][T18649]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.936386][T18649] RIP: 0033:0x7fad8bb5e15c
[  253.936402][T18649] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  253.936420][T18649] RSP: 002b:00007fad8a5bf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  253.936609][T18649] RAX: ffffffffffffffda RBX: 00007fad8bdb5fa0 RCX: 00007fad8bb5e15c
[  253.936622][T18649] RDX: 000000000000000f RSI: 00007fad8a5bf0a0 RDI: 0000000000000005
[  253.936635][T18649] RBP: 00007fad8a5bf090 R08: 0000000000000000 R09: 0000000000000000
[  253.936647][T18649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  253.936659][T18649] R13: 00007fad8bdb6038 R14: 00007fad8bdb5fa0 R15: 00007ffc7f90a208
[  253.936676][T18649]  </TASK>
[  254.165128][T18655] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3911'.
[  254.184692][T18653] lo speed is unknown, defaulting to 1000
[  254.194196][T18654] tipc: Enabling of bearer <|th:s> rejected, media not registered
[  254.223695][T18663] IPVS: set_ctl: invalid protocol: 196 224.0.0.1:20000
[  254.312391][T18675] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3917'.
[  254.324717][T18675] ip6gre4: entered allmulticast mode
[  254.421104][T18683] netlink: 'syz.0.3914': attribute type 10 has an invalid length.
[  254.470957][T18683] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3914'.
[  254.528106][T18678] lo speed is unknown, defaulting to 1000
[  255.050742][T18701] 9p: Could not find request transport: rdm
[  255.107692][T18700] netlink: 'syz.6.3924': attribute type 10 has an invalid length.
[  255.125584][T18705] netlink: 'syz.3.3926': attribute type 29 has an invalid length.
[  255.199524][T18708] netlink: 'syz.6.3924': attribute type 10 has an invalid length.
[  255.248764][T18700] bond0: (slave dummy0): Releasing backup interface
[  255.275003][T18713] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3924'.
[  255.366685][T18700] team0: Port device dummy0 added
[  255.402140][T18716] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3930'.
[  255.423231][T18708] team0: Port device dummy0 removed
[  255.478071][T18708] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  255.539060][T18703] lo speed is unknown, defaulting to 1000
[  255.588840][T18725] netlink: 'syz.0.3931': attribute type 10 has an invalid length.
[  255.685981][T18732] netlink: 'syz.0.3931': attribute type 10 has an invalid length.
[  255.696138][T18725] bond0: (slave dummy0): Releasing backup interface
[  255.717033][T18725] team0: Port device dummy0 added
[  255.807381][T18732] team0: Port device dummy0 removed
[  255.843215][T18725] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3931'.
[  255.858937][T18741] loop6: detected capacity change from 0 to 128
[  255.876272][T18732] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  255.945864][T18734] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.005200][T18741] FAULT_INJECTION: forcing a failure.
[  256.005200][T18741] name failslab, interval 1, probability 0, space 0, times 0
[  256.018048][T18741] CPU: 1 UID: 0 PID: 18741 Comm: syz.6.3936 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  256.018153][T18741] Tainted: [W]=WARN
[  256.018231][T18741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  256.018246][T18741] Call Trace:
[  256.018255][T18741]  <TASK>
[  256.018266][T18741]  __dump_stack+0x1d/0x30
[  256.018296][T18741]  dump_stack_lvl+0x95/0xd0
[  256.018400][T18741]  dump_stack+0x15/0x1b
[  256.018424][T18741]  should_fail_ex+0x265/0x280
[  256.018448][T18741]  should_failslab+0x8c/0xb0
[  256.018532][T18741]  kmem_cache_alloc_noprof+0x69/0x4b0
[  256.018554][T18741]  ? alloc_empty_file+0x76/0x200
[  256.018580][T18741]  alloc_empty_file+0x76/0x200
[  256.018608][T18741]  path_openat+0x63/0x23b0
[  256.018687][T18741]  ? _parse_integer_limit+0x170/0x190
[  256.018713][T18741]  ? _parse_integer+0x27/0x40
[  256.018737][T18741]  ? kstrtoull+0x111/0x140
[  256.018758][T18741]  ? kstrtouint+0x76/0xc0
[  256.018780][T18741]  do_filp_open+0x109/0x230
[  256.018882][T18741]  do_sys_openat2+0xa6/0x150
[  256.018938][T18741]  __x64_sys_open+0xe6/0x110
[  256.019021][T18741]  x64_sys_call+0x166f/0x3000
[  256.019051][T18741]  do_syscall_64+0xca/0x2b0
[  256.019085][T18741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.019169][T18741] RIP: 0033:0x7f82fd18f749
[  256.019188][T18741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  256.019210][T18741] RSP: 002b:00007f82fbbef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  256.019242][T18741] RAX: ffffffffffffffda RBX: 00007f82fd3e5fa0 RCX: 00007f82fd18f749
[  256.019255][T18741] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 00002000000003c0
[  256.019268][T18741] RBP: 00007f82fbbef090 R08: 0000000000000000 R09: 0000000000000000
[  256.019295][T18741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  256.019307][T18741] R13: 00007f82fd3e6038 R14: 00007f82fd3e5fa0 R15: 00007ffd22392d28
[  256.019328][T18741]  </TASK>
[  256.020732][T18724] lo speed is unknown, defaulting to 1000
[  256.235334][   T12] kworker/u8:0: attempt to access beyond end of device
[  256.235334][   T12] loop6: rw=1, sector=153, nr_sectors = 8 limit=128
[  256.254939][T18734] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.264997][   T12] kworker/u8:0: attempt to access beyond end of device
[  256.264997][   T12] loop6: rw=1, sector=169, nr_sectors = 8 limit=128
[  256.280284][   T12] kworker/u8:0: attempt to access beyond end of device
[  256.280284][   T12] loop6: rw=1, sector=185, nr_sectors = 8 limit=128
[  256.295867][   T12] kworker/u8:0: attempt to access beyond end of device
[  256.295867][   T12] loop6: rw=1, sector=201, nr_sectors = 8 limit=128
[  256.328747][   T12] kworker/u8:0: attempt to access beyond end of device
[  256.328747][   T12] loop6: rw=1, sector=217, nr_sectors = 8 limit=128
[  256.345098][T18734] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.345111][   T12] kworker/u8:0: attempt to access beyond end of device
[  256.345111][   T12] loop6: rw=1, sector=233, nr_sectors = 8 limit=128
[  256.345157][   T12] kworker/u8:0: attempt to access beyond end of device
[  256.345157][   T12] loop6: rw=1, sector=249, nr_sectors = 8 limit=128
[  256.382537][   T12] kworker/u8:0: attempt to access beyond end of device
[  256.382537][   T12] loop6: rw=1, sector=265, nr_sectors = 8 limit=128
[  256.396730][   T12] kworker/u8:0: attempt to access beyond end of device
[  256.396730][   T12] loop6: rw=1, sector=281, nr_sectors = 8 limit=128
[  256.410291][   T12] kworker/u8:0: attempt to access beyond end of device
[  256.410291][   T12] loop6: rw=1, sector=297, nr_sectors = 8 limit=128
[  256.440515][T18758] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3942'.
[  256.451390][T18734] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.612108][  T324] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  256.640893][  T324] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  256.661459][  T324] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  256.679604][  T324] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  256.696657][T18770] loop6: detected capacity change from 0 to 164
[  256.704374][   T29] kauditd_printk_skb: 150 callbacks suppressed
[  256.704391][   T29] audit: type=1400 audit(256.687:10634): avc:  denied  { mount } for  pid=18769 comm="syz.6.3946" name="/" dev="loop6" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  256.735814][T18774] loop5: detected capacity change from 0 to 164
[  256.774631][   T29] audit: type=1400 audit(256.717:10635): avc:  denied  { unmount } for  pid=8765 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  256.856351][   T29] audit: type=1326 audit(256.827:10636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18785 comm="syz.4.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36e447f749 code=0x7ffc0000
[  256.879548][   T29] audit: type=1326 audit(256.827:10637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18785 comm="syz.4.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36e447f749 code=0x7ffc0000
[  256.902863][   T29] audit: type=1326 audit(256.827:10638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18785 comm="syz.4.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36e447f749 code=0x7ffc0000
[  256.908523][T18789] netlink: 'syz.3.3947': attribute type 10 has an invalid length.
[  256.926514][   T29] audit: type=1326 audit(256.827:10639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18785 comm="syz.4.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f36e447f749 code=0x7ffc0000
[  256.957720][   T29] audit: type=1326 audit(256.827:10640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18785 comm="syz.4.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36e447f749 code=0x7ffc0000
[  256.981239][   T29] audit: type=1326 audit(256.827:10641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18785 comm="syz.4.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36e447f749 code=0x7ffc0000
[  257.004602][   T29] audit: type=1326 audit(256.827:10642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18785 comm="syz.4.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36e447f749 code=0x7ffc0000
[  257.027667][   T29] audit: type=1326 audit(256.827:10643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18785 comm="syz.4.3948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f36e447f749 code=0x7ffc0000
[  257.092613][T18784] lo speed is unknown, defaulting to 1000
[  257.123309][T18799] FAULT_INJECTION: forcing a failure.
[  257.123309][T18799] name failslab, interval 1, probability 0, space 0, times 0
[  257.136037][T18799] CPU: 1 UID: 0 PID: 18799 Comm: syz.0.3957 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  257.136093][T18799] Tainted: [W]=WARN
[  257.136173][T18799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  257.136186][T18799] Call Trace:
[  257.136193][T18799]  <TASK>
[  257.136201][T18799]  __dump_stack+0x1d/0x30
[  257.136226][T18799]  dump_stack_lvl+0x95/0xd0
[  257.136247][T18799]  dump_stack+0x15/0x1b
[  257.136281][T18799]  should_fail_ex+0x265/0x280
[  257.136311][T18799]  should_failslab+0x8c/0xb0
[  257.136333][T18799]  kmem_cache_alloc_noprof+0x69/0x4b0
[  257.136354][T18799]  ? getname_flags+0x80/0x3b0
[  257.136415][T18799]  getname_flags+0x80/0x3b0
[  257.136437][T18799]  __x64_sys_rename+0x40/0x70
[  257.136459][T18799]  x64_sys_call+0x24e/0x3000
[  257.136511][T18799]  do_syscall_64+0xca/0x2b0
[  257.136543][T18799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.136567][T18799] RIP: 0033:0x7fad8bb5f749
[  257.136586][T18799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.136606][T18799] RSP: 002b:00007fad8a5bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[  257.136637][T18799] RAX: ffffffffffffffda RBX: 00007fad8bdb5fa0 RCX: 00007fad8bb5f749
[  257.136652][T18799] RDX: 0000000000000000 RSI: 0000200000001300 RDI: 0000200000000040
[  257.136665][T18799] RBP: 00007fad8a5bf090 R08: 0000000000000000 R09: 0000000000000000
[  257.136678][T18799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.136720][T18799] R13: 00007fad8bdb6038 R14: 00007fad8bdb5fa0 R15: 00007ffc7f90a208
[  257.136739][T18799]  </TASK>
[  257.431038][T18811] FAULT_INJECTION: forcing a failure.
[  257.431038][T18811] name failslab, interval 1, probability 0, space 0, times 0
[  257.443906][T18811] CPU: 0 UID: 0 PID: 18811 Comm: syz.5.3959 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  257.443952][T18811] Tainted: [W]=WARN
[  257.444000][T18811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  257.444012][T18811] Call Trace:
[  257.444050][T18811]  <TASK>
[  257.444060][T18811]  __dump_stack+0x1d/0x30
[  257.444092][T18811]  dump_stack_lvl+0x95/0xd0
[  257.444116][T18811]  dump_stack+0x15/0x1b
[  257.444141][T18811]  should_fail_ex+0x265/0x280
[  257.444169][T18811]  should_failslab+0x8c/0xb0
[  257.444247][T18811]  __kmalloc_cache_noprof+0x65/0x4c0
[  257.444300][T18811]  ? __se_sys_mount+0xef/0x2e0
[  257.444320][T18811]  ? memdup_user+0x99/0xd0
[  257.444373][T18811]  __se_sys_mount+0xef/0x2e0
[  257.444451][T18811]  ? fput+0x8f/0xc0
[  257.444476][T18811]  ? ksys_write+0x192/0x1a0
[  257.444498][T18811]  __x64_sys_mount+0x67/0x80
[  257.444523][T18811]  x64_sys_call+0x2cca/0x3000
[  257.444546][T18811]  do_syscall_64+0xca/0x2b0
[  257.444626][T18811]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.444647][T18811] RIP: 0033:0x7f395aeef749
[  257.444666][T18811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.444757][T18811] RSP: 002b:00007f3959936038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  257.444855][T18811] RAX: ffffffffffffffda RBX: 00007f395b146090 RCX: 00007f395aeef749
[  257.444868][T18811] RDX: 0000200000000040 RSI: 0000200000000000 RDI: 0000000000000000
[  257.444881][T18811] RBP: 00007f3959936090 R08: 0000200000000100 R09: 0000000000000000
[  257.444896][T18811] R10: 0000000000200000 R11: 0000000000000246 R12: 0000000000000001
[  257.444910][T18811] R13: 00007f395b146128 R14: 00007f395b146090 R15: 00007ffd9a8aa708
[  257.444932][T18811]  </TASK>
[  257.952546][T18844] FAULT_INJECTION: forcing a failure.
[  257.952546][T18844] name failslab, interval 1, probability 0, space 0, times 0
[  257.965471][T18844] CPU: 1 UID: 0 PID: 18844 Comm: syz.4.3973 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  257.965536][T18844] Tainted: [W]=WARN
[  257.965545][T18844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  257.965560][T18844] Call Trace:
[  257.965568][T18844]  <TASK>
[  257.965577][T18844]  __dump_stack+0x1d/0x30
[  257.965602][T18844]  dump_stack_lvl+0x95/0xd0
[  257.965678][T18844]  dump_stack+0x15/0x1b
[  257.965702][T18844]  should_fail_ex+0x265/0x280
[  257.965732][T18844]  should_failslab+0x8c/0xb0
[  257.965756][T18844]  kmem_cache_alloc_noprof+0x69/0x4b0
[  257.965778][T18844]  ? skb_clone+0x151/0x1f0
[  257.965831][T18844]  skb_clone+0x151/0x1f0
[  257.965856][T18844]  __netlink_deliver_tap+0x2c9/0x500
[  257.965888][T18844]  netlink_unicast+0x66b/0x690
[  257.965958][T18844]  netlink_sendmsg+0x58b/0x6b0
[  257.965988][T18844]  ? __pfx_netlink_sendmsg+0x10/0x10
[  257.966081][T18844]  __sock_sendmsg+0x145/0x180
[  257.966106][T18844]  ____sys_sendmsg+0x31e/0x4a0
[  257.966142][T18844]  ___sys_sendmsg+0x17b/0x1d0
[  257.966215][T18844]  __x64_sys_sendmsg+0xd4/0x160
[  257.966252][T18844]  x64_sys_call+0x17ba/0x3000
[  257.966356][T18844]  do_syscall_64+0xca/0x2b0
[  257.966391][T18844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.966458][T18844] RIP: 0033:0x7f36e447f749
[  257.966475][T18844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.966517][T18844] RSP: 002b:00007f36e2edf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  257.966550][T18844] RAX: ffffffffffffffda RBX: 00007f36e46d5fa0 RCX: 00007f36e447f749
[  257.966566][T18844] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000003
[  257.966581][T18844] RBP: 00007f36e2edf090 R08: 0000000000000000 R09: 0000000000000000
[  257.966595][T18844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.966629][T18844] R13: 00007f36e46d6038 R14: 00007f36e46d5fa0 R15: 00007ffc53b4de38
[  257.966652][T18844]  </TASK>
[  258.157636][T18847] netlink: 'syz.3.3972': attribute type 10 has an invalid length.
[  258.258778][T18849] loop4: detected capacity change from 0 to 4096
[  258.290930][T18846] lo speed is unknown, defaulting to 1000
[  258.400573][T18849] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.434891][T18854] loop6: detected capacity change from 0 to 1024
[  258.486097][T15624] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.505653][T18854] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  258.536656][T18854] EXT4-fs error (device loop6): ext4_map_blocks:825: inode #15: comm syz.6.3976: lblock 0 mapped to illegal pblock 0 (length 6)
[  258.585299][T18854] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117
[  258.597653][T18854] EXT4-fs (loop6): This should not happen!! Data will be lost
[  258.597653][T18854] 
[  258.616426][T18862] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.694694][T18865] FAULT_INJECTION: forcing a failure.
[  258.694694][T18865] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  258.707998][T18865] CPU: 1 UID: 0 PID: 18865 Comm: syz.0.3979 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  258.708069][T18865] Tainted: [W]=WARN
[  258.708078][T18865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  258.708090][T18865] Call Trace:
[  258.708098][T18865]  <TASK>
[  258.708107][T18865]  __dump_stack+0x1d/0x30
[  258.708139][T18865]  dump_stack_lvl+0x95/0xd0
[  258.708190][T18865]  dump_stack+0x15/0x1b
[  258.708267][T18865]  should_fail_ex+0x265/0x280
[  258.708364][T18865]  should_fail+0xb/0x20
[  258.708383][T18865]  should_fail_usercopy+0x1a/0x20
[  258.708433][T18865]  strncpy_from_user+0x27/0x260
[  258.708505][T18865]  getname_flags+0xae/0x3b0
[  258.708550][T18865]  do_sys_openat2+0x60/0x150
[  258.708664][T18865]  __x64_sys_open+0xe6/0x110
[  258.708693][T18865]  x64_sys_call+0x166f/0x3000
[  258.708793][T18865]  do_syscall_64+0xca/0x2b0
[  258.708905][T18865]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.708931][T18865] RIP: 0033:0x7fad8bb5f749
[  258.708949][T18865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  258.709040][T18865] RSP: 002b:00007fad8a5bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  258.709066][T18865] RAX: ffffffffffffffda RBX: 00007fad8bdb5fa0 RCX: 00007fad8bb5f749
[  258.709080][T18865] RDX: 000000000000002c RSI: 0000000000008060 RDI: 00002000000003c0
[  258.709095][T18865] RBP: 00007fad8a5bf090 R08: 0000000000000000 R09: 0000000000000000
[  258.709115][T18865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  258.709130][T18865] R13: 00007fad8bdb6038 R14: 00007fad8bdb5fa0 R15: 00007ffc7f90a208
[  258.709153][T18865]  </TASK>
[  258.711550][T18862] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.744477][T18863] EXT4-fs error (device loop6): ext4_map_blocks:783: inode #15: comm syz.6.3976: lblock 0 mapped to illegal pblock 0 (length 1)
[  258.993914][T18862] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  259.025443][T18863] EXT4-fs error (device loop6): ext4_ext_remove_space:2955: inode #15: comm syz.6.3976: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  259.049793][T18863] EXT4-fs error (device loop6) in ext4_setattr:6035: Corrupt filesystem
[  259.059696][T18862] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  259.105246][ T8765] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  259.188714][T18887] __nla_validate_parse: 6 callbacks suppressed
[  259.188733][T18887] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3987'.
[  259.303833][T18892] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3989'.
[  259.376506][T18904] loop3: detected capacity change from 0 to 1024
[  259.386914][T18906] loop6: detected capacity change from 0 to 1024
[  259.397690][T18904] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  259.417256][T18904] EXT4-fs error (device loop3): ext4_read_inline_dir:1486: inode #12: block 7: comm syz.3.3993: path /246/file1/file0: bad entry in directory: inode out of bounds - offset=24, inode=150994957, rec_len=16, size=80 fake=0
[  259.445761][T18895] loop5: detected capacity change from 0 to 164
[  259.451514][T18906] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  259.462907][T18895] iso9660: Unknown parameter 'unOide'
[  259.482166][T16049] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.492347][T18914] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3996'.
[  259.504894][T18914] binfmt_misc: register: failed to install interpreter file ./file0
[  259.505148][T18906] SELinux: failed to load policy
[  259.528693][T18895] netlink: 2 bytes leftover after parsing attributes in process `syz.5.3988'.
[  259.537682][T18895] netlink: 2 bytes leftover after parsing attributes in process `syz.5.3988'.
[  259.554473][T18906] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3994'.
[  259.565868][T18918] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3996'.
[  259.582228][T18914] binfmt_misc: register: failed to install interpreter file ./file0
[  259.618574][ T8765] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.643433][T18924] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4000'.
[  259.668910][T18924] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  259.821184][T18939] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4005'.
[  259.884809][T18948] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18948 comm=syz.6.4005
[  259.968002][T18950] netlink: 52 bytes leftover after parsing attributes in process `syz.0.4011'.
[  259.983086][T18950] tipc: Resetting bearer <eth:veth0_macvtap>
[  260.043906][T18950] tipc: Disabling bearer <eth:veth0_macvtap>
[  260.319303][T18981] loop5: detected capacity change from 0 to 1024
[  260.326579][T18981] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  260.337581][T18981] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  260.345976][T18981] EXT4-fs (loop5): orphan cleanup on readonly fs
[  260.354322][T18981] EXT4-fs error (device loop5): __ext4_get_inode_loc:4830: comm syz.5.4024: Invalid inode table block 0 in block_group 0
[  260.367493][T18981] EXT4-fs (loop5): Remounting filesystem read-only
[  260.374282][T18981] EXT4-fs (loop5): 1 truncate cleaned up
[  260.380639][T18981] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  260.393860][T18981] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  260.632772][T18986] loop5: detected capacity change from 0 to 164
[  260.639579][T18986] iso9660: Unknown parameter 'unOide'
[  260.734248][T19005] FAULT_INJECTION: forcing a failure.
[  260.734248][T19005] name failslab, interval 1, probability 0, space 0, times 0
[  260.747465][T19005] CPU: 0 UID: 0 PID: 19005 Comm: syz.3.4034 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  260.747492][T19005] Tainted: [W]=WARN
[  260.747576][T19005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  260.747584][T19005] Call Trace:
[  260.747588][T19005]  <TASK>
[  260.747594][T19005]  __dump_stack+0x1d/0x30
[  260.747609][T19005]  dump_stack_lvl+0x95/0xd0
[  260.747673][T19005]  dump_stack+0x15/0x1b
[  260.747683][T19005]  should_fail_ex+0x265/0x280
[  260.747696][T19005]  should_failslab+0x8c/0xb0
[  260.747708][T19005]  __kmalloc_cache_noprof+0x65/0x4c0
[  260.747747][T19005]  ? alloc_tty_struct+0x4c/0x3c0
[  260.747831][T19005]  alloc_tty_struct+0x4c/0x3c0
[  260.747843][T19005]  ? pty_unix98_install+0x8f/0x390
[  260.747869][T19005]  pty_unix98_install+0x105/0x390
[  260.748027][T19005]  tty_init_dev+0x7c/0x320
[  260.748085][T19005]  ptmx_open+0x10b/0x2b0
[  260.748100][T19005]  chrdev_open+0x2eb/0x3a0
[  260.748186][T19005]  ? __pfx_chrdev_open+0x10/0x10
[  260.748197][T19005]  do_dentry_open+0x54b/0xa60
[  260.748287][T19005]  vfs_open+0x37/0x1e0
[  260.748300][T19005]  path_openat+0x1ddd/0x23b0
[  260.748373][T19005]  ? path_openat+0x1e82/0x23b0
[  260.748393][T19005]  do_filp_open+0x109/0x230
[  260.748467][T19005]  file_open_name+0xfa/0x120
[  260.748488][T19005]  __se_sys_acct+0xeb/0x520
[  260.748542][T19005]  __x64_sys_acct+0x1f/0x30
[  260.748557][T19005]  x64_sys_call+0x2923/0x3000
[  260.748621][T19005]  do_syscall_64+0xca/0x2b0
[  260.748720][T19005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.748780][T19005] RIP: 0033:0x7f9c4f52f749
[  260.748792][T19005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.748805][T19005] RSP: 002b:00007f9c4df97038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3
[  260.748881][T19005] RAX: ffffffffffffffda RBX: 00007f9c4f785fa0 RCX: 00007f9c4f52f749
[  260.748891][T19005] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040
[  260.748900][T19005] RBP: 00007f9c4df97090 R08: 0000000000000000 R09: 0000000000000000
[  260.748983][T19005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  260.748991][T19005] R13: 00007f9c4f786038 R14: 00007f9c4f785fa0 R15: 00007ffcc68091c8
[  260.749005][T19005]  </TASK>
[  260.996054][T19009] loop6: detected capacity change from 0 to 512
[  261.020050][T19014] FAULT_INJECTION: forcing a failure.
[  261.020050][T19014] name failslab, interval 1, probability 0, space 0, times 0
[  261.032855][T19014] CPU: 1 UID: 0 PID: 19014 Comm: syz.3.4038 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  261.032894][T19014] Tainted: [W]=WARN
[  261.032903][T19014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  261.032917][T19014] Call Trace:
[  261.032924][T19014]  <TASK>
[  261.032933][T19014]  __dump_stack+0x1d/0x30
[  261.032967][T19014]  dump_stack_lvl+0x95/0xd0
[  261.032987][T19014]  dump_stack+0x15/0x1b
[  261.033031][T19014]  should_fail_ex+0x265/0x280
[  261.033112][T19014]  should_failslab+0x8c/0xb0
[  261.033139][T19014]  __kmalloc_node_track_caller_noprof+0xb9/0x5b0
[  261.033152][T19015] loop6: detected capacity change from 0 to 1024
[  261.033170][T19014]  ? sidtab_sid2str_get+0xa0/0x130
[  261.033203][T19014]  kmemdup_noprof+0x2b/0x70
[  261.033225][T19014]  sidtab_sid2str_get+0xa0/0x130
[  261.033375][T19014]  security_sid_to_context_core+0x1eb/0x2e0
[  261.033517][T19014]  security_sid_to_context+0x27/0x40
[  261.033545][T19014]  selinux_lsmprop_to_secctx+0x67/0xf0
[  261.033582][T19014]  security_lsmprop_to_secctx+0x1a3/0x1c0
[  261.033605][T19014]  audit_log_subj_ctx+0xa4/0x3e0
[  261.033648][T19014]  ? skb_put+0xa9/0xf0
[  261.033673][T19014]  audit_log_task_context+0x48/0x70
[  261.033697][T19014]  audit_log_task+0xf4/0x250
[  261.033763][T19014]  ? kstrtouint+0x76/0xc0
[  261.033783][T19014]  audit_seccomp+0x61/0x100
[  261.033893][T19014]  ? __seccomp_filter+0x832/0x1260
[  261.033926][T19014]  __seccomp_filter+0x843/0x1260
[  261.033954][T19014]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  261.034061][T19014]  ? vfs_write+0x7e8/0x960
[  261.034079][T19014]  ? __rcu_read_unlock+0x4f/0x70
[  261.034177][T19014]  ? __fget_files+0x184/0x1c0
[  261.034202][T19014]  __secure_computing+0x82/0x150
[  261.034288][T19014]  syscall_trace_enter+0xcf/0x1e0
[  261.034312][T19014]  do_syscall_64+0xa4/0x2b0
[  261.034385][T19014]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.034408][T19014] RIP: 0033:0x7f9c4f52f749
[  261.034432][T19014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  261.034451][T19014] RSP: 002b:00007f9c4df97038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4
[  261.034474][T19014] RAX: ffffffffffffffda RBX: 00007f9c4f785fa0 RCX: 00007f9c4f52f749
[  261.034488][T19014] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000000
[  261.034554][T19014] RBP: 00007f9c4df97090 R08: 0000000000000000 R09: 0000000000000000
[  261.034567][T19014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  261.034580][T19014] R13: 00007f9c4f786038 R14: 00007f9c4f785fa0 R15: 00007ffcc68091c8
[  261.034599][T19014]  </TASK>
[  261.292167][T19022] macvlan0: entered promiscuous mode
[  261.292813][T19015] ext4: Unknown parameter 'euid>00000000000000000000'
[  261.306698][T19022] netlink: 'syz.0.4041': attribute type 1 has an invalid length.
[  261.314588][T19022] netlink: 'syz.0.4041': attribute type 2 has an invalid length.
[  261.322477][T19024] smc: net device ip6gretap0 applied user defined pnetid SYZ2
[  261.336676][T19024] smc: net device ip6gretap0 erased user defined pnetid SYZ2
[  261.565573][  T324] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  261.590569][  T324] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  261.616134][  T324] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  261.645352][  T324] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  261.718051][   T29] kauditd_printk_skb: 757 callbacks suppressed
[  261.718069][   T29] audit: type=1400 audit(261.697:11398): avc:  denied  { read } for  pid=19044 comm="syz.4.4049" name="nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  261.747037][   T29] audit: type=1400 audit(261.697:11399): avc:  denied  { open } for  pid=19044 comm="syz.4.4049" path="/dev/nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  261.988520][T19054] netlink: 'syz.4.4052': attribute type 10 has an invalid length.
[  261.997533][T19054] bond0: (slave dummy0): Releasing backup interface
[  262.025163][T19054] team0: Port device dummy0 added
[  262.044183][T19055] netlink: 'syz.4.4052': attribute type 10 has an invalid length.
[  262.056525][T19053] lo speed is unknown, defaulting to 1000
[  262.078217][T19055] team0: Port device dummy0 removed
[  262.112515][T19055] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  262.304045][T19033] ==================================================================
[  262.312184][T19033] BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
[  262.322039][T19033] 
[  262.324382][T19033] read-write to 0xffffffff86809a00 of 8 bytes by interrupt on cpu 0:
[  262.332512][T19033]  tick_do_update_jiffies64+0x113/0x1c0
[  262.338105][T19033]  tick_nohz_handler+0x8d/0x3d0
[  262.342996][T19033]  __hrtimer_run_queues+0x20f/0x5a0
[  262.348321][T19033]  hrtimer_interrupt+0x21a/0x460
[  262.353326][T19033]  __sysvec_apic_timer_interrupt+0x5f/0x1d0
[  262.359226][T19033]  sysvec_apic_timer_interrupt+0x32/0x80
[  262.364870][T19033]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  262.370945][T19033] 
[  262.373273][T19033] read to 0xffffffff86809a00 of 8 bytes by task 19033 on cpu 1:
[  262.380903][T19033]  mem_cgroup_flush_stats_ratelimited+0x29/0x70
[  262.387148][T19033]  count_shadow_nodes+0x6a/0x230
[  262.392102][T19033]  do_shrink_slab+0x63/0x680
[  262.396692][T19033]  shrink_slab+0x4f5/0x840
[  262.401109][T19033]  shrink_node+0x6a9/0x2010
[  262.405615][T19033]  do_try_to_free_pages+0x3f6/0xcd0
[  262.410821][T19033]  try_to_free_mem_cgroup_pages+0x1ab/0x410
[  262.416727][T19033]  try_charge_memcg+0x383/0xa10
[  262.421589][T19033]  obj_cgroup_charge_pages+0xa6/0x150
[  262.426969][T19033]  __memcg_kmem_charge_page+0x9f/0x170
[  262.432436][T19033]  __alloc_frozen_pages_noprof+0x18f/0x360
[  262.438284][T19033]  alloc_pages_mpol+0xb3/0x260
[  262.443073][T19033]  alloc_pages_noprof+0x90/0x130
[  262.448114][T19033]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  262.454016][T19033]  __kvmalloc_node_noprof+0x492/0x6b0
[  262.459741][T19033]  ip_set_alloc+0x24/0x30
[  262.464263][T19033]  hash_netiface_create+0x282/0x740
[  262.469476][T19033]  ip_set_create+0x3cc/0x970
[  262.474099][T19033]  nfnetlink_rcv_msg+0x4c6/0x590
[  262.479060][T19033]  netlink_rcv_skb+0x123/0x220
[  262.483933][T19033]  nfnetlink_rcv+0x167/0x16c0
[  262.488622][T19033]  netlink_unicast+0x5c0/0x690
[  262.493399][T19033]  netlink_sendmsg+0x58b/0x6b0
[  262.498180][T19033]  __sock_sendmsg+0x145/0x180
[  262.502863][T19033]  ____sys_sendmsg+0x31e/0x4a0
[  262.507639][T19033]  ___sys_sendmsg+0x17b/0x1d0
[  262.512325][T19033]  __x64_sys_sendmsg+0xd4/0x160
[  262.517182][T19033]  x64_sys_call+0x17ba/0x3000
[  262.521869][T19033]  do_syscall_64+0xca/0x2b0
[  262.526381][T19033]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.532307][T19033] 
[  262.534632][T19033] value changed: 0x00000000fffff115 -> 0x00000000fffff116
[  262.541737][T19033] 
[  262.544057][T19033] Reported by Kernel Concurrency Sanitizer on:
[  262.550292][T19033] CPU: 1 UID: 0 PID: 19033 Comm: syz.5.4045 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  262.561669][T19033] Tainted: [W]=WARN
[  262.565494][T19033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  262.575550][T19033] ==================================================================
[  262.645970][T19033] syz.5.4045 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  262.660422][T19033] CPU: 0 UID: 0 PID: 19033 Comm: syz.5.4045 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  262.660520][T19033] Tainted: [W]=WARN
[  262.660528][T19033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  262.660617][T19033] Call Trace:
[  262.660626][T19033]  <TASK>
[  262.660636][T19033]  __dump_stack+0x1d/0x30
[  262.660664][T19033]  dump_stack_lvl+0x95/0xd0
[  262.660725][T19033]  dump_stack+0x15/0x1b
[  262.660771][T19033]  dump_header+0x81/0x240
[  262.660791][T19033]  oom_kill_process+0x295/0x350
[  262.660813][T19033]  out_of_memory+0x97b/0xb80
[  262.660915][T19033]  try_charge_memcg+0x610/0xa10
[  262.660993][T19033]  obj_cgroup_charge_pages+0xa6/0x150
[  262.661029][T19033]  __memcg_kmem_charge_page+0x9f/0x170
[  262.661056][T19033]  __alloc_frozen_pages_noprof+0x18f/0x360
[  262.661148][T19033]  alloc_pages_mpol+0xb3/0x260
[  262.661180][T19033]  alloc_pages_noprof+0x90/0x130
[  262.661215][T19033]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  262.661252][T19033]  __kvmalloc_node_noprof+0x492/0x6b0
[  262.661315][T19033]  ? ip_set_alloc+0x24/0x30
[  262.661343][T19033]  ? ip_set_alloc+0x24/0x30
[  262.661381][T19033]  ip_set_alloc+0x24/0x30
[  262.661430][T19033]  hash_netiface_create+0x282/0x740
[  262.661466][T19033]  ? __pfx_hash_netiface_create+0x10/0x10
[  262.661557][T19033]  ip_set_create+0x3cc/0x970
[  262.661602][T19033]  ? __nla_parse+0x40/0x60
[  262.661636][T19033]  nfnetlink_rcv_msg+0x4c6/0x590
[  262.661716][T19033]  netlink_rcv_skb+0x123/0x220
[  262.661752][T19033]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  262.661786][T19033]  nfnetlink_rcv+0x167/0x16c0
[  262.661846][T19033]  ? kmem_cache_free+0xe3/0x3a0
[  262.661879][T19033]  ? __kfree_skb+0x109/0x150
[  262.661902][T19033]  ? nlmon_xmit+0x4f/0x60
[  262.661920][T19033]  ? consume_skb+0x49/0x150
[  262.662002][T19033]  ? nlmon_xmit+0x4f/0x60
[  262.662026][T19033]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  262.662123][T19033]  ? __dev_queue_xmit+0x13a6/0x1ee0
[  262.662148][T19033]  ? __dev_queue_xmit+0x148/0x1ee0
[  262.662204][T19033]  ? ref_tracker_free+0x37d/0x3e0
[  262.662233][T19033]  ? __netlink_deliver_tap+0x4dc/0x500
[  262.662269][T19033]  netlink_unicast+0x5c0/0x690
[  262.662313][T19033]  netlink_sendmsg+0x58b/0x6b0
[  262.662349][T19033]  ? __pfx_netlink_sendmsg+0x10/0x10
[  262.662418][T19033]  __sock_sendmsg+0x145/0x180
[  262.662445][T19033]  ____sys_sendmsg+0x31e/0x4a0
[  262.662643][T19033]  ___sys_sendmsg+0x17b/0x1d0
[  262.662682][T19033]  __x64_sys_sendmsg+0xd4/0x160
[  262.662705][T19033]  x64_sys_call+0x17ba/0x3000
[  262.662807][T19033]  do_syscall_64+0xca/0x2b0
[  262.662832][T19033]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.662848][T19033] RIP: 0033:0x7f395aeef749
[  262.662862][T19033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  262.662879][T19033] RSP: 002b:00007f3959957038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  262.663027][T19033] RAX: ffffffffffffffda RBX: 00007f395b145fa0 RCX: 00007f395aeef749
[  262.663110][T19033] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000005
[  262.663121][T19033] RBP: 00007f395af73f91 R08: 0000000000000000 R09: 0000000000000000
[  262.663130][T19033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  262.663140][T19033] R13: 00007f395b146038 R14: 00007f395b145fa0 R15: 00007ffd9a8aa708
[  262.663154][T19033]  </TASK>
[  262.663161][T19033] memory: usage 307200kB, limit 307200kB, failcnt 3332
[  262.999192][T19033] memory+swap: usage 318968kB, limit 9007199254740988kB, failcnt 0
[  263.007113][T19033] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0
[  263.014571][T19033] Memory cgroup stats for /syz5:
[  263.014880][T19033] cache 0
[  263.022744][T19033] rss 0
[  263.025512][T19033] shmem 0
[  263.028440][T19033] mapped_file 0
[  263.031873][T19033] dirty 0
[  263.034893][T19033] writeback 0
[  263.038161][T19033] workingset_refault_anon 132
[  263.042816][T19033] workingset_refault_file 127
[  263.047663][T19033] swap 12050432
[  263.051122][T19033] swapcached 0
[  263.054599][T19033] pgpgin 147874
[  263.058054][T19033] pgpgout 147872
[  263.061582][T19033] pgfault 153285
[  263.065136][T19033] pgmajfault 106
[  263.068673][T19033] inactive_anon 0
[  263.072388][T19033] active_anon 0
[  263.075858][T19033] inactive_file 0
[  263.079468][T19033] active_file 8192
[  263.083279][T19033] unevictable 0
[  263.086863][T19033] hierarchical_memory_limit 314572800
[  263.092295][T19033] hierarchical_memsw_limit 9223372036854771712
[  263.098527][T19033] total_cache 0
[  263.101965][T19033] total_rss 0
[  263.105372][T19033] total_shmem 0
[  263.108882][T19033] total_mapped_file 0
[  263.112844][T19033] total_dirty 0
[  263.116294][T19033] total_writeback 0
[  263.120145][T19033] total_workingset_refault_anon 132
[  263.125397][T19033] total_workingset_refault_file 127
[  263.130594][T19033] total_swap 12050432
[  263.134606][T19033] total_swapcached 0
[  263.138480][T19033] total_pgpgin 147874
[  263.142438][T19033] total_pgpgout 147872
[  263.146509][T19033] total_pgfault 153285
[  263.150570][T19033] total_pgmajfault 106
[  263.154706][T19033] total_inactive_anon 0
[  263.158834][T19033] total_active_anon 0
[  263.162832][T19033] total_inactive_file 0
[  263.167027][T19033] total_active_file 8192
[  263.171300][T19033] total_unevictable 0
[  263.175327][T19033] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.4045,pid=19031,uid=0
[  263.189966][T19033] Memory cgroup out of memory: Killed process 19031 (syz.5.4045) total-vm:96016kB, anon-rss:1136kB, file-rss:22332kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000