last executing test programs:

7m33.269788252s ago: executing program 4 (id=537):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
pipe2$9p(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x2}, 0x18)
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x440400, 0x0)
openat$cgroup_subtree(r3, &(0x7f0000000200), 0x2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_9p2000}]}})

7m33.162907172s ago: executing program 4 (id=542):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000400)='kfree\x00', r0}, 0x18)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000640)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615, 0xef}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0x8}]}}}]}, 0x3c}}, 0x0)

7m33.150570513s ago: executing program 4 (id=543):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000005000000005e002200850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth0\x00', <r2=>0x0})
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f00000004c0)={r2, 0x3, 0x6, @broadcast}, 0x10)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]})
close_range(r3, 0xffffffffffffffff, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r4)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYRES64=r4, @ANYRES16=r3, @ANYBLOB="010027bd7000000000000c000000200001801400020076657468315f09005f62617461647600080003000200000014000380100003800c0001800800010007000000"], 0x48}}, 0x804)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000013000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
ustat(0x3, &(0x7f0000000040))
io_setup(0x2, &(0x7f0000000000)=<r7=>0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x3c}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
r9 = eventfd(0x0)
io_submit(r7, 0x3, &(0x7f00000004c0)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x100, r9, &(0x7f0000000380)='\x00\x00@\x00\x00\x00\x00\x00', 0x8, 0x3}, 0x0, 0x0])
rt_sigpending(0x0, 0x0)

7m33.122823526s ago: executing program 4 (id=544):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000080)={[{@i_version}, {@nogrpid}, {@bh}]}, 0x1, 0x51d, &(0x7f0000000200)="$eJzs3c9vHFcdAPDvTLK2k7h1WnoABG1oCwFFWceb1qp6gHJCCFVC9AhSauyNZXnXa3nXpTaRcM9ckajECY78AZx74s4FwY1LOSDxwwLVSBwGzezY2di79uaHvZb385FG89688X7fizPvzbxd7wtgbN2IiJ2ImIiI9yNipjyelFu8093y8z7bfbC4t/tgMYkse++fSVGeH4uen8ldK19zKiJ+8J2IHydH47a3tlcXGo36Rpmf7TTXZ9tb27dXmgvL9eX6Wq02Pzd/5627b9YeozVTx5a+0pwoU1/+9A873/hpXq3p8khvO56lbtMrB3FylyPie6cRbAQule2ZGHVFeCJpRLwYEa8W1/9MXCp+mwDARZZlM5HN9OYBgIsuLebAkrRazgVMR5pWq905vJfiatpotTu37rc215a6c2XXo5LeX2nU75RzhdejkuT5uSL9MF87lL8bES9ExC8mrxT56mKrsTTKGx8AGGPXDo3//5nsjv8AwAV3/MdmAICLyPgPAOPH+A8A48f4DwDjpzv+X3ncH8uy7GenUR0A4Ax4/geA8WP8B4Cx8v133823bK/8/uulD7Y2V1sf3F6qt1erzc3F6mJrY7263GotF9/Z0zzp9Rqt1vrcG7H54fVvrrc7s+2t7XvN1uZa517xvd736pXirJ0zaBkAMMgLr3zy5yQfkd++UmzRs5ZDZaQ1A05bOuoKACNzadQVAEbGal8wvh4+4z/2hwBMD8AF0WeJ3kdM9fsDoSzLstOrEnDKbn7B/D+Mq575f58ChjFz0vx/sTawNwnhQjL/D+Mry5Jh1/yPYU8EAM63Y+b4r5/lfQgwOgPe/3+x3P+2fHPgR0uHz/j4NGsFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA59v++r/Vcpnf6UjTajXiuWIBoEpyf6VRvxMRz0fEnyYrk3l+bsR1BgCeVvq3pFz/6+bM69OPFL187SA5ERE/+dV7v/xwodPZ+GPERPKvyf3jnY/L47UTg02dRgsAgOPtj9PFvudB/rPdB4v721nW5+/f7t4V5HH3didi7yD+5bhc7KeiEhFX/52U+a6kZ+7iaex8FBGf79f+JKaLOZDuLcvh+Hns5840fvpI/LRcoDkt/y0+9wzqAuPmk7z/eaff9ZfGjWLf//qfKnqop1f2f/lLLe4VfeDD+Pv936UB/d+NYWO88fvvdlNXjpZ9FPHFyxH7sfd6+p/9+MmA+K8PGf8vX3r51UFl2a8jbkb/+L2xZjvN9dn21vbtlebCcn25vlarzc/N33nr7pu12WKOenbwaPCPt289P6gsb//VAfGnTmj/V4ds/2/+9/4Pv3JM/K+/1i9+Gi8dEz8fE782ZPyFq78b+Nydx1862v5kmN//rSHjf/rX7SPLhgMAo9Pe2l5daDTqGxIS5z+R/5c9B9Xom/jWWcWaiP5FP3+te00fKsqyJ4o1qMd4FrNuwHlwcNFHxH9HXRkAAAAAAAAAAAAAAKCvs/iLpVG3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIvr/wEAAP//Rb3T2A==")
r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x182)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x125042, 0x148)
fallocate(r1, 0x0, 0xbf5, 0x2000402)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000007c0), r2)
sendmsg$TIPC_NL_KEY_FLUSH(r2, &(0x7f0000000a40)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000800)={0x1cc, r3, 0xa00, 0x70bd29, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x58, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}]}, @TIPC_NLA_NODE={0x5c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_KEY={0x41, 0x4, {'gcm(aes)\x00', 0x19, "9480756d0d4f459148bcd2009e32da65cb5723cb9b2714f8e0"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x1ff}]}, @TIPC_NLA_LINK={0xf8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xb4ca}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x200}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}]}, @TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1d73e5ca}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x400}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xace2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffff9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9f67}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5230a19f}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ddaccc3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}]}]}]}, 0x1cc}}, 0x40)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xc, r1, 0x1000000, 0x0, 0x0, 0xfffffffffdffffff})
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000000000000000000000001fe8000000000000000000000000000bb00000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000020000000000000000000008000000000000000000a000000000000feffffffff7f400002000000000000080000000000000000010000000000000044000500ac1414aa000000000000000000000000000000003c00000002000000ffffffff0000000000000000000000000600000004"], 0xfc}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r6, &(0x7f00000001c0), 0x37)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)={0x0, 0x0, 0x7})
r7 = openat$random(0xffffffffffffff9c, &(0x7f000000fe80), 0x40800, 0x0)
ioctl$RNDADDENTROPY(r7, 0x5207, 0x0)
setsockopt$bt_BT_DEFER_SETUP(r6, 0x112, 0x7, &(0x7f0000000580)=0x5, 0x4)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r8, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="58000000100095ff0000f4ff0100000000000000f5ea9448f65b1a6f76760c97b91c740b91ceadebb5230c0100000056861f436862589c5406cc592d3de42909544d13780b", @ANYRES32=0x0, @ANYBLOB="0000000008440000300012800b00010067656e65766500002000028005000c0000000000140007000000000000000000000000000000000108000a00", @ANYRES32=r8, @ANYBLOB], 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r9)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xf, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r10}, 0x10)
ptrace$getregset(0x4204, r9, 0x2, &(0x7f0000000740)={0x0})

7m33.048224843s ago: executing program 4 (id=545):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x91}, [@ldst={0x6, 0x2}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x39}, 0x4d)
clock_nanosleep(0x7, 0x0, &(0x7f0000000140), &(0x7f0000000180))
r0 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x10, 0x1401, 0x10, 0x70bd2b, 0x25dfdbfb}, 0x10}, 0x1, 0x0, 0x0, 0x24000848}, 0x80)
r2 = semget$private(0x0, 0x6, 0x0)
semtimedop(r2, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)
semop(r2, &(0x7f00000000c0)=[{0x4, 0x0, 0x800}, {0x2}], 0x2)
semop(r2, &(0x7f0000001240)=[{}, {0x2, 0x0, 0x2000}], 0x2)
semctl$IPC_RMID(r2, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000300)={<r3=>0x0, <r4=>0x0})
semtimedop(r2, &(0x7f0000000200)=[{0x1, 0x4, 0x1800}, {0x4, 0x0, 0x1000}], 0x2, &(0x7f0000000340)={r3, r4+10000000})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@getqdisc={0x0, 0x26, 0x2, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x5, 0xffff}, {0x12, 0xa}, {0x0, 0x9}}, [{}, {}, {}, {}, {}, {}]}, 0x18c}, 0x1, 0x0, 0x0, 0x40815}, 0x8094)

7m32.915967326s ago: executing program 4 (id=547):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000100)=0x1e79, 0x4)
r1 = socket(0x18, 0x0, 0x0)
connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0x4, @random="45e3f364e554", 'sit0\x00'}}, 0x1e)
sendmmsg$sock(r1, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x2000409c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWRULE={0x94, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x68, 0x4, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_INFO={0x2c, 0x3, "ebae551382395afa4d23edfcbe6d55b57cb15e63c15946395916e2b388abc3d6ce2316334e8278ad"}, @NFTA_MATCH_NAME={0xa, 0x1, 'limit\x00'}]}}}, {0x10, 0x1, 0x0, 0x1, @dynset={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xbc}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8)
syz_open_dev$tty20(0xc, 0x4, 0x1)

7m32.915730556s ago: executing program 32 (id=547):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000100)=0x1e79, 0x4)
r1 = socket(0x18, 0x0, 0x0)
connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0x4, @random="45e3f364e554", 'sit0\x00'}}, 0x1e)
sendmmsg$sock(r1, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x2000409c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWRULE={0x94, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x68, 0x4, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_INFO={0x2c, 0x3, "ebae551382395afa4d23edfcbe6d55b57cb15e63c15946395916e2b388abc3d6ce2316334e8278ad"}, @NFTA_MATCH_NAME={0xa, 0x1, 'limit\x00'}]}}}, {0x10, 0x1, 0x0, 0x1, @dynset={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xbc}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8)
syz_open_dev$tty20(0xc, 0x4, 0x1)

3.509752105s ago: executing program 0 (id=8699):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a300000000008000a40ffffffff580000000c0a010100000000000000000a0000060900020073797a30000000000900010073797a31000000012c0003802800008004000180200007800e000100636f6e6e6c696d69740000000c000280080001"], 0xbc}, 0x1, 0x0, 0x0, 0x4000851}, 0x40)

3.473804648s ago: executing program 0 (id=8701):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b700000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000180)=@gcm_256={{0x304}, "2d1b228ddbcbeb3b", "125c2b383f5cae83637e9674608276919c8da6d9bb71d92f31fbb014711d772b", "f47262bb", "344faf4b67056082"}, 0x38)
write$binfmt_script(r2, &(0x7f0000000500)={'#! ', './file0'}, 0xb)

3.404097545s ago: executing program 0 (id=8702):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000"], 0x48)
r2 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper', 0x42, 0x0)
pwritev(r2, &(0x7f0000000500)=[{0x0}, {&(0x7f0000000200)="9cc4", 0x2}], 0x2, 0xffffff01, 0x2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x34, r0, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0)
sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r0, 0xe27, 0x70bd28, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x4000)

3.362313369s ago: executing program 0 (id=8706):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
socket$inet6_sctp(0xa, 0x0, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000001700000001"], 0x48)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0x0, 0x7fff000a}]})
memfd_secret(0x80000)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000000c0)='fscache_active\x00', r0, 0x0, 0xfffffffffffffffe}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x40f00}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r1, &(0x7f0000000600)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x94}, 0x40}], 0x1, 0x2, 0x0)

2.550217689s ago: executing program 0 (id=8721):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x20048005}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64, @ANYRES32], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000191c0)=ANY=[@ANYBLOB="010000000b000000050010000300000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=r2, @ANYRES32, @ANYBLOB="0000000002"], 0x48)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYBLOB="18000000041401002dbd700efedbdf25080065d0753a5bc01e6461f4010000000000ba30b28e994c1a08d1ca4eb6b8b4889cdd4e386eb807e04eb88b93000400000000000033c88e160d2745a91b08363bcc34006d0009788455ec9ad10b24"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fcntl$lock(r3, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r3, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x9, 0x9})
fcntl$lock(r3, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x7, 0x5})
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0x58, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10)
sendmsg$ETHTOOL_MSG_DEBUG_GET(r3, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000005c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="84000000", @ANYRES16=0x0, @ANYBLOB="000227bd7000fcdbdf2507000000040001801c00018008000100", @ANYRES32=r2, @ANYBLOB="080003800100000008000300020000003c3000018008000100", @ANYRES32=r5, @ANYBLOB="1400020070696d7265673000000000000000000008000100", @ANYRES32=r2, @ANYBLOB="14000200776730000000000000000000000000001400018008000300020000000800030002000000"], 0x84}, 0x1, 0x0, 0x0, 0x40040}, 0x1)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r6, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r6, 0x29, 0x37, &(0x7f0000000000)=ANY=[], 0x8)
writev(r4, &(0x7f0000000180)=[{&(0x7f00000002c0)='=', 0x1}], 0x1)
sendto$inet6(r6, 0x0, 0x0, 0x700, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r7=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r7, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)

2.022283471s ago: executing program 1 (id=8723):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="5e4a0b000000076cfb52a70800000800000005"], 0x48)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
writev(r4, &(0x7f0000000600)=[{&(0x7f0000000080)="2e9b5b0007e03dd65193dfb6c575963f86dd6067", 0x14}, {&(0x7f00000001c0)="b700001411005abeef4ba0d5984462732834d1", 0x13}, {&(0x7f0000000100)="37a8a6c51ef711513a5554633f6ecf2512", 0x11}, {&(0x7f0000000200)="4d0f", 0x2}], 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000240)='kfree\x00', r6, 0x0, 0x1}, 0x18)
r7 = fsopen(&(0x7f0000000080)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000040)='\x00', &(0x7f00000001c0)='dE\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000280)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f00000000c0)='dE\x00', 0x0)
memfd_secret(0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000001ec0)='\\$#[\\/\x00\xd5\xd4^\xa7\xe4\xd4\x1f.yh\x18\xb8s\xe6\f\xaf*4\xe1\xa1e\x04%f\x8f\xde\x91\x04\xbb\xc8\x17\x15\xa4\xf0\x00\x15w\x00\x00\xed\xdd}\x00\x18\xf3\xde\n\xbe\x91\xc4\xc5\xe6\xd3o\xaau\xf34\t\x9d\x80rg\xbc\xee\x96p\x18\x9e(h\xeb\xd9\xde\xa6\xfc\x8e\xe3,\xae\xa8\xf0\x82y\x91\x1c{\x85 \xc7P\xa3\x9c\x06\xc1\xd3\x92\xcd\xcc\x17\xb2}\x13:\xbbh\"%;\b\x7f\x91\x8a\xa5Z\x92~<\xfe3\x19\xdcVJ\f\xd1\x89d\xf9N\xbd\x92\x86\xa2\xa8\xc0:\x1f\n\xc9\x8eUO\x8e\xea\x99\xe1\xbe%Y\x9eH#\xa4\x9d5\xa88m6\x89kE\xce\xc3\aBW\xec_\xea_\x81\xbe\x86~\x84F\xa9\xcd\xba\xfb\xd8\x8f\x01\x81~\x9c#\r\x87\xcf\x19\xb9\xbd \xcb\xff\x88io\xb0\xb1\xa0B\x8cI\x82+\xc4\xcf\xf4!+\x16v\xb6\x8a\xb7k}\x1d\xf2\x1c\x00\x8f\xd7\x84R\x12\xed){SM[\xe6g6\xfeF\x1dJ\x83', &(0x7f0000000380)='\xbd\x10\xe2\n\xc4\xa8\xa8?\a\x9e@O<\xf4s\x85~X\x85\xdc\x11\x04a\xf8\xa6f\x96nB\x02\x10+C$\f\xb3\xcc\xed\"M\xb6 V\xc5\x9a\x11o^\xda\xc8', 0x0)
close(r7)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r8=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r8], 0x1c}}, 0x0)
eventfd2(0xce77, 0x800)
r9 = perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x2, 0x2, 0x8, 0x5a, 0x0, 0x6, 0x0, 0xc, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0, 0x8}, 0x2000, 0xff, 0x9, 0x0, 0x4, 0x145d, 0x1, 0x0, 0x3f8, 0x0, 0x100}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x5, 0x80, 0x2, 0x2, 0x8, 0x9, 0x0, 0x6, 0x1, 0xc, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0, 0x8}, 0x2000, 0xff, 0x9, 0x0, 0x4, 0x145d, 0x1, 0x0, 0x3f8, 0x0, 0x8000004}, 0x0, 0x0, r9, 0x0)
perf_event_open(&(0x7f0000000040)={0x5, 0x45, 0x2, 0x4, 0x8, 0x9, 0x0, 0x6, 0x0, 0xc, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0, 0x8}, 0x2000, 0xff, 0x9, 0x4, 0x4, 0x145d, 0x1, 0x0, 0x3f8, 0x0, 0x100}, 0x0, 0x0, r9, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
creat(&(0x7f0000000040)='./bus\x00', 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, 0x0, 0x1, 0x4})
io_uring_enter(0xffffffffffffffff, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)

1.786338484s ago: executing program 3 (id=8726):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000019200), 0x5, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB="50000000100003040000000000000000f2000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e000000001800028006000100010000000c000200540a00001800000008000500"], 0x50}, 0x1, 0xba01}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
write(r4, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24)

1.677886225s ago: executing program 3 (id=8728):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1, 0x0, 0x7}, 0x18)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$tipc(r2, 0x0, 0x0)

1.584060534s ago: executing program 3 (id=8729):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r2 = openat$sysfs(0xffffff9c, 0x0, 0x42, 0x0)
pwritev(r2, &(0x7f0000000500)=[{0x0}, {&(0x7f0000000200)="9cc4", 0x2}], 0x2, 0xffffff01, 0x2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x34, r0, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0)
sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r0, 0xe27, 0x70bd28, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x4000)

1.572924645s ago: executing program 5 (id=8730):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x1, 0x5, 0xfffffffb}, 0x10)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000901000000000000000002000000000800040001000000", 0x24) (fail_nth: 3)

1.301891982s ago: executing program 5 (id=8731):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
r3 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862)
pread64(r3, &(0x7f00000006c0)=""/4096, 0x1000, 0xf)

1.278343234s ago: executing program 5 (id=8732):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_getoverrun(r4)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
read(r2, &(0x7f00000019c0)=""/4097, 0x1001)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001000)=ANY=[@ANYBLOB="440000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="00040000000000001c0012800e000100697036677265746170000000080002800400120008000a00", @ANYRES32=r7, @ANYBLOB="132c8cc4f9f6f7955f1ca0316af971f4bd85fe32bf8286c0b943c1287c63baeac5147f9c10e061067cc78b50f6c18c0048beb6007a53c3574d2e89c1b70baa6d1b531107f29bccf702927d8db3d988b7349a6892055013c4f369f1c012bf95c7e8191e2e8623b527a82bcd0d94a3ebe655806f4a368fb46d4f45fa8488ca122d792dd7fc4efa7b41d4e1dd41d19091e89028070d594d1473ed0a6209a0c8b7e35a8af10f84df9f063e5cade38800a41b0ea325f7479cdb49a455d9d82a27001a025185340ee5d32523c84ceaa2c6d7ccc3b2b3dabe30e7c67cd85c693a8427d84e873f8bf5d26153c9e79156f8c7441d164daac4c2"], 0x44}}, 0x8000)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000400)={'wg0\x00', <r9=>0x0})
r10 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'bridge_slave_0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffb, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x48, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r11, {0x0, 0x3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x1, 0x5}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000007c0)={'sit0\x00', &(0x7f00000006c0)={'ip_vti0\x00', <r12=>0x0, 0x7, 0x700, 0x2, 0x8, {{0x2a, 0x4, 0x1, 0x2, 0xa8, 0x68, 0x0, 0x5, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x1d}, {[@timestamp_prespec={0x44, 0xc, 0xfe, 0x3, 0xf, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xfffffee4}]}, @generic={0x83, 0x3, "b2"}, @timestamp_addr={0x44, 0x1c, 0xaa, 0x1, 0x1, [{@private=0xa010101, 0xb}, {@dev={0xac, 0x14, 0x14, 0x27}}, {@private=0xa010101, 0x9}]}, @generic={0x83, 0x12, "b4af12121fd4992a6a9ce6c8df7526fa"}, @timestamp_prespec={0x44, 0x3c, 0xf9, 0x3, 0xc, [{@rand_addr=0x64010102, 0x9}, {@dev={0xac, 0x14, 0x14, 0x1b}, 0x1ff}, {@broadcast, 0x9}, {@broadcast}, {@multicast1, 0xd}, {@local, 0x1ff}, {@multicast1, 0x8}]}, @ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x13, 0x10, [@initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x3b}, @multicast1, @remote]}, @noop]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000200)={r5, 0xe0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000800)=[0x0, 0x0], ""/16, <r13=>0x0, 0x0, 0x0, 0x0, 0x3, 0x9, &(0x7f0000000840)=[0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x54, &(0x7f0000000380)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000900), &(0x7f0000000940), 0x8, 0x8e, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000d80)={&(0x7f0000000b40)={0x1c8, 0x0, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}]}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x20040890}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)

1.176106754s ago: executing program 3 (id=8733):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000380)='kfree\x00', r0}, 0x18)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc), 0x80, 0x0, 0x0, 0x0, 0x0)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000)
write$cgroup_int(r1, &(0x7f0000000040)=0xfe8e, 0x12)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
r8 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r9 = openat$binfmt(0xffffffffffffff9c, r8, 0x42, 0x1ff)
write$binfmt_script(r9, &(0x7f0000000080)={'#! ', './file1'}, 0xb)
close(r9)
execveat$binfmt(0xffffffffffffff9c, r8, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRESOCT=r5], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600a00, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

1.123481739s ago: executing program 2 (id=8734):
eventfd2(0x9, 0x80800)

1.093967342s ago: executing program 1 (id=8735):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1.093801302s ago: executing program 1 (id=8736):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)='./file2\x00')
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={<r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000040)={r1, 0x1b6, 0xe3})

1.093692182s ago: executing program 2 (id=8737):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a9998500000004000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x609e495c}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000400)='kfree\x00', r0}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="5800000010000304000300"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e00000000180002800c0002001e0000001d00000006000100fe0f000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r3, @ANYBLOB="0120d4da2717"], 0x58}}, 0x8000)

977.707834ms ago: executing program 2 (id=8738):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xc8, 0x0, 0xc000000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000005c0))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f00000008c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xa4, 0xa4, 0x5, [@struct={0xc, 0x6, 0x0, 0x4, 0x1, 0x0, [{0x5, 0x5, 0x8000}, {0x10, 0x0, 0x80000001}, {0x7}, {0x2, 0x4, 0x659}, {0x10, 0x2, 0x8}, {0x5, 0x3, 0x4}]}, @func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{0xf, 0x3}, {0xe, 0x5}, {0xd}, {0x10, 0x3}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x2, 0x4}}, @type_tag={0xb, 0x0, 0x0, 0x12, 0x2}]}, {0x0, [0x2e, 0x5f, 0x5f]}}, &(0x7f00000009c0)=""/183, 0xc1, 0xb7, 0x1, 0xfffffff1}, 0x28)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r3, 0x0, 0x5}, 0x18)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}}, @NFT_MSG_NEWSETELEM={0x80, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x54, 0x3, 0x0, 0x1, [{0x50, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x44, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x3}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x10}]}}}, {0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xdc}}, 0x0)
r4 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000000)={0x7, 0xfffffffffffffffb, 0x9, 0x8, 0x6, 0x1e49})
write$selinux_access(r4, &(0x7f00000002c0)=ANY=[@ANYBLOB='system_u:ck_exec_t:s0 /usr/sbin/cupn-browsed 0'], 0x4e)

892.085962ms ago: executing program 2 (id=8739):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1, 0x0, 0x7}, 0x18)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$tipc(r2, 0x0, 0x0)

888.316832ms ago: executing program 2 (id=8740):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'macsec0\x00', <r1=>0x0}) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) (async)
r2 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
sendfile(r2, r2, 0x0, 0x2) (async)
r3 = socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002b2000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xa6c3, 0x0)
fcntl$setlease(r5, 0x400, 0x0) (async)
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file1\x00', &(0x7f0000000340)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) (async)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r6}, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r7}, 0x18) (async)
r8 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0)
ioctl$IMADDTIMER(r8, 0x80044940, &(0x7f0000000600)=0x14) (async, rerun: 32)
ioctl$IMADDTIMER(r8, 0x80044940, &(0x7f0000000080)=0x14) (rerun: 32)
close(r8) (async)
setsockopt$packet_add_memb(r0, 0x107, 0x1, 0x0, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x20040000)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8) (async)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d0000008500000023ffffff94"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r9}, 0x18) (async, rerun: 32)
syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2082) (async, rerun: 32)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)

713.552829ms ago: executing program 1 (id=8741):
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0x20, &(0x7f0000000240)={&(0x7f00000014c0)=""/86, 0x56, <r0=>0x0, &(0x7f0000001600)=""/88, 0x58}}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
pwrite64(0xffffffffffffffff, &(0x7f0000000300)="28ee8e1c0664ce5067025a1238dcc38a1a8f8c2b847e6525051fd70916c7966aadc75d18add51d89450501f75e9981a1c977ef71e17a4284614f868ed32b3d4f12cbb1a079524953d8f9cb054d46371ad85f7967f449d2c6a4887b252aebfdfd06b42cee978143e7e9f70d6bb437c97cc5e960c78ab9a080fc402052c77e4c4d7618374d3e10eecd1c2e48c326797c108951b4387fc216bc8275aba194b435860206a32ae1b69a0dad02887f11af61555302aa6de153ebb4f0eac7", 0xbb, 0x3)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r2}, 0x10)
fchmodat(0xffffffffffffffff, &(0x7f0000000400)='./file0\x00', 0x80)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000f00)='kfree\x00', r5}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000040)={0x28, 0x0, 0x2710, @my=0x0}, 0x10)

651.254505ms ago: executing program 1 (id=8742):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
r3 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862)
pread64(r3, &(0x7f00000006c0)=""/4096, 0x1000, 0xf)

631.701138ms ago: executing program 1 (id=8743):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x3, &(0x7f0000000140), 0x1, 0x25f, &(0x7f0000000b00)="$eJzs3U1oHGUYB/Bn9oOYZJGoF0FQQUQkEOJN8BIvCgEJ4kFQISLiRUkETfC268mLF88iOXkJpbemPZZeQi8thZ7SNof00tKGHhoK/YAp+xXSdttsupuZNvP7wWZmknfmeQfm/74T2GECKKyJiJiJiHJETEZENSKSvQ3ebX8mOpsro+vzEWn61a2k1a693dbdbzwiGhHxcUScKSXxcyViee3brTsbn3/w91L1/f/XvhnN9CQ7trc2v9j5b+6vE7MfLZ+/eGMuiZmoPXJew5f0+F0liXj9MIq9IJJK3j2gH1/+cfxSM/dvRMR7rfzfTdsiHuyu9ZLW/7l54a2s+wsMV5pWm3NgIwUKpxQRtc5Nams9SqWpqfY9/OXyWOmXxd9+n/xpcWnhx7xHKmBYahGbn50aOTneWk9KU538Xyu38w8cVfXOcvVK8+dOOd/eAMO0f6Cb8//k9/UPQ/6hcA6U/1ey6ROQjU7+W8l+LP/X8+oTkI0Dzf9P+xoA8FLy/z8U1zPzX82nT0A2zP9QXPIPxSX/UFzyD8W1N/8AQLGkI30+KNzo7gAcFTkPPwAAAAAAAAAAAAAAAAAAQA8ro+vz3U9WNc/+G7H9aURUetUvt95H3H352NjtpNlsV9LebSDfvTPgAQZ0LOenr1+9mm/9c2/nW7++ENH4MyKmK5Unr7+kc/09v9f2+Xv1hwELDOiTrw/ryLW+Wt1fPaz6/ZndiDjdHH+me40/pXiztew9/tSG8JqEX+8NeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAy8zAAAP//JS12Fg==")
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
fsync(r1)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073794f310000000008000440080000000900010073797a3000000000080003400000000114000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0)
sendmsg$NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='X\x00', @ANYRES16=0x0, @ANYBLOB="000300000504bd9c00"/18, @ANYRES32=0x0, @ANYBLOB="0a000600505050505050000004005f00060036000600000018002a0065125050505050500802110000010802110000000a0034000101010101010000"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x4000040)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x1e, &(0x7f0000000080)=0x400000001, 0x4)
unshare(0x22020400)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
pwrite64(r4, &(0x7f00000002c0)="8c", 0x1, 0x7fffffffffffffff)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, &(0x7f0000000340)=0x1, 0x4)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r3, 0x29, 0x3b, 0x0, 0x0)
sendfile(r3, r2, 0x0, 0x20000023896)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20004000)
sendmsg$nl_route(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)=@ipv6_getroute={0x1c, 0x1a, 0x200, 0x70bd27, 0x25dfdbfe, {0xa, 0x80, 0x20, 0x8, 0x0, 0x4, 0xff, 0x6, 0x1800}}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40)
sendmmsg(r5, &(0x7f0000000900)=[{{&(0x7f0000000000)=@tipc=@name={0x1e, 0x2, 0x1, {{0x40, 0x4}, 0x2}}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000740)="947fc0815865f3daa27356fad17efcc46cbaff3cb581951d8b6244bcd3d4b505e0b9fad84bac3c29eec905cf9248a5606ecf35bac5a012e03f8702705bbb6c41353307d4291e8809712a162efa78f371321a0053e939d077bda16b89f63fa0be6c473ecfc4e3e7e7845efd3acd3ec82e5fe6e0313c1efa66d96bdc2c0c214d47bd02606c583e97e35ca9f0147df9b24e21460b5753e06c", 0x97}], 0x1}}, {{&(0x7f0000000640)=@pptp={0x18, 0x2, {0x2, @multicast1}}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000300)="7fb4409f421bad201a15e8abcd06b0b3c1275962627696196e38223ef536507c4e72eab70a", 0x25}, {&(0x7f0000000400)="b7c6979b", 0x4}, {&(0x7f0000000980)="b330b84b6ae33b0ff3081e060dd37d8c2c5914abb548f37e39d39653527269012623cecc305d8a32e25e37e046c6faca735c46c235a4329adcdd45022494a95c77681df619da7f68edcc10b68d6cc01aac35a72560b7468a478e6fe99bbc7036c7fa6f9b514c782b22df362c5893f153766cd72a6092630e4578c4e2125377428b77225b843286ee32108972e1e6495e9b407e043c52112660c0c2", 0x9b}], 0x3}}], 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/27], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1, 0xffffffff}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r6}, &(0x7f0000000340), &(0x7f0000000380)}, 0x20)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f5"], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0)

567.161464ms ago: executing program 0 (id=8745):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000600)=ANY=[], 0x48)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000003940)=ANY=[@ANYBLOB="040100001600010028bd7000fbdbdf25fe8000000000000000000000000000aaac1414aa0000000000000000000000004e23000f4e23000e0a00a0b05e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc000000000000000000000000000001000004d66c0000000a0101000000000000000000000000000000010000000003000500000000000000070000000000000000100000000000000100000000000000000000000000000000000100000000000200000000000000000000000000000003000000000000005e19000000000000090000000600000081000000"], 0x104}, 0x1, 0x0, 0x0, 0x8000}, 0x24000004)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffd}, 0x18)
socket$packet(0x11, 0x2, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x10, 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="911015000000000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x3)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x80010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, 0x0, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
flistxattr(r3, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00'}, 0x10)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x2)
readv(r4, &(0x7f0000000000)=[{&(0x7f0000000580)=""/244, 0xf4}], 0x1)
read(r4, 0x0, 0x0)

464.168224ms ago: executing program 5 (id=8746):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10)
r2 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862)
pread64(r2, &(0x7f00000006c0)=""/4096, 0x1000, 0xf)

400.11149ms ago: executing program 5 (id=8747):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

399.9071ms ago: executing program 5 (id=8748):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000600)=ANY=[], 0x48)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000003940)=ANY=[@ANYBLOB="040100001600010028bd7000fbdbdf25fe8000000000000000000000000000aaac1414aa0000000000000000000000004e23000f4e23000e0a00a0b05e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc000000000000000000000000000001000004d66c0000000a0101000000000000000000000000000000010000000003000500000000000000070000000000000000100000000000000100000000000000000000000000000000000100000000000200000000000000000000000000000003000000000000005e190000000000000900000006000000810000002bbd7000013500000a0001daec0000000000000003000000"], 0x104}, 0x1, 0x0, 0x0, 0x8000}, 0x24000004)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffd}, 0x18)
socket$packet(0x11, 0x2, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x10, 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="911015000000000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x3)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x80010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, 0x0, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
flistxattr(r3, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00'}, 0x10)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x2)
readv(r4, &(0x7f0000000000)=[{&(0x7f0000000580)=""/244, 0xf4}], 0x1)
read(r4, 0x0, 0x0)

347.196456ms ago: executing program 3 (id=8749):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xc8, 0x0, 0xc000000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000005c0))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f00000008c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xa4, 0xa4, 0x5, [@struct={0xc, 0x6, 0x0, 0x4, 0x1, 0x0, [{0x5, 0x5, 0x8000}, {0x10, 0x0, 0x80000001}, {0x7}, {0x2, 0x4, 0x659}, {0x10, 0x2, 0x8}, {0x5, 0x3, 0x4}]}, @func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{0xf, 0x3}, {0xe, 0x5}, {0xd}, {0x10, 0x3}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x2, 0x4}}, @type_tag={0xb, 0x0, 0x0, 0x12, 0x2}]}, {0x0, [0x2e, 0x5f, 0x5f]}}, &(0x7f00000009c0)=""/183, 0xc1, 0xb7, 0x1, 0xfffffff1}, 0x28)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r3, 0x0, 0x5}, 0x18)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}}, @NFT_MSG_NEWSETELEM={0x80, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x54, 0x3, 0x0, 0x1, [{0x50, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x44, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x3}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x10}]}}}, {0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xdc}}, 0x0)
r4 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000000)={0x7, 0xfffffffffffffffb, 0x9, 0x8, 0x6, 0x1e49})
write$selinux_access(r4, &(0x7f00000002c0)=ANY=[@ANYBLOB='system_u:ck_exec_t:s0 /usr/sbin/cupn-browsed 0'], 0x4e)

321.676258ms ago: executing program 3 (id=8750):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x3, &(0x7f0000000140), 0x1, 0x25f, &(0x7f0000000b00)="$eJzs3U1oHGUYB/Bn9oOYZJGoF0FQQUQkEOJN8BIvCgEJ4kFQISLiRUkETfC268mLF88iOXkJpbemPZZeQi8thZ7SNof00tKGHhoK/YAp+xXSdttsupuZNvP7wWZmknfmeQfm/74T2GECKKyJiJiJiHJETEZENSKSvQ3ebX8mOpsro+vzEWn61a2k1a693dbdbzwiGhHxcUScKSXxcyViee3brTsbn3/w91L1/f/XvhnN9CQ7trc2v9j5b+6vE7MfLZ+/eGMuiZmoPXJew5f0+F0liXj9MIq9IJJK3j2gH1/+cfxSM/dvRMR7rfzfTdsiHuyu9ZLW/7l54a2s+wsMV5pWm3NgIwUKpxQRtc5Nams9SqWpqfY9/OXyWOmXxd9+n/xpcWnhx7xHKmBYahGbn50aOTneWk9KU538Xyu38w8cVfXOcvVK8+dOOd/eAMO0f6Cb8//k9/UPQ/6hcA6U/1ey6ROQjU7+W8l+LP/X8+oTkI0Dzf9P+xoA8FLy/z8U1zPzX82nT0A2zP9QXPIPxSX/UFzyD8W1N/8AQLGkI30+KNzo7gAcFTkPPwAAAAAAAAAAAAAAAAAAQA8ro+vz3U9WNc/+G7H9aURUetUvt95H3H352NjtpNlsV9LebSDfvTPgAQZ0LOenr1+9mm/9c2/nW7++ENH4MyKmK5Unr7+kc/09v9f2+Xv1hwELDOiTrw/ryLW+Wt1fPaz6/ZndiDjdHH+me40/pXiztew9/tSG8JqEX+8NeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAy8zAAAP//JS12Fg==")
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
fsync(r1)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073794f310000000008000440080000000900010073797a3000000000080003400000000114000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0)
sendmsg$NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='X\x00', @ANYRES16=0x0, @ANYBLOB="000300000504bd9c00"/18, @ANYRES32=0x0, @ANYBLOB="0a000600505050505050000004005f00060036000600000018002a0065125050505050500802110000010802110000000a0034000101010101010000"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x4000040)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x1e, &(0x7f0000000080)=0x400000001, 0x4)
unshare(0x22020400)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
pwrite64(r4, &(0x7f00000002c0)="8c", 0x1, 0x7fffffffffffffff)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, &(0x7f0000000340)=0x1, 0x4)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r3, 0x29, 0x3b, 0x0, 0x0)
sendfile(r3, r2, 0x0, 0x20000023896)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20004000)
sendmsg$nl_route(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)=@ipv6_getroute={0x1c, 0x1a, 0x200, 0x70bd27, 0x25dfdbfe, {0xa, 0x80, 0x20, 0x8, 0x0, 0x4, 0xff, 0x6, 0x1800}}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40)
sendmmsg(r5, &(0x7f0000000900)=[{{&(0x7f0000000000)=@tipc=@name={0x1e, 0x2, 0x1, {{0x40, 0x4}, 0x2}}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000740)="947fc0815865f3daa27356fad17efcc46cbaff3cb581951d8b6244bcd3d4b505e0b9fad84bac3c29eec905cf9248a5606ecf35bac5a012e03f8702705bbb6c41353307d4291e8809712a162efa78f371321a0053e939d077bda16b89f63fa0be6c473ecfc4e3e7e7845efd3acd3ec82e5fe6e0313c1efa66d96bdc2c0c214d47bd02606c583e97e35ca9f0147df9b24e21460b5753e06c", 0x97}], 0x1}}, {{&(0x7f0000000640)=@pptp={0x18, 0x2, {0x2, @multicast1}}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000300)="7fb4409f421bad201a15e8abcd06b0b3c1275962627696196e38223ef536507c4e72eab70a", 0x25}, {&(0x7f0000000400)="b7c6979b", 0x4}, {&(0x7f0000000980)="b330b84b6ae33b0ff3081e060dd37d8c2c5914abb548f37e39d39653527269012623cecc305d8a32e25e37e046c6faca735c46c235a4329adcdd45022494a95c77681df619da7f68edcc10b68d6cc01aac35a72560b7468a478e6fe99bbc7036c7fa6f9b514c782b22df362c5893f153766cd72a6092630e4578c4e2125377428b77225b843286ee32108972e1e6495e9b407e043c52112660c0c2", 0x9b}], 0x3}}], 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/27], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1, 0xffffffff}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r6}, &(0x7f0000000340), &(0x7f0000000380)}, 0x20)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f5"], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0)

0s ago: executing program 2 (id=8751):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x18, &(0x7f0000000080)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x4}, 0x18)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111ae00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r2, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8036, 0x0, 0x0, 0x10, &(0x7f0000002e00), 0x0, 0x0, 0x9e, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r2, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

kernel console output (not intermixed with test programs):

mm="syz.1.7579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  447.121668][   T29] audit: type=1326 audit(2000000405.049:72249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25235 comm="syz.1.7579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  447.724301][T25264] batadv1: entered promiscuous mode
[  447.729646][T25264] batadv1: entered allmulticast mode
[  448.150449][T25246] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  448.205143][T25277] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  448.211656][T25277] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  448.219225][T25277] vhci_hcd vhci_hcd.0: Device attached
[  448.227204][T25278] vhci_hcd: connection closed
[  448.227516][   T42] vhci_hcd: stop threads
[  448.236481][   T42] vhci_hcd: release socket
[  448.240893][   T42] vhci_hcd: disconnect device
[  448.256453][T25281] lo speed is unknown, defaulting to 1000
[  448.359393][T25289] batadv1: entered promiscuous mode
[  448.364664][T25289] batadv1: entered allmulticast mode
[  448.618737][T25308] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7603'.
[  448.678906][T25310] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7604'.
[  448.747667][T25312] netlink: 'syz.5.7605': attribute type 3 has an invalid length.
[  448.802487][   T42] Bluetooth: hci0: Frame reassembly failed (-84)
[  448.809000][ T1000] Bluetooth: hci1: Frame reassembly failed (-84)
[  448.842307][T25327] serio: Serial port ptm3
[  449.107227][T25333] lo speed is unknown, defaulting to 1000
[  449.298606][T25336] lo speed is unknown, defaulting to 1000
[  449.531804][T25345] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  449.538352][T25345] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  449.546051][T25345] vhci_hcd vhci_hcd.0: Device attached
[  449.595133][T25346] vhci_hcd: connection closed
[  449.595353][ T1000] vhci_hcd: stop threads
[  449.604376][ T1000] vhci_hcd: release socket
[  449.608902][ T1000] vhci_hcd: disconnect device
[  450.509075][T25397] ip6t_srh: unknown srh match flags  4000
[  450.517198][T25397] 9pnet_fd: Insufficient options for proto=fd
[  450.556862][T25402] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  450.563583][T25402] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  450.571418][T25402] vhci_hcd vhci_hcd.0: Device attached
[  450.578214][T25403] vhci_hcd: connection closed
[  450.578482][T10899] vhci_hcd: stop threads
[  450.587601][T10899] vhci_hcd: release socket
[  450.592049][T10899] vhci_hcd: disconnect device
[  450.731987][   T44] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  450.732209][ T3509] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  450.738275][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  450.745760][   T29] kauditd_printk_skb: 260 callbacks suppressed
[  450.745773][   T29] audit: type=1326 audit(2000000408.923:72510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25320 comm="syz.5.7609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721eb8efc9 code=0x7ffc0000
[  450.780376][   T29] audit: type=1326 audit(2000000408.923:72511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25320 comm="syz.5.7609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721eb8efc9 code=0x7ffc0000
[  450.807692][   T29] audit: type=1326 audit(2000000408.976:72512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25319 comm="syz.0.7608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  450.831345][   T29] audit: type=1326 audit(2000000408.976:72513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25319 comm="syz.0.7608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  450.862403][T25406] netlink: 232 bytes leftover after parsing attributes in process `syz.1.7637'.
[  451.019344][T25422] netlink: 'syz.2.7645': attribute type 4 has an invalid length.
[  451.249250][T25432] cgroup: Need name or subsystem set
[  451.447592][T25437] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7648'.
[  451.518839][T25439] loop5: detected capacity change from 0 to 1024
[  451.530404][T25439] EXT4-fs: Ignoring removed orlov option
[  451.542315][T25439] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  451.733115][T22650] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  451.742638][T25448] FAULT_INJECTION: forcing a failure.
[  451.742638][T25448] name failslab, interval 1, probability 0, space 0, times 0
[  451.755292][T25448] CPU: 1 UID: 0 PID: 25448 Comm: syz.1.7653 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  451.755320][T25448] Tainted: [W]=WARN
[  451.755326][T25448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  451.755339][T25448] Call Trace:
[  451.755382][T25448]  <TASK>
[  451.755391][T25448]  __dump_stack+0x1d/0x30
[  451.755414][T25448]  dump_stack_lvl+0xe8/0x140
[  451.755435][T25448]  dump_stack+0x15/0x1b
[  451.755453][T25448]  should_fail_ex+0x265/0x280
[  451.755545][T25448]  should_failslab+0x8c/0xb0
[  451.755572][T25448]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  451.755601][T25448]  ? __alloc_skb+0x101/0x320
[  451.755713][T25448]  __alloc_skb+0x101/0x320
[  451.755735][T25448]  netlink_alloc_large_skb+0xbf/0xf0
[  451.755764][T25448]  netlink_sendmsg+0x3cf/0x6b0
[  451.755785][T25448]  ? __pfx_netlink_sendmsg+0x10/0x10
[  451.755804][T25448]  __sock_sendmsg+0x145/0x180
[  451.755888][T25448]  ____sys_sendmsg+0x31e/0x4e0
[  451.755940][T25448]  ___sys_sendmsg+0x17b/0x1d0
[  451.755983][T25448]  __x64_sys_sendmsg+0xd4/0x160
[  451.756040][T25448]  x64_sys_call+0x191e/0x3000
[  451.756061][T25448]  do_syscall_64+0xd2/0x200
[  451.756080][T25448]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  451.756106][T25448]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  451.756183][T25448]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.756254][T25448] RIP: 0033:0x7f4c8c33efc9
[  451.756269][T25448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  451.756286][T25448] RSP: 002b:00007f4c8ada7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  451.756306][T25448] RAX: ffffffffffffffda RBX: 00007f4c8c595fa0 RCX: 00007f4c8c33efc9
[  451.756319][T25448] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  451.756408][T25448] RBP: 00007f4c8ada7090 R08: 0000000000000000 R09: 0000000000000000
[  451.756421][T25448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  451.756433][T25448] R13: 00007f4c8c596038 R14: 00007f4c8c595fa0 R15: 00007fff2f280ae8
[  451.756452][T25448]  </TASK>
[  452.049895][T25452] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  452.056546][T25452] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  452.064105][T25452] vhci_hcd vhci_hcd.0: Device attached
[  452.080153][T25453] vhci_hcd: connection closed
[  452.083266][   T31] vhci_hcd: stop threads
[  452.092248][   T31] vhci_hcd: release socket
[  452.096678][   T31] vhci_hcd: disconnect device
[  452.111998][   T29] audit: type=1326 audit(2000000410.351:72514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25460 comm="syz.0.7658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  452.135666][   T29] audit: type=1326 audit(2000000410.351:72515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25460 comm="syz.0.7658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  452.165352][   T29] audit: type=1326 audit(2000000410.393:72516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25460 comm="syz.0.7658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  452.194188][   T29] audit: type=1326 audit(2000000410.414:72517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25460 comm="syz.0.7658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  452.217914][   T29] audit: type=1326 audit(2000000410.414:72518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25460 comm="syz.0.7658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  452.244875][   T29] audit: type=1326 audit(2000000410.445:72519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25460 comm="syz.0.7658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  452.273186][T25466] batadv1: entered promiscuous mode
[  452.278433][T25466] batadv1: entered allmulticast mode
[  452.365189][T25470] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7661'.
[  452.384123][T25475] siw: device registration error -23
[  452.681153][T25486] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  452.767405][T25488] netlink: 'syz.0.7666': attribute type 4 has an invalid length.
[  453.005950][T25491] cgroup: Need name or subsystem set
[  453.254947][T25497] loop5: detected capacity change from 0 to 128
[  453.297822][T25497] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535)
[  453.356016][T25497] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none.
[  453.372811][T25497] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7668'.
[  453.393909][T25497] EXT4-fs error (device loop5): __ext4_find_entry:1626: inode #2: comm syz.5.7668: checksumming directory block 0
[  453.472233][T25503] netlink: 32 bytes leftover after parsing attributes in process `syz.5.7668'.
[  453.560400][T25510] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7673'.
[  453.678947][T25519] lo speed is unknown, defaulting to 1000
[  453.812176][T25524] batadv1: entered promiscuous mode
[  453.817484][T25524] batadv1: entered allmulticast mode
[  454.104800][T22650] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  454.127398][T25532] siw: device registration error -23
[  454.471345][T25545] loop5: detected capacity change from 0 to 1024
[  454.484588][T25546] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7685'.
[  454.491122][T25545] EXT4-fs: Ignoring removed orlov option
[  454.539201][T25545] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  454.559612][T25552] lo speed is unknown, defaulting to 1000
[  454.693341][T22650] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  454.706161][T25555] FAULT_INJECTION: forcing a failure.
[  454.706161][T25555] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  454.719317][T25555] CPU: 1 UID: 0 PID: 25555 Comm: syz.0.7687 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  454.719348][T25555] Tainted: [W]=WARN
[  454.719354][T25555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  454.719364][T25555] Call Trace:
[  454.719370][T25555]  <TASK>
[  454.719377][T25555]  __dump_stack+0x1d/0x30
[  454.719396][T25555]  dump_stack_lvl+0xe8/0x140
[  454.719496][T25555]  dump_stack+0x15/0x1b
[  454.719567][T25555]  should_fail_ex+0x265/0x280
[  454.719586][T25555]  should_fail+0xb/0x20
[  454.719676][T25555]  should_fail_usercopy+0x1a/0x20
[  454.719693][T25555]  _copy_from_user+0x1c/0xb0
[  454.719713][T25555]  __x64_sys_rt_sigsuspend+0x70/0xe0
[  454.719743][T25555]  x64_sys_call+0x2789/0x3000
[  454.719804][T25555]  do_syscall_64+0xd2/0x200
[  454.719820][T25555]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  454.719871][T25555]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  454.719928][T25555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.720026][T25555] RIP: 0033:0x7f3fd695efc9
[  454.720040][T25555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  454.720094][T25555] RSP: 002b:00007f3fd521d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000082
[  454.720114][T25555] RAX: ffffffffffffffda RBX: 00007f3fd6bb6090 RCX: 00007f3fd695efc9
[  454.720126][T25555] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000200000000400
[  454.720138][T25555] RBP: 00007f3fd521d090 R08: 0000000000000000 R09: 0000000000000000
[  454.720149][T25555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  454.720171][T25555] R13: 00007f3fd6bb6128 R14: 00007f3fd6bb6090 R15: 00007ffcc7036c98
[  454.720191][T25555]  </TASK>
[  455.460327][T25564] lo speed is unknown, defaulting to 1000
[  455.992162][T25568] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7691'.
[  456.020833][T25570] tipc: Invalid UDP bearer configuration
[  456.020935][T25570] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  456.038321][T25568] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7691'.
[  456.057276][T25570] vhci_hcd: invalid port number 65
[  456.062469][T25570] vhci_hcd: invalid port number 65
[  456.077041][T25572] ip6t_srh: unknown srh match flags  4000
[  456.084315][   T29] kauditd_printk_skb: 106 callbacks suppressed
[  456.084328][   T29] audit: type=1326 audit(2000000414.519:72626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25562 comm="syz.5.7690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721eb8efc9 code=0x7fc00000
[  456.086664][T25572] 9pnet_fd: Insufficient options for proto=fd
[  456.238356][T25582] serio: Serial port ptm0
[  456.253154][T25585] loop5: detected capacity change from 0 to 1024
[  456.267406][T25585] EXT4-fs: Ignoring removed orlov option
[  456.277674][T25585] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  456.431164][T25593] batadv1: entered promiscuous mode
[  456.436420][T25593] batadv1: entered allmulticast mode
[  456.549648][T22650] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  456.581545][   T29] audit: type=1326 audit(2000000415.044:72627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25601 comm="syz.2.7705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a167efc9 code=0x7ffc0000
[  456.605178][   T29] audit: type=1326 audit(2000000415.044:72628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25601 comm="syz.2.7705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a167efc9 code=0x7ffc0000
[  456.628886][   T29] audit: type=1326 audit(2000000415.044:72629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25601 comm="syz.2.7705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f41a167efc9 code=0x7ffc0000
[  456.652379][   T29] audit: type=1326 audit(2000000415.044:72630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25601 comm="syz.2.7705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a167efc9 code=0x7ffc0000
[  456.676057][   T29] audit: type=1326 audit(2000000415.044:72631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25601 comm="syz.2.7705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a167efc9 code=0x7ffc0000
[  456.705894][T25606] xt_policy: output policy not valid in PREROUTING and INPUT
[  456.842178][T25607] loop5: detected capacity change from 0 to 1024
[  456.881181][   T29] audit: type=1326 audit(2000000415.075:72632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25592 comm="syz.1.7700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  456.897740][T25613] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7709'.
[  456.905006][   T29] audit: type=1326 audit(2000000415.075:72633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25592 comm="syz.1.7700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  456.937482][   T29] audit: type=1400 audit(2000000415.191:72634): avc:  denied  { setopt } for  pid=25603 comm="syz.2.7706" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  456.968677][T25607] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  457.022419][   T29] audit: type=1326 audit(2000000415.358:72635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25610 comm="syz.1.7707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  457.177630][   T42] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  457.199797][   T42] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 320 with error 28
[  457.212214][   T42] EXT4-fs (loop5): This should not happen!! Data will be lost
[  457.212214][   T42] 
[  457.221848][   T42] EXT4-fs (loop5): Total free blocks count 0
[  457.227821][   T42] EXT4-fs (loop5): Free/Dirty block details
[  457.233748][   T42] EXT4-fs (loop5): free_blocks=68451041280
[  457.239581][   T42] EXT4-fs (loop5): dirty_blocks=320
[  457.244848][   T42] EXT4-fs (loop5): Block reservation details
[  457.250855][   T42] EXT4-fs (loop5): i_reserved_data_blocks=20
[  457.363005][T22650] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  458.068138][T25660] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7721'.
[  458.241541][T25673] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7729'.
[  458.263625][T25673] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7729'.
[  458.766935][T25699] loop5: detected capacity change from 0 to 512
[  458.773488][T25699] ext4: Unknown parameter 'nouser_xattr'
[  458.844888][T25705] loop5: detected capacity change from 0 to 128
[  458.851852][T25705] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535)
[  458.862871][T25705] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none.
[  458.875948][T25705] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7741'.
[  458.886321][T25705] EXT4-fs error (device loop5): __ext4_find_entry:1626: inode #2: comm syz.5.7741: checksumming directory block 0
[  458.951834][T25711] netlink: 32 bytes leftover after parsing attributes in process `syz.5.7741'.
[  459.074795][T25718] lo speed is unknown, defaulting to 1000
[  459.185453][T25724] netlink: '+}[@': attribute type 4 has an invalid length.
[  459.206470][T25726] batadv1: entered promiscuous mode
[  459.212393][T25726] batadv1: entered allmulticast mode
[  459.455344][T25740] batadv1: entered promiscuous mode
[  459.460625][T25740] batadv1: entered allmulticast mode
[  459.622788][T25748] serio: Serial port ptm0
[  459.860198][T22650] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  459.926995][T25758] netlink: 'syz.3.7759': attribute type 4 has an invalid length.
[  459.935029][T25756] loop5: detected capacity change from 0 to 2048
[  459.966666][T25756] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  460.003231][T25756] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  460.020293][T25756] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 159 with max blocks 1 with error 28
[  460.032664][T25756] EXT4-fs (loop5): This should not happen!! Data will be lost
[  460.032664][T25756] 
[  460.042461][T25756] EXT4-fs (loop5): Total free blocks count 0
[  460.048488][T25756] EXT4-fs (loop5): Free/Dirty block details
[  460.054445][T25756] EXT4-fs (loop5): free_blocks=2415919104
[  460.060265][T25756] EXT4-fs (loop5): dirty_blocks=32
[  460.065365][T25756] EXT4-fs (loop5): Block reservation details
[  460.071386][T25756] EXT4-fs (loop5): i_reserved_data_blocks=2
[  460.134697][T25769] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28
[  460.166196][T25775] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7764'.
[  460.185916][T25777] ip6t_srh: unknown srh match flags  4000
[  460.193649][T25777] 9pnet_fd: Insufficient options for proto=fd
[  460.242284][T25783] ip6t_srh: unknown srh match flags  4000
[  460.251585][T25783] 9pnet_fd: Insufficient options for proto=fd
[  460.258486][T25786] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7768'.
[  460.293121][T25794] lo speed is unknown, defaulting to 1000
[  460.316963][T25797] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4)
[  460.323494][T25797] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  460.331028][T25797] vhci_hcd vhci_hcd.0: Device attached
[  460.451516][T25804] batadv1: entered promiscuous mode
[  460.456816][T25804] batadv1: entered allmulticast mode
[  460.530671][T25798] vhci_hcd: connection closed
[  460.531150][T10899] vhci_hcd: stop threads
[  460.540129][T10899] vhci_hcd: release socket
[  460.544598][T10899] vhci_hcd: disconnect device
[  460.562428][ T7345] usb 11-1: new low-speed USB device number 3 using vhci_hcd
[  460.570005][ T7345] usb 11-1: enqueue for inactive port 0
[  460.575717][ T7345] usb 11-1: enqueue for inactive port 0
[  460.581422][ T7345] usb 11-1: enqueue for inactive port 0
[  460.668396][ T7345] vhci_hcd: vhci_device speed not set
[  460.859387][   T29] kauditd_printk_skb: 189 callbacks suppressed
[  460.859399][   T29] audit: type=1326 audit(2000000419.537:72825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25814 comm="syz.3.7778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91cfb4efc9 code=0x7ffc0000
[  460.889225][   T29] audit: type=1326 audit(2000000419.537:72826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25814 comm="syz.3.7778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91cfb4efc9 code=0x7ffc0000
[  460.940945][   T29] audit: type=1326 audit(2000000419.600:72827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25814 comm="syz.3.7778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f91cfb4efc9 code=0x7ffc0000
[  460.964569][   T29] audit: type=1326 audit(2000000419.600:72828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25814 comm="syz.3.7778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91cfb4efc9 code=0x7ffc0000
[  460.988160][   T29] audit: type=1326 audit(2000000419.600:72829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25814 comm="syz.3.7778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91cfb4efc9 code=0x7ffc0000
[  461.043268][   T29] audit: type=1400 audit(2000000419.715:72830): avc:  denied  { bind } for  pid=25822 comm="syz.5.7781" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  461.063496][   T29] audit: type=1400 audit(2000000419.715:72831): avc:  denied  { setopt } for  pid=25822 comm="syz.5.7781" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  461.125289][T25823] syzkaller0: entered promiscuous mode
[  461.130791][T25823] syzkaller0: entered allmulticast mode
[  461.197156][T25824] netlink: 64 bytes leftover after parsing attributes in process `syz.5.7781'.
[  461.249791][   T29] audit: type=1326 audit(2000000419.873:72832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25827 comm="syz.3.7783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91cfb4efc9 code=0x7ffc0000
[  461.273523][   T29] audit: type=1326 audit(2000000419.873:72833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25827 comm="syz.3.7783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f91cfb4efc9 code=0x7ffc0000
[  461.297172][   T29] audit: type=1326 audit(2000000419.873:72834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25827 comm="syz.3.7783" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91cfb4efc9 code=0x7ffc0000
[  461.400125][T25842] wireguard0: entered promiscuous mode
[  461.405661][T25842] wireguard0: entered allmulticast mode
[  461.445878][T25844] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7788'.
[  461.456344][T25844] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7788'.
[  461.755659][T25855] netlink: 'syz.2.7793': attribute type 4 has an invalid length.
[  461.874609][T25858] smc: net device bond0 applied user defined pnetid SYZ0
[  461.882272][T25858] smc: net device bond0 erased user defined pnetid SYZ0
[  461.891508][T25856] cgroup: Need name or subsystem set
[  461.916001][T25861] batadv1: entered promiscuous mode
[  461.921247][T25861] batadv1: entered allmulticast mode
[  461.984618][T25870] serio: Serial port ptm1
[  462.317073][T25912] pimreg: entered allmulticast mode
[  462.323638][T25911] pimreg: left allmulticast mode
[  462.512153][T25951] loop5: detected capacity change from 0 to 128
[  462.519074][T25951] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535)
[  462.530133][T25951] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none.
[  462.542840][T25951] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7819'.
[  462.553851][T25951] EXT4-fs error (device loop5): __ext4_find_entry:1626: inode #2: comm syz.5.7819: checksumming directory block 0
[  462.596082][T25959] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7821'.
[  462.609483][T25959] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7821'.
[  462.615330][T25962] netlink: 32 bytes leftover after parsing attributes in process `syz.5.7819'.
[  462.745122][T25974] xt_hashlimit: max too large, truncated to 1048576
[  462.752567][T25974] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  462.939331][T25999] infiniband syz1: set down
[  462.943903][T25999] infiniband syz1: added bond0
[  462.952910][T25999] RDS/IB: syz1: added
[  462.957037][T25999] smc: adding ib device syz1 with port count 1
[  462.963294][T25999] smc:    ib device syz1 port 1 has no pnetid
[  463.127948][T26025] serio: Serial port ptm1
[  463.320440][T22650] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  463.340363][T26047] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7848'.
[  463.350752][T26047] FAULT_INJECTION: forcing a failure.
[  463.350752][T26047] name failslab, interval 1, probability 0, space 0, times 0
[  463.363501][T26047] CPU: 1 UID: 0 PID: 26047 Comm: syz.5.7848 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  463.363533][T26047] Tainted: [W]=WARN
[  463.363611][T26047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  463.363633][T26047] Call Trace:
[  463.363639][T26047]  <TASK>
[  463.363647][T26047]  __dump_stack+0x1d/0x30
[  463.363666][T26047]  dump_stack_lvl+0xe8/0x140
[  463.363687][T26047]  dump_stack+0x15/0x1b
[  463.363704][T26047]  should_fail_ex+0x265/0x280
[  463.363775][T26047]  should_failslab+0x8c/0xb0
[  463.363803][T26047]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  463.363832][T26047]  ? __alloc_skb+0x101/0x320
[  463.363856][T26047]  __alloc_skb+0x101/0x320
[  463.363879][T26047]  netlink_alloc_large_skb+0xbf/0xf0
[  463.363941][T26047]  netlink_sendmsg+0x3cf/0x6b0
[  463.363962][T26047]  ? __pfx_netlink_sendmsg+0x10/0x10
[  463.363982][T26047]  __sock_sendmsg+0x145/0x180
[  463.364067][T26047]  ____sys_sendmsg+0x31e/0x4e0
[  463.364126][T26047]  ___sys_sendmsg+0x17b/0x1d0
[  463.364220][T26047]  __x64_sys_sendmsg+0xd4/0x160
[  463.364320][T26047]  x64_sys_call+0x191e/0x3000
[  463.364338][T26047]  do_syscall_64+0xd2/0x200
[  463.364380][T26047]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  463.364403][T26047]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  463.364427][T26047]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.364468][T26047] RIP: 0033:0x7f721eb8efc9
[  463.364482][T26047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  463.364516][T26047] RSP: 002b:00007f721d5ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  463.364536][T26047] RAX: ffffffffffffffda RBX: 00007f721ede5fa0 RCX: 00007f721eb8efc9
[  463.364549][T26047] RDX: 00000000240000c0 RSI: 0000200000000140 RDI: 0000000000000009
[  463.364560][T26047] RBP: 00007f721d5ef090 R08: 0000000000000000 R09: 0000000000000000
[  463.364573][T26047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  463.364586][T26047] R13: 00007f721ede6038 R14: 00007f721ede5fa0 R15: 00007ffcda42f1d8
[  463.364606][T26047]  </TASK>
[  463.615238][T26054] loop5: detected capacity change from 0 to 1024
[  463.621956][T26054] EXT4-fs: Ignoring removed orlov option
[  463.630737][T26054] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  463.824233][T22650] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  463.899193][T26078] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7858'.
[  463.943823][T26078] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7858'.
[  463.975927][T26086] smc: net device bond0 applied user defined pnetid SYZ0
[  464.001998][T26086] smc: net device bond0 erased user defined pnetid SYZ0
[  464.134378][T26109] FAULT_INJECTION: forcing a failure.
[  464.134378][T26109] name failslab, interval 1, probability 0, space 0, times 0
[  464.147150][T26109] CPU: 0 UID: 0 PID: 26109 Comm: syz.0.7868 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  464.147233][T26109] Tainted: [W]=WARN
[  464.147240][T26109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  464.147253][T26109] Call Trace:
[  464.147260][T26109]  <TASK>
[  464.147267][T26109]  __dump_stack+0x1d/0x30
[  464.147311][T26109]  dump_stack_lvl+0xe8/0x140
[  464.147332][T26109]  dump_stack+0x15/0x1b
[  464.147349][T26109]  should_fail_ex+0x265/0x280
[  464.147365][T26109]  should_failslab+0x8c/0xb0
[  464.147387][T26109]  kmem_cache_alloc_noprof+0x50/0x480
[  464.147416][T26109]  ? xfrm_state_alloc+0x2c/0x190
[  464.147440][T26109]  xfrm_state_alloc+0x2c/0x190
[  464.147529][T26109]  xfrm_add_sa+0xf4e/0x2580
[  464.147559][T26109]  xfrm_user_rcv_msg+0x566/0x660
[  464.147620][T26109]  ? obj_cgroup_charge_account+0x122/0x1a0
[  464.147652][T26109]  netlink_rcv_skb+0x123/0x220
[  464.147754][T26109]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  464.147829][T26109]  xfrm_netlink_rcv+0x48/0x60
[  464.147879][T26109]  netlink_unicast+0x5c0/0x690
[  464.147913][T26109]  netlink_sendmsg+0x58b/0x6b0
[  464.148001][T26109]  ? __pfx_netlink_sendmsg+0x10/0x10
[  464.148070][T26109]  __sock_sendmsg+0x145/0x180
[  464.148091][T26109]  ____sys_sendmsg+0x31e/0x4e0
[  464.148123][T26109]  ___sys_sendmsg+0x17b/0x1d0
[  464.148219][T26109]  __x64_sys_sendmsg+0xd4/0x160
[  464.148250][T26109]  x64_sys_call+0x191e/0x3000
[  464.148267][T26109]  do_syscall_64+0xd2/0x200
[  464.148283][T26109]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  464.148372][T26109]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  464.148400][T26109]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  464.148418][T26109] RIP: 0033:0x7f3fd695efc9
[  464.148431][T26109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  464.148504][T26109] RSP: 002b:00007f3fd53bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  464.148522][T26109] RAX: ffffffffffffffda RBX: 00007f3fd6bb5fa0 RCX: 00007f3fd695efc9
[  464.148533][T26109] RDX: 0000000000002014 RSI: 0000200000000000 RDI: 0000000000000006
[  464.148603][T26109] RBP: 00007f3fd53bf090 R08: 0000000000000000 R09: 0000000000000000
[  464.148616][T26109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  464.148628][T26109] R13: 00007f3fd6bb6038 R14: 00007f3fd6bb5fa0 R15: 00007ffcc7036c98
[  464.148646][T26109]  </TASK>
[  464.430347][T26112] lo speed is unknown, defaulting to 1000
[  464.552691][T26146] smc: net device bond0 applied user defined pnetid SYZ0
[  464.573393][T26146] smc: net device bond0 erased user defined pnetid SYZ0
[  464.698894][T26163] FAULT_INJECTION: forcing a failure.
[  464.698894][T26163] name failslab, interval 1, probability 0, space 0, times 0
[  464.711573][T26163] CPU: 0 UID: 0 PID: 26163 Comm: syz.2.7882 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  464.711670][T26163] Tainted: [W]=WARN
[  464.711677][T26163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  464.711690][T26163] Call Trace:
[  464.711697][T26163]  <TASK>
[  464.711705][T26163]  __dump_stack+0x1d/0x30
[  464.711726][T26163]  dump_stack_lvl+0xe8/0x140
[  464.711747][T26163]  dump_stack+0x15/0x1b
[  464.711765][T26163]  should_fail_ex+0x265/0x280
[  464.711816][T26163]  should_failslab+0x8c/0xb0
[  464.711844][T26163]  kmem_cache_alloc_lru_noprof+0x55/0x490
[  464.711872][T26163]  ? __d_alloc+0x3d/0x340
[  464.711946][T26163]  __d_alloc+0x3d/0x340
[  464.711973][T26163]  ? _parse_integer_limit+0x170/0x190
[  464.712004][T26163]  d_alloc_parallel+0x58/0xc70
[  464.712049][T26163]  ? _parse_integer+0x27/0x40
[  464.712077][T26163]  ? kstrtoull+0x111/0x140
[  464.712130][T26163]  ? __rcu_read_unlock+0x4f/0x70
[  464.712154][T26163]  ? __d_lookup+0x316/0x340
[  464.712172][T26163]  ? should_fail_ex+0xdb/0x280
[  464.712189][T26163]  ? should_fail_ex+0xdb/0x280
[  464.712208][T26163]  __lookup_slow+0x8c/0x250
[  464.712235][T26163]  lookup_noperm+0xc9/0x180
[  464.712290][T26163]  do_mq_open+0x181/0x4f0
[  464.712320][T26163]  ? should_fail_ex+0xdb/0x280
[  464.712376][T26163]  __x64_sys_mq_open+0xcb/0x100
[  464.712470][T26163]  x64_sys_call+0x8c6/0x3000
[  464.712488][T26163]  do_syscall_64+0xd2/0x200
[  464.712503][T26163]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  464.712525][T26163]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  464.712600][T26163]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  464.712622][T26163] RIP: 0033:0x7f41a167efc9
[  464.712682][T26163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  464.712698][T26163] RSP: 002b:00007f41a00e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0
[  464.712714][T26163] RAX: ffffffffffffffda RBX: 00007f41a18d5fa0 RCX: 00007f41a167efc9
[  464.712725][T26163] RDX: 0000000000000040 RSI: 0000000000000040 RDI: 0000200000002a00
[  464.712736][T26163] RBP: 00007f41a00e7090 R08: 0000000000000000 R09: 0000000000000000
[  464.712747][T26163] R10: 0000200000002a40 R11: 0000000000000246 R12: 0000000000000001
[  464.712835][T26163] R13: 00007f41a18d6038 R14: 00007f41a18d5fa0 R15: 00007ffdc0f46c48
[  464.712855][T26163]  </TASK>
[  465.296672][T26187] ip6t_srh: unknown srh match flags  4000
[  465.317426][T26187] 9pnet_fd: Insufficient options for proto=fd
[  466.209635][   T29] kauditd_printk_skb: 267 callbacks suppressed
[  466.209650][   T29] audit: type=1326 audit(2000000425.153:73102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26215 comm="syz.0.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  466.239561][   T29] audit: type=1326 audit(2000000425.153:73103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26215 comm="syz.0.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  466.262877][T26218] __nla_validate_parse: 1 callbacks suppressed
[  466.262893][T26218] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7898'.
[  466.263363][   T29] audit: type=1326 audit(2000000425.153:73104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26215 comm="syz.0.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  466.303134][   T29] audit: type=1326 audit(2000000425.248:73105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26217 comm="syz.0.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3fd6991885 code=0x7ffc0000
[  466.326788][   T29] audit: type=1326 audit(2000000425.248:73106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26215 comm="syz.0.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  466.350351][   T29] audit: type=1326 audit(2000000425.248:73107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26215 comm="syz.0.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  466.382897][   T29] audit: type=1326 audit(2000000425.332:73108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26215 comm="syz.0.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3fd695d810 code=0x7ffc0000
[  466.406582][   T29] audit: type=1326 audit(2000000425.332:73109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26215 comm="syz.0.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3fd695d810 code=0x7ffc0000
[  466.430214][   T29] audit: type=1326 audit(2000000425.332:73110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26215 comm="syz.0.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  466.453896][   T29] audit: type=1326 audit(2000000425.342:73111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26215 comm="syz.0.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  466.963458][T26246] netlink: 64 bytes leftover after parsing attributes in process `syz.0.7906'.
[  466.981018][T26243] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7908'.
[  467.614905][T26272] random: crng reseeded on system resumption
[  467.675354][T26270] FAULT_INJECTION: forcing a failure.
[  467.675354][T26270] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  467.688494][T26270] CPU: 1 UID: 0 PID: 26270 Comm: syz.3.7919 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  467.688593][T26270] Tainted: [W]=WARN
[  467.688600][T26270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  467.688612][T26270] Call Trace:
[  467.688619][T26270]  <TASK>
[  467.688628][T26270]  __dump_stack+0x1d/0x30
[  467.688651][T26270]  dump_stack_lvl+0xe8/0x140
[  467.688738][T26270]  dump_stack+0x15/0x1b
[  467.688754][T26270]  should_fail_ex+0x265/0x280
[  467.688842][T26270]  should_fail+0xb/0x20
[  467.688860][T26270]  should_fail_usercopy+0x1a/0x20
[  467.688888][T26270]  _copy_from_user+0x1c/0xb0
[  467.688910][T26270]  __sys_sendto+0x19e/0x330
[  467.688945][T26270]  __x64_sys_sendto+0x76/0x90
[  467.689049][T26270]  x64_sys_call+0x2d14/0x3000
[  467.689148][T26270]  do_syscall_64+0xd2/0x200
[  467.689167][T26270]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  467.689196][T26270]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.689217][T26270] RIP: 0033:0x7f91cfb4efc9
[  467.689232][T26270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  467.689275][T26270] RSP: 002b:00007f91ce5af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  467.689291][T26270] RAX: ffffffffffffffda RBX: 00007f91cfda5fa0 RCX: 00007f91cfb4efc9
[  467.689302][T26270] RDX: 000000000000000e RSI: 0000200000000180 RDI: 0000000000000003
[  467.689315][T26270] RBP: 00007f91ce5af090 R08: 0000200000000140 R09: 0000000000000014
[  467.689336][T26270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  467.689432][T26270] R13: 00007f91cfda6038 R14: 00007f91cfda5fa0 R15: 00007ffd0e4c5e28
[  467.689450][T26270]  </TASK>
[  467.981486][T26290] batadv0: entered promiscuous mode
[  467.986795][T26290] batadv0: entered allmulticast mode
[  468.071241][T26303] lo speed is unknown, defaulting to 1000
[  468.169760][T26309] lo speed is unknown, defaulting to 1000
[  468.262856][T26326] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7932'.
[  468.284225][T26326] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7932'.
[  468.436545][ T1000] Bluetooth: hci0: Frame reassembly failed (-84)
[  468.532229][T26385] batadv1: entered promiscuous mode
[  468.537619][T26385] batadv1: entered allmulticast mode
[  468.649019][T26396] ip6t_srh: unknown srh match flags  4000
[  468.657745][T26396] 9pnet_fd: Insufficient options for proto=fd
[  468.704475][T26401] lo speed is unknown, defaulting to 1000
[  468.794546][T26427] serio: Serial port ptm1
[  468.916638][T26440] lo speed is unknown, defaulting to 1000
[  469.215962][T26468] batadv0: entered promiscuous mode
[  469.221281][T26468] batadv0: entered allmulticast mode
[  469.235999][T26472] ip6t_srh: unknown srh match flags  4000
[  469.244261][T26472] 9pnet_fd: Insufficient options for proto=fd
[  469.264455][T26478] siw: device registration error -23
[  469.324909][T26483] serio: Serial port ptm2
[  469.461105][T26500] batadv0: entered promiscuous mode
[  469.466333][T26500] batadv0: entered allmulticast mode
[  469.474557][T26500] 8021q: adding VLAN 0 to HW filter on device batadv0
[  469.508672][T26506] lo speed is unknown, defaulting to 1000
[  469.922216][T26535] lo speed is unknown, defaulting to 1000
[  470.298138][T26564] batadv1: entered promiscuous mode
[  470.303416][T26564] batadv1: entered allmulticast mode
[  470.342839][T26572] smc: net device bond0 applied user defined pnetid SYZ0
[  470.350551][T26572] smc: net device bond0 erased user defined pnetid SYZ0
[  470.392912][ T3509] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  470.456676][T26583] FAULT_INJECTION: forcing a failure.
[  470.456676][T26583] name failslab, interval 1, probability 0, space 0, times 0
[  470.469390][T26583] CPU: 0 UID: 0 PID: 26583 Comm: syz.2.7975 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  470.469494][T26583] Tainted: [W]=WARN
[  470.469501][T26583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  470.469512][T26583] Call Trace:
[  470.469518][T26583]  <TASK>
[  470.469526][T26583]  __dump_stack+0x1d/0x30
[  470.469548][T26583]  dump_stack_lvl+0xe8/0x140
[  470.469567][T26583]  dump_stack+0x15/0x1b
[  470.469584][T26583]  should_fail_ex+0x265/0x280
[  470.469642][T26583]  ? __pfx_cgroup_show_path+0x10/0x10
[  470.469668][T26583]  ? cgroup_show_path+0x6a/0x2b0
[  470.469701][T26583]  should_failslab+0x8c/0xb0
[  470.469729][T26583]  __kmalloc_cache_noprof+0x4c/0x4a0
[  470.469753][T26583]  ? __pfx_cgroup_show_path+0x10/0x10
[  470.469798][T26583]  cgroup_show_path+0x6a/0x2b0
[  470.469821][T26583]  ? kernfs_sop_show_path+0xa4/0xf0
[  470.469841][T26583]  ? __pfx_cgroup_show_path+0x10/0x10
[  470.469992][T26583]  kernfs_sop_show_path+0xb6/0xf0
[  470.470014][T26583]  ? __pfx_kernfs_sop_show_path+0x10/0x10
[  470.470033][T26583]  show_path+0x5a/0x80
[  470.470068][T26583]  show_mountinfo+0xd8/0x600
[  470.470086][T26583]  m_show+0x3e/0x50
[  470.470103][T26583]  traverse+0x149/0x3a0
[  470.470122][T26583]  seq_read_iter+0x85f/0x950
[  470.470216][T26583]  ? avc_policy_seqno+0x15/0x30
[  470.470233][T26583]  ? selinux_file_permission+0x1e4/0x320
[  470.470262][T26583]  ? __pfx_seq_read_iter+0x10/0x10
[  470.470279][T26583]  vfs_read+0x64c/0x770
[  470.470360][T26583]  ? __pfx_seq_read_iter+0x10/0x10
[  470.470379][T26583]  __x64_sys_pread64+0xfd/0x150
[  470.470400][T26583]  x64_sys_call+0x29e6/0x3000
[  470.470494][T26583]  do_syscall_64+0xd2/0x200
[  470.470512][T26583]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  470.470561][T26583]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  470.470586][T26583]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.470604][T26583] RIP: 0033:0x7f41a167efc9
[  470.470656][T26583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  470.470674][T26583] RSP: 002b:00007f41a00e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  470.470692][T26583] RAX: ffffffffffffffda RBX: 00007f41a18d5fa0 RCX: 00007f41a167efc9
[  470.470704][T26583] RDX: 0000000000001000 RSI: 00002000000029c0 RDI: 0000000000000003
[  470.470714][T26583] RBP: 00007f41a00e7090 R08: 0000000000000000 R09: 0000000000000000
[  470.470725][T26583] R10: 0000000000000d36 R11: 0000000000000246 R12: 0000000000000001
[  470.470735][T26583] R13: 00007f41a18d6038 R14: 00007f41a18d5fa0 R15: 00007ffdc0f46c48
[  470.470750][T26583]  </TASK>
[  470.759527][T26592] siw: device registration error -23
[  470.788341][T26594] serio: Serial port ptm1
[  471.061915][T26603] siw: device registration error -23
[  471.082097][T26605] lo speed is unknown, defaulting to 1000
[  471.131837][T26611] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7983'.
[  472.102068][T26657] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7992'.
[  472.246089][T26662] batadv1: entered promiscuous mode
[  472.251409][T26662] batadv1: entered allmulticast mode
[  472.301164][T26659] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7994'.
[  472.312036][T26671] ip6t_srh: unknown srh match flags  4000
[  472.334223][T26671] 9pnet_fd: Insufficient options for proto=fd
[  472.386755][   T29] kauditd_printk_skb: 125 callbacks suppressed
[  472.386770][   T29] audit: type=1400 audit(2000000431.641:73237): avc:  denied  { bind } for  pid=26682 comm="syz.1.8000" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  472.412521][   T29] audit: type=1400 audit(2000000431.641:73238): avc:  denied  { name_bind } for  pid=26682 comm="syz.1.8000" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  472.434503][   T29] audit: type=1400 audit(2000000431.641:73239): avc:  denied  { node_bind } for  pid=26682 comm="syz.1.8000" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  472.505382][T26683] audit: audit_lost=20 audit_rate_limit=0 audit_backlog_limit=64
[  472.513233][T26683] audit: out of memory in audit_log_start
[  472.568327][T26681] serio: Serial port ptm1
[  472.828069][   T29] audit: type=1326 audit(2000000432.103:73240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26696 comm="syz.0.8004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  472.878082][   T29] audit: type=1326 audit(2000000432.103:73241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26696 comm="syz.0.8004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  472.901788][   T29] audit: type=1326 audit(2000000432.103:73242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26696 comm="syz.0.8004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  472.978748][   T29] audit: type=1326 audit(2000000432.239:73243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26696 comm="syz.0.8004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  473.002407][   T29] audit: type=1326 audit(2000000432.239:73244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26696 comm="syz.0.8004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  473.079364][T26701] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8006'.
[  473.217850][T26713] pim6reg1: entered promiscuous mode
[  473.223465][T26713] pim6reg1: entered allmulticast mode
[  473.242950][T26713] netlink: 'wÞ£ÿ': attribute type 13 has an invalid length.
[  473.254707][T26714] lo speed is unknown, defaulting to 1000
[  473.414677][T26735] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8018'.
[  473.425337][T26713] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  473.548851][T26747] serio: Serial port ptm1
[  473.853789][T26782] ip6t_srh: unknown srh match flags  4000
[  473.866924][T26779] lo speed is unknown, defaulting to 1000
[  473.882997][T26782] 9pnet_fd: Insufficient options for proto=fd
[  473.913796][T26789] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8026'.
[  473.974594][T26799] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  473.981145][T26799] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  473.988702][T26799] vhci_hcd vhci_hcd.0: Device attached
[  474.001243][T26810] vhci_hcd: connection closed
[  474.001416][   T31] vhci_hcd: stop threads
[  474.010721][   T31] vhci_hcd: release socket
[  474.015179][   T31] vhci_hcd: disconnect device
[  474.339076][T26837] smc: net device bond0 applied user defined pnetid SYZ0
[  474.356876][T26837] smc: net device bond0 erased user defined pnetid SYZ0
[  474.366189][T26841] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8033'.
[  474.509176][T26858] lo speed is unknown, defaulting to 1000
[  474.582772][T26871] ip6t_srh: unknown srh match flags  4000
[  474.594674][T26871] 9pnet_fd: Insufficient options for proto=fd
[  474.650776][T26892] lo speed is unknown, defaulting to 1000
[  474.660903][T26898] FAULT_INJECTION: forcing a failure.
[  474.660903][T26898] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  474.674075][T26898] CPU: 0 UID: 0 PID: 26898 Comm: syz.1.8044 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  474.674173][T26898] Tainted: [W]=WARN
[  474.674179][T26898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  474.674223][T26898] Call Trace:
[  474.674230][T26898]  <TASK>
[  474.674239][T26898]  __dump_stack+0x1d/0x30
[  474.674259][T26898]  dump_stack_lvl+0xe8/0x140
[  474.674277][T26898]  dump_stack+0x15/0x1b
[  474.674295][T26898]  should_fail_ex+0x265/0x280
[  474.674315][T26898]  should_fail+0xb/0x20
[  474.674333][T26898]  should_fail_usercopy+0x1a/0x20
[  474.674354][T26898]  _copy_to_user+0x20/0xa0
[  474.674374][T26898]  simple_read_from_buffer+0xb5/0x130
[  474.674394][T26898]  proc_fail_nth_read+0x10e/0x150
[  474.674478][T26898]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  474.674504][T26898]  vfs_read+0x1a8/0x770
[  474.674667][T26898]  ? __rcu_read_unlock+0x4f/0x70
[  474.674687][T26898]  ? __fget_files+0x184/0x1c0
[  474.674713][T26898]  ksys_read+0xda/0x1a0
[  474.674737][T26898]  __x64_sys_read+0x40/0x50
[  474.674769][T26898]  x64_sys_call+0x27c0/0x3000
[  474.674791][T26898]  do_syscall_64+0xd2/0x200
[  474.674809][T26898]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  474.674880][T26898]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  474.674908][T26898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.674951][T26898] RIP: 0033:0x7f4c8c33d9dc
[  474.675024][T26898] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  474.675041][T26898] RSP: 002b:00007f4c8ada7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  474.675057][T26898] RAX: ffffffffffffffda RBX: 00007f4c8c595fa0 RCX: 00007f4c8c33d9dc
[  474.675068][T26898] RDX: 000000000000000f RSI: 00007f4c8ada70a0 RDI: 0000000000000006
[  474.675096][T26898] RBP: 00007f4c8ada7090 R08: 0000000000000000 R09: 0000000000000000
[  474.675109][T26898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  474.675122][T26898] R13: 00007f4c8c596038 R14: 00007f4c8c595fa0 R15: 00007fff2f280ae8
[  474.675163][T26898]  </TASK>
[  474.924763][T26902] netlink: 'syz.2.8045': attribute type 1 has an invalid length.
[  475.087569][T26936] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  475.094110][T26936] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  475.101688][T26936] vhci_hcd vhci_hcd.0: Device attached
[  475.105951][T26902] netdevsim netdevsim2: Direct firmware load for ./file0/file1 failed with error -2
[  475.117348][T26937] vhci_hcd: connection closed
[  475.117553][ T1000] vhci_hcd: stop threads
[  475.126529][ T1000] vhci_hcd: release socket
[  475.131072][ T1000] vhci_hcd: disconnect device
[  475.139487][T26940] netlink: 'syz.5.8052': attribute type 4 has an invalid length.
[  475.274426][T26947] ip6t_srh: unknown srh match flags  4000
[  475.289178][T26947] 9pnet_fd: Insufficient options for proto=fd
[  475.391909][T26962] cgroup: Need name or subsystem set
[  475.484616][T26969] xt_CT: You must specify a L4 protocol and not use inversions on it
[  475.668429][T26982] ip6t_srh: unknown srh match flags  4000
[  475.678440][T26982] 9pnet_fd: Insufficient options for proto=fd
[  475.703426][T26986] FAULT_INJECTION: forcing a failure.
[  475.703426][T26986] name failslab, interval 1, probability 0, space 0, times 0
[  475.716103][T26986] CPU: 1 UID: 0 PID: 26986 Comm: syz.1.8070 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  475.716134][T26986] Tainted: [W]=WARN
[  475.716140][T26986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  475.716152][T26986] Call Trace:
[  475.716160][T26986]  <TASK>
[  475.716168][T26986]  __dump_stack+0x1d/0x30
[  475.716269][T26986]  dump_stack_lvl+0xe8/0x140
[  475.716364][T26986]  dump_stack+0x15/0x1b
[  475.716380][T26986]  should_fail_ex+0x265/0x280
[  475.716397][T26986]  should_failslab+0x8c/0xb0
[  475.716428][T26986]  kmem_cache_alloc_noprof+0x50/0x480
[  475.716455][T26986]  ? audit_log_start+0x342/0x720
[  475.716684][T26986]  audit_log_start+0x342/0x720
[  475.716707][T26986]  audit_seccomp+0x48/0x100
[  475.716735][T26986]  ? __seccomp_filter+0x82d/0x1250
[  475.716761][T26986]  __seccomp_filter+0x83e/0x1250
[  475.716785][T26986]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  475.716868][T26986]  ? vfs_write+0x7e8/0x960
[  475.716890][T26986]  ? __rcu_read_unlock+0x4f/0x70
[  475.716975][T26986]  ? __fget_files+0x184/0x1c0
[  475.717004][T26986]  __secure_computing+0x82/0x150
[  475.717048][T26986]  syscall_trace_enter+0xcf/0x1e0
[  475.717073][T26986]  do_syscall_64+0xac/0x200
[  475.717089][T26986]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  475.717184][T26986]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  475.717210][T26986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  475.717309][T26986] RIP: 0033:0x7f4c8c33d9dc
[  475.717322][T26986] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  475.717340][T26986] RSP: 002b:00007f4c8ada7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  475.717360][T26986] RAX: ffffffffffffffda RBX: 00007f4c8c595fa0 RCX: 00007f4c8c33d9dc
[  475.717373][T26986] RDX: 000000000000000f RSI: 00007f4c8ada70a0 RDI: 0000000000000008
[  475.717384][T26986] RBP: 00007f4c8ada7090 R08: 0000000000000000 R09: 0000000000000000
[  475.717395][T26986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  475.717443][T26986] R13: 00007f4c8c596038 R14: 00007f4c8c595fa0 R15: 00007fff2f280ae8
[  475.717459][T26986]  </TASK>
[  475.789765][T26987] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  475.789765][T26987]    program syz.0.8069 not setting count and/or reply_len properly
[  476.094845][T27006] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  476.101373][T27006] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  476.108921][T27006] vhci_hcd vhci_hcd.0: Device attached
[  476.142334][T27008] vhci_hcd: connection closed
[  476.142547][T10896] vhci_hcd: stop threads
[  476.151639][T10896] vhci_hcd: release socket
[  476.156194][T10896] vhci_hcd: disconnect device
[  476.177184][T27016] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8081'.
[  476.202943][T27014] batadv1: entered promiscuous mode
[  476.208197][T27014] batadv1: entered allmulticast mode
[  476.235361][T27016] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8081'.
[  476.356831][T27039] smc: net device bond0 applied user defined pnetid SYZ0
[  476.364306][T27039] smc: net device bond0 erased user defined pnetid SYZ0
[  476.455999][T27055] netlink: 'syz.2.8096': attribute type 4 has an invalid length.
[  476.466217][T27053] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8093'.
[  476.514605][T27062] smc: net device bond0 applied user defined pnetid SYZ0
[  476.528774][T27062] smc: net device bond0 erased user defined pnetid SYZ0
[  476.537898][T27053] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8093'.
[  476.582750][T27067] ip6t_srh: unknown srh match flags  4000
[  476.597913][T27067] 9pnet_fd: Insufficient options for proto=fd
[  476.758522][T27085] cgroup: Need name or subsystem set
[  477.220804][T27101] ip6t_srh: unknown srh match flags  4000
[  477.264353][T27101] 9pnet_fd: Insufficient options for proto=fd
[  477.341060][T27108] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  477.347596][T27108] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  477.355220][T27108] vhci_hcd vhci_hcd.0: Device attached
[  477.404935][T27109] vhci_hcd: connection closed
[  477.408857][T10899] vhci_hcd: stop threads
[  477.417911][T10899] vhci_hcd: release socket
[  477.422323][T10899] vhci_hcd: disconnect device
[  477.747818][   T29] kauditd_printk_skb: 67 callbacks suppressed
[  477.747833][   T29] audit: type=1326 audit(2000000437.268:73310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27096 comm="syz.1.8113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  477.821967][   T29] audit: type=1326 audit(2000000437.299:73311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27096 comm="syz.1.8113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  477.845854][   T29] audit: type=1326 audit(2000000437.299:73312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27096 comm="syz.1.8113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  477.869469][   T29] audit: type=1326 audit(2000000437.299:73313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27096 comm="syz.1.8113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  477.923784][T27122] smc: net device bond0 applied user defined pnetid SYZ0
[  477.939473][T27122] smc: net device bond0 erased user defined pnetid SYZ0
[  478.076643][T27130] lo speed is unknown, defaulting to 1000
[  478.207037][T27151] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  478.213682][T27151] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  478.221253][T27151] vhci_hcd vhci_hcd.0: Device attached
[  478.229725][T27140] siw: device registration error -23
[  478.470547][T27152] vhci_hcd: connection closed
[  478.503679][   T31] vhci_hcd: stop threads
[  478.512699][   T31] vhci_hcd: release socket
[  478.517192][   T31] vhci_hcd: disconnect device
[  478.556650][T27113] usb 1-1: new low-speed USB device number 2 using vhci_hcd
[  478.564860][T27113] usb 1-1: enqueue for inactive port 0
[  478.570678][T27113] usb 1-1: enqueue for inactive port 0
[  478.578076][T27113] usb 1-1: enqueue for inactive port 0
[  478.589544][T27174] ip6t_srh: unknown srh match flags  4000
[  478.598345][T27174] 9pnet_fd: Insufficient options for proto=fd
[  478.699388][T27113] vhci_hcd: vhci_device speed not set
[  478.954452][T27190] lo speed is unknown, defaulting to 1000
[  479.555203][T27231] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) !
[  479.588774][T27235] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8145'.
[  479.605719][T27235] netlink: 32 bytes leftover after parsing attributes in process `syz.0.8145'.
[  479.695273][   T29] audit: type=1326 audit(2000000439.294:73314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27186 comm="syz.2.8135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a167efc9 code=0x7fc00000
[  479.890068][   T29] audit: type=1326 audit(2000000439.472:73315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27241 comm="syz.0.8147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  479.913773][   T29] audit: type=1326 audit(2000000439.472:73316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27241 comm="syz.0.8147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  479.937348][   T29] audit: type=1326 audit(2000000439.472:73317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27241 comm="syz.0.8147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  479.961011][   T29] audit: type=1326 audit(2000000439.472:73318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27241 comm="syz.0.8147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  479.971216][T27249] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  479.984589][   T29] audit: type=1326 audit(2000000439.472:73319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27241 comm="syz.0.8147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  480.122986][T27254] batadv1: entered promiscuous mode
[  480.128252][T27254] batadv1: entered allmulticast mode
[  480.468784][T27273] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8156'.
[  480.605834][T27301] batadv1: entered promiscuous mode
[  480.611091][T27301] batadv1: entered allmulticast mode
[  480.617527][T27303] FAULT_INJECTION: forcing a failure.
[  480.617527][T27303] name failslab, interval 1, probability 0, space 0, times 0
[  480.630254][T27303] CPU: 1 UID: 0 PID: 27303 Comm: syz.2.8170 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  480.630282][T27303] Tainted: [W]=WARN
[  480.630314][T27303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  480.630325][T27303] Call Trace:
[  480.630333][T27303]  <TASK>
[  480.630341][T27303]  __dump_stack+0x1d/0x30
[  480.630363][T27303]  dump_stack_lvl+0xe8/0x140
[  480.630383][T27303]  dump_stack+0x15/0x1b
[  480.630392][T27303]  should_fail_ex+0x265/0x280
[  480.630404][T27303]  should_failslab+0x8c/0xb0
[  480.630420][T27303]  kmem_cache_alloc_noprof+0x50/0x480
[  480.630435][T27303]  ? security_file_alloc+0x32/0x100
[  480.630473][T27303]  security_file_alloc+0x32/0x100
[  480.630487][T27303]  init_file+0x5c/0x1d0
[  480.630496][T27303]  alloc_empty_file+0x8b/0x200
[  480.630549][T27303]  path_openat+0x68/0x2170
[  480.630601][T27303]  ? kernelmode_fixup_or_oops+0x59/0xb0
[  480.630615][T27303]  ? kernelmode_fixup_or_oops+0x59/0xb0
[  480.630627][T27303]  ? _parse_integer_limit+0x170/0x190
[  480.630661][T27303]  do_filp_open+0x109/0x230
[  480.630726][T27303]  do_open_execat+0xd8/0x260
[  480.630738][T27303]  alloc_bprm+0x25/0x350
[  480.630761][T27303]  do_execveat_common+0x12e/0x750
[  480.630800][T27303]  ? getname_flags+0x154/0x3b0
[  480.630817][T27303]  __x64_sys_execveat+0x73/0x90
[  480.630831][T27303]  x64_sys_call+0x1fec/0x3000
[  480.630843][T27303]  do_syscall_64+0xd2/0x200
[  480.630924][T27303]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  480.630939][T27303]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  480.630954][T27303]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.630967][T27303] RIP: 0033:0x7f41a167efc9
[  480.631012][T27303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  480.631023][T27303] RSP: 002b:00007f41a00e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  480.631034][T27303] RAX: ffffffffffffffda RBX: 00007f41a18d5fa0 RCX: 00007f41a167efc9
[  480.631041][T27303] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  480.631048][T27303] RBP: 00007f41a00e7090 R08: 0000000000001000 R09: 0000000000000000
[  480.631089][T27303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  480.631096][T27303] R13: 00007f41a18d6038 R14: 00007f41a18d5fa0 R15: 00007ffdc0f46c48
[  480.631123][T27303]  </TASK>
[  480.950602][T27319] lo speed is unknown, defaulting to 1000
[  481.134643][T27373] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8183'.
[  481.880113][T27397] siw: device registration error -23
[  481.940858][T27401] lo speed is unknown, defaulting to 1000
[  482.279672][T27450] ip6t_srh: unknown srh match flags  4000
[  482.298146][T27450] 9pnet_fd: Insufficient options for proto=fd
[  482.369462][T27461] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8209'.
[  482.493100][T27485] lo speed is unknown, defaulting to 1000
[  482.538901][   T29] kauditd_printk_skb: 700 callbacks suppressed
[  482.538932][   T29] audit: type=1326 audit(2000000442.296:74020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27467 comm="syz.0.8211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  482.611558][   T29] audit: type=1326 audit(2000000442.338:74021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27467 comm="syz.0.8211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  482.635276][   T29] audit: type=1326 audit(2000000442.338:74022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27467 comm="syz.0.8211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  482.658885][   T29] audit: type=1326 audit(2000000442.338:74023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27467 comm="syz.0.8211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  482.682495][   T29] audit: type=1326 audit(2000000442.338:74024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27467 comm="syz.0.8211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  482.706151][   T29] audit: type=1326 audit(2000000442.338:74025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27467 comm="syz.0.8211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  482.729743][   T29] audit: type=1326 audit(2000000442.338:74026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27467 comm="syz.0.8211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  482.753320][   T29] audit: type=1326 audit(2000000442.338:74027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27467 comm="syz.0.8211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  482.776960][   T29] audit: type=1326 audit(2000000442.349:74028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27467 comm="syz.0.8211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  482.800550][   T29] audit: type=1326 audit(2000000442.349:74029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27467 comm="syz.0.8211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  483.082337][T27540] ip6t_srh: unknown srh match flags  4000
[  483.109708][T27540] 9pnet_fd: Insufficient options for proto=fd
[  483.148802][T27550] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8223'.
[  483.220647][T27565] serio: Serial port ptm0
[  483.264813][T27575] lo speed is unknown, defaulting to 1000
[  483.300670][T27582] siw: device registration error -23
[  483.488365][T27612] siw: device registration error -23
[  483.510460][T27610] FAULT_INJECTION: forcing a failure.
[  483.510460][T27610] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  483.523786][T27610] CPU: 0 UID: 0 PID: 27610 Comm: syz.2.8229 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  483.523848][T27610] Tainted: [W]=WARN
[  483.523855][T27610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  483.523864][T27610] Call Trace:
[  483.523871][T27610]  <TASK>
[  483.523878][T27610]  __dump_stack+0x1d/0x30
[  483.523898][T27610]  dump_stack_lvl+0xe8/0x140
[  483.524044][T27610]  dump_stack+0x15/0x1b
[  483.524062][T27610]  should_fail_ex+0x265/0x280
[  483.524082][T27610]  should_fail_alloc_page+0xf2/0x100
[  483.524159][T27610]  __alloc_frozen_pages_noprof+0xff/0x360
[  483.524193][T27610]  alloc_pages_mpol+0xb3/0x260
[  483.524319][T27610]  folio_alloc_mpol_noprof+0x39/0x80
[  483.524340][T27610]  shmem_get_folio_gfp+0x3cf/0xd60
[  483.524376][T27610]  shmem_write_begin+0xa8/0x190
[  483.524398][T27610]  generic_perform_write+0x184/0x490
[  483.524424][T27610]  shmem_file_write_iter+0xc5/0xf0
[  483.524466][T27610]  iter_file_splice_write+0x666/0xa60
[  483.524503][T27610]  ? __pfx_iter_file_splice_write+0x10/0x10
[  483.524527][T27610]  do_splice+0x972/0x10b0
[  483.524550][T27610]  ? __rcu_read_unlock+0x4f/0x70
[  483.524653][T27610]  ? __fget_files+0x184/0x1c0
[  483.524679][T27610]  __se_sys_splice+0x26c/0x3a0
[  483.524704][T27610]  __x64_sys_splice+0x78/0x90
[  483.524763][T27610]  x64_sys_call+0x28a7/0x3000
[  483.524781][T27610]  do_syscall_64+0xd2/0x200
[  483.524797][T27610]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  483.524846][T27610]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  483.524874][T27610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  483.524958][T27610] RIP: 0033:0x7f41a167efc9
[  483.525044][T27610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  483.525135][T27610] RSP: 002b:00007f41a00c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  483.525152][T27610] RAX: ffffffffffffffda RBX: 00007f41a18d6090 RCX: 00007f41a167efc9
[  483.525162][T27610] RDX: 000000000000000c RSI: 0000000000000000 RDI: 000000000000000a
[  483.525173][T27610] RBP: 00007f41a00c6090 R08: 00000000000408cd R09: 0000000000000000
[  483.525185][T27610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  483.525196][T27610] R13: 00007f41a18d6128 R14: 00007f41a18d6090 R15: 00007ffdc0f46c48
[  483.525212][T27610]  </TASK>
[  484.343100][T27637] lo speed is unknown, defaulting to 1000
[  484.800464][T27670] lo speed is unknown, defaulting to 1000
[  485.213999][T27720] lo speed is unknown, defaulting to 1000
[  485.327204][T27740] netlink: 'syz.0.8256': attribute type 21 has an invalid length.
[  485.345546][T27745] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8255'.
[  485.354591][T27745] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8255'.
[  485.363569][T27745] netlink: 30 bytes leftover after parsing attributes in process `syz.1.8255'.
[  485.616464][T27770] smc: net device bond0 applied user defined pnetid SYZ0
[  485.638491][T27770] smc: net device bond0 erased user defined pnetid SYZ0
[  485.920392][T27800] lo: left allmulticast mode
[  485.925641][T27800] tunl0: left allmulticast mode
[  485.930738][T27800] gre0: left allmulticast mode
[  485.935634][T27800] gretap0: left allmulticast mode
[  485.940805][T27800] erspan0: left allmulticast mode
[  485.946032][T27800] ip_vti0: left allmulticast mode
[  485.951138][T27800] ip6_vti0: left allmulticast mode
[  485.956340][T27800] sit0: left allmulticast mode
[  485.961381][T27800] ip6tnl0: left allmulticast mode
[  485.966490][T27800] ip6gre0: left allmulticast mode
[  485.971890][T27800] syz_tun: left allmulticast mode
[  485.977110][T27800] ip6gretap0: left allmulticast mode
[  485.982497][T27800] vcan0: left allmulticast mode
[  485.987639][T27800] bond0: left allmulticast mode
[  485.992762][T27800] team0: left allmulticast mode
[  485.998612][T27800] dummy0: left allmulticast mode
[  486.004108][T27800] nlmon0: left allmulticast mode
[  486.009344][T27800] caif0: left allmulticast mode
[  486.014372][T27800] batadv0: left allmulticast mode
[  486.019629][T27800] vxcan0: left allmulticast mode
[  486.024650][T27800] vxcan1: left allmulticast mode
[  486.029683][T27800] veth0: left allmulticast mode
[  486.034612][T27800] veth1: left allmulticast mode
[  486.039517][T27800] wg0: left allmulticast mode
[  486.044257][T27800] wg1: left allmulticast mode
[  486.049427][T27800] wg2: left allmulticast mode
[  486.054307][T27800] veth0_to_bridge: left allmulticast mode
[  486.060251][T27800] bridge_slave_0: left allmulticast mode
[  486.065978][T27800] veth1_to_bridge: left allmulticast mode
[  486.071836][T27800] bridge_slave_1: left allmulticast mode
[  486.077611][T27800] veth0_to_bond: left allmulticast mode
[  486.083366][T27800] bond_slave_0: left allmulticast mode
[  486.089012][T27800] veth1_to_bond: left allmulticast mode
[  486.094696][T27800] bond_slave_1: left allmulticast mode
[  486.098144][T27799] ip6t_srh: unknown srh match flags  4000
[  486.100208][T27800] veth0_to_team: left allmulticast mode
[  486.110943][T27799] 9pnet_fd: Insufficient options for proto=fd
[  486.111526][T27800] team_slave_0: left allmulticast mode
[  486.123067][T27800] veth1_to_team: left allmulticast mode
[  486.128788][T27800] team_slave_1: left allmulticast mode
[  486.134348][T27800] veth0_to_batadv: left allmulticast mode
[  486.140244][T27800] batadv_slave_0: left allmulticast mode
[  486.145994][T27800] xfrm0: left allmulticast mode
[  486.150979][T27800] veth0_to_hsr: left allmulticast mode
[  486.156733][T27800] veth1_to_hsr: left allmulticast mode
[  486.162243][T27800] hsr0: left allmulticast mode
[  486.167067][T27800] hsr_slave_0: left allmulticast mode
[  486.172522][T27800] hsr_slave_1: left allmulticast mode
[  486.177942][T27800] veth1_virt_wifi: left allmulticast mode
[  486.183741][T27800] veth0_virt_wifi: left allmulticast mode
[  486.189568][T27800] veth1_vlan: left allmulticast mode
[  486.194917][T27800] vlan0: left allmulticast mode
[  486.199863][T27800] vlan1: left allmulticast mode
[  486.204743][T27800] macvlan0: left allmulticast mode
[  486.209952][T27800] macvlan1: left allmulticast mode
[  486.215137][T27800] ipvlan0: left allmulticast mode
[  486.220309][T27800] ipvlan1: left allmulticast mode
[  486.225485][T27800] veth1_macvtap: left allmulticast mode
[  486.231078][T27800] veth0_macvtap: left allmulticast mode
[  486.236770][T27800] macvtap0: left allmulticast mode
[  486.241928][T27800] macsec0: left allmulticast mode
[  486.247046][T27800] geneve0: left allmulticast mode
[  486.252227][T27800] geneve1: left allmulticast mode
[  486.257397][T27800] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[  486.264729][T27800] netdevsim netdevsim2 netdevsim1: left allmulticast mode
[  486.272041][T27800] netdevsim netdevsim2 netdevsim2: left allmulticast mode
[  486.279508][T27800] netdevsim netdevsim2 netdevsim3: left allmulticast mode
[  486.286787][T27800] veth0_vlan.768: left allmulticast mode
[  486.292435][T27800] veth0_vlan: left allmulticast mode
[  486.297865][T27800] syztnl1: left allmulticast mode
[  486.322301][T27822] lo speed is unknown, defaulting to 1000
[  486.347585][T27826] netlink: 10 bytes leftover after parsing attributes in process `syz.0.8275'.
[  486.419480][T27857] siw: device registration error -23
[  486.532244][T27873] ip6t_srh: unknown srh match flags  4000
[  486.540877][T27873] 9pnet_fd: Insufficient options for proto=fd
[  486.696888][T27887] lo speed is unknown, defaulting to 1000
[  486.927042][T27925] lo speed is unknown, defaulting to 1000
[  487.105748][T27952] ip6t_srh: unknown srh match flags  4000
[  487.113228][T27945] lo speed is unknown, defaulting to 1000
[  487.113512][T27952] 9pnet_fd: Insufficient options for proto=fd
[  487.624707][   T29] kauditd_printk_skb: 337 callbacks suppressed
[  487.624723][   T29] audit: type=1326 audit(2000000447.598:74367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27902 comm="syz.1.8296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c8c33efc9 code=0x7fc00000
[  487.726253][T27991] netlink: 'syz.1.8304': attribute type 4 has an invalid length.
[  487.839359][T28000] FAULT_INJECTION: forcing a failure.
[  487.839359][T28000] name failslab, interval 1, probability 0, space 0, times 0
[  487.852062][T28000] CPU: 0 UID: 0 PID: 28000 Comm: syz.0.8309 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  487.852100][T28000] Tainted: [W]=WARN
[  487.852107][T28000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  487.852117][T28000] Call Trace:
[  487.852123][T28000]  <TASK>
[  487.852131][T28000]  __dump_stack+0x1d/0x30
[  487.852150][T28000]  dump_stack_lvl+0xe8/0x140
[  487.852167][T28000]  dump_stack+0x15/0x1b
[  487.852235][T28000]  should_fail_ex+0x265/0x280
[  487.852251][T28000]  should_failslab+0x8c/0xb0
[  487.852326][T28000]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  487.852403][T28000]  ? __alloc_skb+0x101/0x320
[  487.852447][T28000]  __alloc_skb+0x101/0x320
[  487.852515][T28000]  netlink_alloc_large_skb+0xbf/0xf0
[  487.852543][T28000]  netlink_sendmsg+0x3cf/0x6b0
[  487.852606][T28000]  ? __pfx_netlink_sendmsg+0x10/0x10
[  487.852625][T28000]  __sock_sendmsg+0x145/0x180
[  487.852649][T28000]  ____sys_sendmsg+0x31e/0x4e0
[  487.852724][T28000]  ___sys_sendmsg+0x17b/0x1d0
[  487.852761][T28000]  __x64_sys_sendmsg+0xd4/0x160
[  487.852794][T28000]  x64_sys_call+0x191e/0x3000
[  487.852816][T28000]  do_syscall_64+0xd2/0x200
[  487.852843][T28000]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  487.852938][T28000]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  487.852967][T28000]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  487.852989][T28000] RIP: 0033:0x7f3fd695efc9
[  487.853009][T28000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  487.853023][T28000] RSP: 002b:00007f3fd53bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  487.853041][T28000] RAX: ffffffffffffffda RBX: 00007f3fd6bb5fa0 RCX: 00007f3fd695efc9
[  487.853133][T28000] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000006
[  487.853145][T28000] RBP: 00007f3fd53bf090 R08: 0000000000000000 R09: 0000000000000000
[  487.853236][T28000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  487.853247][T28000] R13: 00007f3fd6bb6038 R14: 00007f3fd6bb5fa0 R15: 00007ffcc7036c98
[  487.853264][T28000]  </TASK>
[  488.088470][T28009] siw: device registration error -23
[  488.101223][T28007] lo speed is unknown, defaulting to 1000
[  488.265385][T28041] lo speed is unknown, defaulting to 1000
[  488.299809][T28047] cgroup: Need name or subsystem set
[  488.705101][T28080] ip6t_srh: unknown srh match flags  4000
[  488.729213][T28080] 9pnet_fd: Insufficient options for proto=fd
[  488.772296][T28085] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8322'.
[  488.837308][T28085] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8322'.
[  488.939628][   T29] audit: type=1326 audit(2000000449.015:74368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28017 comm="syz.0.8314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7fc00000
[  489.150310][T28108] ip6t_srh: unknown srh match flags  4000
[  489.179453][T28108] 9pnet_fd: Insufficient options for proto=fd
[  489.403205][T28125] lo speed is unknown, defaulting to 1000
[  490.114597][   T29] audit: type=1326 audit(2000000450.233:74369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28117 comm="syz.0.8338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7fc00000
[  490.282778][   T31] $Hÿ (unregistering): (slave bond_slave_0): Releasing backup interface
[  490.301630][   T31] bond_slave_0: left promiscuous mode
[  490.307613][   T31] $Hÿ (unregistering): (slave bond_slave_1): Releasing backup interface
[  490.331085][   T29] audit: type=1326 audit(2000000450.464:74370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28198 comm="syz.2.8349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a167efc9 code=0x7ffc0000
[  490.355180][   T29] audit: type=1326 audit(2000000450.464:74371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28198 comm="syz.2.8349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a167efc9 code=0x7ffc0000
[  490.378781][   T29] audit: type=1326 audit(2000000450.464:74372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28198 comm="syz.2.8349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41a167efc9 code=0x7ffc0000
[  490.402359][   T29] audit: type=1326 audit(2000000450.464:74373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28198 comm="syz.2.8349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a167efc9 code=0x7ffc0000
[  490.426004][   T29] audit: type=1326 audit(2000000450.464:74374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28198 comm="syz.2.8349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a167efc9 code=0x7ffc0000
[  490.449641][   T29] audit: type=1326 audit(2000000450.464:74375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28198 comm="syz.2.8349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f41a167efc9 code=0x7ffc0000
[  490.473569][   T29] audit: type=1326 audit(2000000450.474:74376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28198 comm="syz.2.8349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a167efc9 code=0x7ffc0000
[  490.500939][   T31] bond_slave_1: left promiscuous mode
[  490.507154][   T31] $Hÿ (unregistering): Released all slaves
[  490.551979][T28164] lo speed is unknown, defaulting to 1000
[  490.681875][   T31] hsr_slave_0: left promiscuous mode
[  490.690690][   T31] hsr_slave_1: left promiscuous mode
[  490.715519][T28208] ip6t_srh: unknown srh match flags  4000
[  490.735473][   T31] team0 (unregistering): Port device team_slave_1 removed
[  490.757100][   T31] team0 (unregistering): Port device team_slave_0 removed
[  490.782965][T28208] 9pnet_fd: Insufficient options for proto=fd
[  490.856146][T28266] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  490.862694][T28266] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  490.870208][T28266] vhci_hcd vhci_hcd.0: Device attached
[  490.898639][T28288] vhci_hcd: connection closed
[  490.898804][T10896] vhci_hcd: stop threads
[  490.907807][T10896] vhci_hcd: release socket
[  490.912261][T10896] vhci_hcd: disconnect device
[  490.920065][T28164] chnl_net:caif_netlink_parms(): no params data found
[  491.017015][T28164] bridge0: port 1(bridge_slave_0) entered blocking state
[  491.024224][T28164] bridge0: port 1(bridge_slave_0) entered disabled state
[  491.041513][T28164] bridge_slave_0: entered allmulticast mode
[  491.048397][T28164] bridge_slave_0: entered promiscuous mode
[  491.068634][T28164] bridge0: port 2(bridge_slave_1) entered blocking state
[  491.075804][T28164] bridge0: port 2(bridge_slave_1) entered disabled state
[  491.090306][T28164] bridge_slave_1: entered allmulticast mode
[  491.097081][T28164] bridge_slave_1: entered promiscuous mode
[  491.113054][   T31] IPVS: stop unused estimator thread 0...
[  491.141030][T28164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  491.161190][T28164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  491.196534][T28164] team0: Port device team_slave_0 added
[  491.203612][T28164] team0: Port device team_slave_1 added
[  491.229104][T28428] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  491.237639][T28428] netlink: 348 bytes leftover after parsing attributes in process `+}[@'.
[  491.246200][T28428] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  491.254675][T28428] netlink: 348 bytes leftover after parsing attributes in process `+}[@'.
[  491.284135][T28164] batman_adv: batadv0: Adding interface: batadv_slave_0
[  491.291166][T28164] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  491.317135][T28164] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  491.328858][T28164] batman_adv: batadv0: Adding interface: batadv_slave_1
[  491.335837][T28164] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  491.361763][T28164] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  491.398830][T28164] hsr_slave_0: entered promiscuous mode
[  491.407471][T28164] hsr_slave_1: entered promiscuous mode
[  491.413427][T28487] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  491.413581][T28164] debugfs: 'hsr0' already exists in 'hsr'
[  491.419939][T28487] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  491.420030][T28487] vhci_hcd vhci_hcd.0: Device attached
[  491.425693][T28164] Cannot create hsr debugfs directory
[  491.448496][T28483] siw: device registration error -23
[  491.456400][T28488] vhci_hcd: connection closed
[  491.456617][T10899] vhci_hcd: stop threads
[  491.465603][T10899] vhci_hcd: release socket
[  491.470060][T10899] vhci_hcd: disconnect device
[  491.605662][T28559] ip6t_srh: unknown srh match flags  4000
[  491.613272][T28559] 9pnet_fd: Insufficient options for proto=fd
[  491.873665][T28164] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  491.891772][T28164] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  491.909585][T28164] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  491.929511][T28164] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  492.018521][T28164] 8021q: adding VLAN 0 to HW filter on device bond0
[  492.043668][T28164] 8021q: adding VLAN 0 to HW filter on device team0
[  492.061021][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  492.068170][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  492.100052][T28164] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  492.110538][T28164] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  492.417854][ T3509] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  492.424899][   T29] kauditd_printk_skb: 17 callbacks suppressed
[  492.424910][   T29] audit: type=1326 audit(2000000452.668:74394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28198 comm="syz.2.8349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a167efc9 code=0x7ffc0000
[  492.454731][   T29] audit: type=1326 audit(2000000452.668:74395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28198 comm="syz.2.8349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a167efc9 code=0x7ffc0000
[  492.570983][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  492.578060][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  492.643964][T28164] 8021q: adding VLAN 0 to HW filter on device batadv0
[  492.795746][T28164] veth0_vlan: entered promiscuous mode
[  492.819183][T28164] veth1_vlan: entered promiscuous mode
[  492.877592][T28164] veth0_macvtap: entered promiscuous mode
[  492.894778][T28164] veth1_macvtap: entered promiscuous mode
[  492.899743][   T29] audit: type=1326 audit(2000000453.172:74396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28618 comm="syz.5.8373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721eb8efc9 code=0x7ffc0000
[  492.915880][T28164] batman_adv: batadv0: Interface activated: batadv_slave_0
[  492.924109][   T29] audit: type=1326 audit(2000000453.172:74397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28618 comm="syz.5.8373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721eb8efc9 code=0x7ffc0000
[  492.929061][   T29] audit: type=1326 audit(2000000453.204:74398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28618 comm="syz.5.8373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f721eb8efc9 code=0x7ffc0000
[  492.953657][T28164] batman_adv: batadv0: Interface activated: batadv_slave_1
[  492.954980][   T29] audit: type=1326 audit(2000000453.204:74399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28618 comm="syz.5.8373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721eb8efc9 code=0x7ffc0000
[  493.009212][   T29] audit: type=1326 audit(2000000453.204:74400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28618 comm="syz.5.8373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721eb8efc9 code=0x7ffc0000
[  493.032772][   T29] audit: type=1326 audit(2000000453.204:74401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28618 comm="syz.5.8373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f721eb8efc9 code=0x7ffc0000
[  493.056519][   T29] audit: type=1326 audit(2000000453.204:74402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28618 comm="syz.5.8373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721eb8efc9 code=0x7ffc0000
[  493.080104][   T29] audit: type=1326 audit(2000000453.204:74403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28618 comm="syz.5.8373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721eb8efc9 code=0x7ffc0000
[  493.121437][T28625] ip6t_srh: unknown srh match flags  4000
[  493.129910][T28625] 9pnet_fd: Insufficient options for proto=fd
[  493.172007][   T31] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  493.181872][   T31] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  493.191232][   T31] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  493.204754][   T31] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  493.242805][T28634] lo speed is unknown, defaulting to 1000
[  493.287288][T28643] netlink: 'syz.3.8343': attribute type 4 has an invalid length.
[  493.329251][T28645] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8379'.
[  493.351951][T28648] batadv1: entered promiscuous mode
[  493.357174][T28648] batadv1: entered allmulticast mode
[  493.490449][T28643] cgroup: Need name or subsystem set
[  493.790418][   T31] batadv0: left promiscuous mode
[  493.795516][   T31] bridge0: port 5(batadv0) entered disabled state
[  493.806964][   T31] batadv2: left promiscuous mode
[  493.812175][   T31] bridge0: port 4(batadv2) entered disabled state
[  493.875820][   T31] batadv1: left promiscuous mode
[  493.880955][   T31] bridge0: port 3(batadv1) entered disabled state
[  493.889355][T28683] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8384'.
[  494.074272][   T31] bridge_slave_1: left promiscuous mode
[  494.079932][   T31] bridge0: port 2(bridge_slave_1) entered disabled state
[  494.105560][T28684] netlink: 32 bytes leftover after parsing attributes in process `syz.2.8384'.
[  494.105671][   T31] bridge_slave_0: left promiscuous mode
[  494.120261][   T31] bridge0: port 1(bridge_slave_0) entered disabled state
[  494.266006][   T31] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  494.297452][   T31] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  494.302745][T28696] siw: device registration error -23
[  494.321129][   T31] bond0 (unregistering): Released all slaves
[  494.733702][T28713] lo speed is unknown, defaulting to 1000
[  494.844545][T28758] FAULT_INJECTION: forcing a failure.
[  494.844545][T28758] name failslab, interval 1, probability 0, space 0, times 0
[  494.854696][ T3509] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  494.857234][T28758] CPU: 1 UID: 0 PID: 28758 Comm: syz.0.8393 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  494.857291][T28758] Tainted: [W]=WARN
[  494.857297][T28758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  494.857309][T28758] Call Trace:
[  494.857315][T28758]  <TASK>
[  494.857323][T28758]  __dump_stack+0x1d/0x30
[  494.857344][T28758]  dump_stack_lvl+0xe8/0x140
[  494.857363][T28758]  dump_stack+0x15/0x1b
[  494.857459][T28758]  should_fail_ex+0x265/0x280
[  494.857477][T28758]  should_failslab+0x8c/0xb0
[  494.857502][T28758]  __kmalloc_noprof+0xa5/0x570
[  494.857528][T28758]  ? copy_splice_read+0xc2/0x660
[  494.857647][T28758]  copy_splice_read+0xc2/0x660
[  494.857704][T28758]  ? __pfx_copy_splice_read+0x10/0x10
[  494.857725][T28758]  splice_direct_to_actor+0x26f/0x680
[  494.857747][T28758]  ? __pfx_direct_splice_actor+0x10/0x10
[  494.857771][T28758]  do_splice_direct+0xda/0x150
[  494.857847][T28758]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  494.857872][T28758]  vfs_copy_file_range+0x9a1/0xf30
[  494.857904][T28758]  __se_sys_copy_file_range+0x269/0x3b0
[  494.857996][T28758]  __x64_sys_copy_file_range+0x78/0x90
[  494.858060][T28758]  x64_sys_call+0x2c38/0x3000
[  494.858090][T28758]  do_syscall_64+0xd2/0x200
[  494.858123][T28758]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  494.858148][T28758]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  494.858180][T28758]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.858317][T28758] RIP: 0033:0x7f3fd695efc9
[  494.858332][T28758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  494.858349][T28758] RSP: 002b:00007f3fd53bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
[  494.858367][T28758] RAX: ffffffffffffffda RBX: 00007f3fd6bb5fa0 RCX: 00007f3fd695efc9
[  494.858380][T28758] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000006
[  494.858467][T28758] RBP: 00007f3fd53bf090 R08: 0000000000000003 R09: 0000000000000000
[  494.858479][T28758] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001
[  494.858491][T28758] R13: 00007f3fd6bb6038 R14: 00007f3fd6bb5fa0 R15: 00007ffcc7036c98
[  494.858508][T28758]  </TASK>
[  494.859670][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  495.180722][T28771] netlink: 'syz.0.8397': attribute type 4 has an invalid length.
[  495.228721][T28774] batadv1: entered promiscuous mode
[  495.233943][T28774] batadv1: entered allmulticast mode
[  495.408824][T28789] batadv1: entered promiscuous mode
[  495.414081][T28789] batadv1: entered allmulticast mode
[  495.496944][T28799] cgroup: Need name or subsystem set
[  495.682985][T28803] lo speed is unknown, defaulting to 1000
[  495.923412][T28838] lo speed is unknown, defaulting to 1000
[  496.795347][T28889] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8417'.
[  496.821553][T28889] netlink: 32 bytes leftover after parsing attributes in process `syz.0.8417'.
[  496.927891][T28895] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8420'.
[  496.928542][T28904] netlink: 'syz.0.8424': attribute type 4 has an invalid length.
[  496.948257][T28895] xt_CT: You must specify a L4 protocol and not use inversions on it
[  497.062233][T28802] syz.3.8403 (28802) used greatest stack depth: 7048 bytes left
[  497.103513][T28907] veth0_vlan: entered allmulticast mode
[  497.197103][T28913] cgroup: Need name or subsystem set
[  497.208599][T28911] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) !
[  497.814754][   T29] kauditd_printk_skb: 154 callbacks suppressed
[  497.814820][   T29] audit: type=1400 audit(2000000458.327:74558): avc:  denied  { write } for  pid=28938 comm="syz.2.8435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  497.873468][   T29] audit: type=1400 audit(2000000458.358:74559): avc:  denied  { read } for  pid=28938 comm="syz.2.8435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  497.934578][   T29] audit: type=1326 audit(2000000458.463:74560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28952 comm="syz.1.8439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  497.958200][   T29] audit: type=1326 audit(2000000458.463:74561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28952 comm="syz.1.8439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  497.981869][   T29] audit: type=1326 audit(2000000458.463:74562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28952 comm="syz.1.8439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  498.005718][   T29] audit: type=1326 audit(2000000458.463:74563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28952 comm="syz.1.8439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  498.029517][   T29] audit: type=1326 audit(2000000458.463:74564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28952 comm="syz.1.8439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  498.053085][   T29] audit: type=1326 audit(2000000458.463:74565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28952 comm="syz.1.8439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  498.076636][   T29] audit: type=1326 audit(2000000458.463:74566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28952 comm="syz.1.8439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  498.100441][   T29] audit: type=1326 audit(2000000458.463:74567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28952 comm="syz.1.8439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=241 compat=0 ip=0x7f4c8c33efc9 code=0x7ffc0000
[  498.178288][T28963] ip6t_srh: unknown srh match flags  4000
[  498.186235][T28963] 9pnet_fd: Insufficient options for proto=fd
[  498.209829][T28967] netlink: 'syz.5.8445': attribute type 4 has an invalid length.
[  498.418637][T28974] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) !
[  498.454155][T28977] cgroup: Need name or subsystem set
[  498.837338][T28993] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  498.845803][T28993] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  499.051925][T10897] Bluetooth: hci1: Frame reassembly failed (-84)
[  499.340644][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811a694e00: rx timeout, send abort
[  499.366782][T29034] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8471'.
[  499.376378][T29034] netlink: 32 bytes leftover after parsing attributes in process `syz.0.8471'.
[  499.816623][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811a70ce00: rx timeout, send abort
[  499.825175][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811a694e00: abort rx timeout. Force session deactivation
[  499.862953][T29074] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  499.869524][T29074] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  499.877042][T29074] vhci_hcd vhci_hcd.0: Device attached
[  499.882954][T29075] vhci_hcd: connection closed
[  499.883117][ T1000] vhci_hcd: stop threads
[  499.892081][ T1000] vhci_hcd: release socket
[  499.893714][ T3509] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  499.896577][ T1000] vhci_hcd: disconnect device
crond[3106]: time disparity of -33333331 minutes detected

[  500.301234][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811a70ce00: abort rx timeout. Force session deactivation
[  500.501412][T29114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  500.505488][T29119] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8506'.
[  500.532680][T29114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  500.600041][T29123] lo speed is unknown, defaulting to 1000
[  500.609875][T29126] lo speed is unknown, defaulting to 1000
[  500.663623][T29145] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8512'.
[  500.965130][T29209] ip6t_srh: unknown srh match flags  4000
[  500.973811][T29209] 9pnet_fd: Insufficient options for proto=fd
[  501.036705][ T4167] Bluetooth: hci1: command 0x1003 tx timeout
[  501.041673][T29220] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) !
[  501.042737][   T44] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  501.151762][T29225] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) !
[  501.546832][T29240] netlink: 'syz.0.8535': attribute type 4 has an invalid length.
[  501.586401][T29242] ip6t_srh: unknown srh match flags  4000
[  501.594272][T29242] 9pnet_fd: Insufficient options for proto=fd
[  501.780800][T29251] cgroup: Need name or subsystem set
[  501.871713][T29259] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8540'.
[  502.100676][T29272] netlink: 'syz.5.8545': attribute type 13 has an invalid length.
[  502.108552][T29272] netlink: 24859 bytes leftover after parsing attributes in process `syz.5.8545'.
[  502.158547][T29278] ip6t_srh: unknown srh match flags  4000
[  502.167819][T29278] 9pnet_fd: Insufficient options for proto=fd
[  502.399159][T29288] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) !
[  502.498232][T29300] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8555'.
[  502.906861][T29303] batadv1: entered promiscuous mode
[  502.912115][T29303] batadv1: entered allmulticast mode
[  502.930065][T29303] 8021q: adding VLAN 0 to HW filter on device batadv1
[  503.031897][T29310] ip6t_srh: unknown srh match flags  4000
[  503.048083][T29310] 9pnet_fd: Insufficient options for proto=fd
[  503.175981][   T29] kauditd_printk_skb: 358 callbacks suppressed
[  503.176049][   T29] audit: type=1400 audit(520.192:74926): avc:  denied  { sys_module } for  pid=29318 comm="syz.1.8561" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  503.228649][T29319] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8561'.
[  503.255815][T29325] netlink: 'syz.3.8562': attribute type 4 has an invalid length.
[  503.437253][T29334] lo speed is unknown, defaulting to 1000
[  503.446545][T29338] cgroup: Need name or subsystem set
[  503.973983][T29379] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8575'.
[  504.075908][ T4167] Bluetooth: hci0: command 0x1003 tx timeout
[  504.095393][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  504.119046][   T29] audit: type=1326 audit(521.179:74927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29327 comm="syz.0.8565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7fc00000
[  504.221306][   T29] audit: type=1326 audit(521.295:74928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29387 comm="syz.0.8578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  504.244352][   T29] audit: type=1326 audit(521.295:74929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29387 comm="syz.0.8578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  504.267349][   T29] audit: type=1326 audit(521.295:74930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29387 comm="syz.0.8578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  504.290361][   T29] audit: type=1326 audit(521.295:74931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29387 comm="syz.0.8578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  504.313366][   T29] audit: type=1326 audit(521.295:74932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29387 comm="syz.0.8578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  504.323182][T29391] netlink: 'syz.0.8579': attribute type 21 has an invalid length.
[  504.409400][T29388] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8577'.
[  504.418841][T29388] bridge_slave_1: left allmulticast mode
[  504.424479][T29388] bridge_slave_1: left promiscuous mode
[  504.430209][T29388] bridge0: port 2(bridge_slave_1) entered disabled state
[  504.458202][T29388] bridge_slave_0: left allmulticast mode
[  504.463876][T29388] bridge_slave_0: left promiscuous mode
[  504.469623][T29388] bridge0: port 1(bridge_slave_0) entered disabled state
[  504.494656][   T29] audit: type=1326 audit(521.295:74933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29387 comm="syz.0.8578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  504.517856][   T29] audit: type=1326 audit(521.295:74934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29387 comm="syz.0.8578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  504.540848][   T29] audit: type=1326 audit(521.295:74935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29387 comm="syz.0.8578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  504.914581][T29416] siw: device registration error -23
[  505.071671][T29443] netlink: 'syz.1.8590': attribute type 21 has an invalid length.
[  505.136988][ T1000] Bluetooth: hci0: Frame reassembly failed (-84)
[  505.168467][T29451] lo speed is unknown, defaulting to 1000
[  505.805254][T29427] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  505.960412][T29490] ip6t_srh: unknown srh match flags  4000
[  505.969115][T29490] 9pnet_fd: Insufficient options for proto=fd
[  506.304166][T29508] netlink: 'syz.2.8600': attribute type 4 has an invalid length.
[  506.545361][T29510] cgroup: Need name or subsystem set
[  507.054588][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  507.352589][T29522] lo speed is unknown, defaulting to 1000
[  507.638307][T29539] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8605'.
[  507.748965][T29539] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8605'.
[  507.795298][T29552] bond0: (slave bond_slave_0): Releasing backup interface
[  507.829598][T29552] bond0: (slave bond_slave_1): Releasing backup interface
[  507.865060][T29552] team0: Port device team_slave_0 removed
[  507.881158][T29552] team0: Port device team_slave_1 removed
[  507.900129][T29552] batman_adv: batadv0: Removing interface: batadv_slave_0
[  507.919869][T29552] batman_adv: batadv0: Removing interface: batadv_slave_1
[  507.968408][T29552] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  508.011921][T29554] team0: Mode changed to "activebackup"
[  508.057121][   T29] kauditd_printk_skb: 278 callbacks suppressed
[  508.057138][   T29] audit: type=1326 audit(525.315:75214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29518 comm="syz.2.8603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41a167efc9 code=0x7fc00000
[  508.237970][T29560] ip6t_srh: unknown srh match flags  4000
[  508.344176][T29558] 9pnet_fd: Insufficient options for proto=fd
[  508.550058][T29562] lo speed is unknown, defaulting to 1000
[  508.619867][T29572] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8612'.
[  508.832383][T29595] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) !
[  508.994947][T29608] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4)
[  509.001530][T29608] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  509.009147][T29608] vhci_hcd vhci_hcd.0: Device attached
[  509.026728][T29609] vhci_hcd: connection closed
[  509.026945][T10896] vhci_hcd: stop threads
[  509.036028][T10896] vhci_hcd: release socket
[  509.040491][T10896] vhci_hcd: disconnect device
[  509.145698][T29612] cgroup: Need name or subsystem set
[  509.278994][   T29] audit: type=1400 audit(526.355:75215): avc:  denied  { execute } for  pid=29568 comm="syz.2.8612" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=101171 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  509.778123][T29627] netlink: 'syz.0.8620': attribute type 21 has an invalid length.
[  509.790109][   T29] audit: type=1326 audit(527.142:75216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29626 comm="syz.0.8620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  509.813230][   T29] audit: type=1326 audit(527.142:75217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29626 comm="syz.0.8620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  509.836213][   T29] audit: type=1326 audit(527.142:75218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29626 comm="syz.0.8620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  509.859045][   T29] audit: type=1326 audit(527.142:75219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29626 comm="syz.0.8620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  509.882023][   T29] audit: type=1326 audit(527.142:75220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29626 comm="syz.0.8620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  509.905074][   T29] audit: type=1326 audit(527.142:75221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29626 comm="syz.0.8620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  509.948441][   T29] audit: type=1326 audit(527.142:75222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29626 comm="syz.0.8620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  509.971464][   T29] audit: type=1326 audit(527.142:75223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29626 comm="syz.0.8620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  510.110444][T29650] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  510.117060][T29650] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  510.123350][T29649] ip6t_srh: unknown srh match flags  4000
[  510.124741][T29650] vhci_hcd vhci_hcd.0: Device attached
[  510.138863][T29652] vhci_hcd: connection closed
[  510.139227][T10899] vhci_hcd: stop threads
[  510.141974][T29649] 9pnet_fd: Insufficient options for proto=fd
[  510.144147][T10899] vhci_hcd: release socket
[  510.144156][T10899] vhci_hcd: disconnect device
[  510.277226][T29671] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8630'.
[  510.355041][T29683] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  510.361604][T29683] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  510.369147][T29683] vhci_hcd vhci_hcd.0: Device attached
[  510.475825][T29688] cgroup: Need name or subsystem set
[  510.501728][T29685] vhci_hcd: connection closed
[  510.787052][T10899] vhci_hcd: stop threads
[  510.796061][T10899] vhci_hcd: release socket
[  510.800465][T10899] vhci_hcd: disconnect device
[  510.841239][T29701] netlink: 'syz.0.8641': attribute type 21 has an invalid length.
[  510.868629][T29703] ip6t_srh: unknown srh match flags  4000
[  510.888067][T29703] 9pnet_fd: Insufficient options for proto=fd
[  510.906100][T29705] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) !
[  510.946223][T29713] batadv1: entered promiscuous mode
[  510.951481][T29713] batadv1: entered allmulticast mode
[  511.187034][T29755] lo speed is unknown, defaulting to 1000
[  511.353545][T29783] ip6t_srh: unknown srh match flags  4000
[  511.361071][T29783] 9pnet_fd: Insufficient options for proto=fd
[  511.637272][T29807] cgroup: Need name or subsystem set
[  511.862420][T29812] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8661'.
[  511.899990][T29812] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8661'.
[  511.985057][T29817] ip6t_srh: unknown srh match flags  4000
[  511.995406][T29817] 9pnet_fd: Insufficient options for proto=fd
[  512.164164][T29840] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) !
[  512.390363][T29858] ip6t_srh: unknown srh match flags  4000
[  512.398926][T29858] 9pnet_fd: Insufficient options for proto=fd
[  512.533283][T29870] batadv1: entered promiscuous mode
[  512.538631][T29870] batadv1: entered allmulticast mode
[  512.675281][T29877] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8680'.
[  512.947185][T29887] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8682'.
[  513.077585][T29898] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  513.198479][T29910] batadv1: entered promiscuous mode
[  513.203750][T29910] batadv1: entered allmulticast mode
[  513.342502][T29920] smc: net device bond0 applied user defined pnetid SYZ0
[  513.413174][T29922] smc: net device bond0 erased user defined pnetid SYZ0
[  513.578916][T29929] netlink: 'syz.3.8694': attribute type 12 has an invalid length.
[  513.663805][T29941] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8695'.
[  513.680021][   T29] kauditd_printk_skb: 610 callbacks suppressed
[  513.680038][   T29] audit: type=1326 audit(531.068:75834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29894 comm="syz.5.8685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721eb8efc9 code=0x7ffc0000
[  513.709258][   T29] audit: type=1326 audit(531.068:75835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29894 comm="syz.5.8685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721eb8efc9 code=0x7ffc0000
[  513.732359][   T29] audit: type=1326 audit(531.068:75836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29894 comm="syz.5.8685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f721eb8efc9 code=0x7ffc0000
[  513.755480][   T29] audit: type=1326 audit(531.068:75837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29894 comm="syz.5.8685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721eb8efc9 code=0x7ffc0000
[  513.778711][   T29] audit: type=1326 audit(531.068:75838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29894 comm="syz.5.8685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721eb8efc9 code=0x7ffc0000
[  513.801699][   T29] audit: type=1400 audit(531.121:75839): avc:  denied  { connect } for  pid=29928 comm="syz.3.8694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  513.920242][T29953] smc: net device bond0 applied user defined pnetid SYZ0
[  513.935046][T29953] smc: net device bond0 erased user defined pnetid SYZ0
[  513.952180][T29954] smc: net device bond0 applied user defined pnetid SYZ0
[  513.962640][T29956] team0: No ports can be present during mode change
[  513.973567][T29954] smc: net device bond0 erased user defined pnetid SYZ0
[  514.001411][   T29] audit: type=1326 audit(531.551:75840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29959 comm="syz.0.8706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  514.053349][T29958] ip6t_srh: unknown srh match flags  4000
[  514.069265][T29958] 9pnet_fd: Insufficient options for proto=fd
[  514.075591][   T29] audit: type=1326 audit(531.593:75841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29959 comm="syz.0.8706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  514.098671][   T29] audit: type=1326 audit(531.593:75842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29959 comm="syz.0.8706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  514.101420][T29967] netlink: 36 bytes leftover after parsing attributes in process `syz.2.8707'.
[  514.121698][   T29] audit: type=1326 audit(531.593:75843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29959 comm="syz.0.8706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd695efc9 code=0x7ffc0000
[  514.251075][T29984] FAULT_INJECTION: forcing a failure.
[  514.251075][T29984] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  514.264197][T29984] CPU: 1 UID: 0 PID: 29984 Comm: syz.1.8713 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  514.264226][T29984] Tainted: [W]=WARN
[  514.264264][T29984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  514.264275][T29984] Call Trace:
[  514.264282][T29984]  <TASK>
[  514.264290][T29984]  __dump_stack+0x1d/0x30
[  514.264312][T29984]  dump_stack_lvl+0xe8/0x140
[  514.264335][T29984]  dump_stack+0x15/0x1b
[  514.264400][T29984]  should_fail_ex+0x265/0x280
[  514.264420][T29984]  should_fail+0xb/0x20
[  514.264449][T29984]  should_fail_usercopy+0x1a/0x20
[  514.264465][T29984]  _copy_from_user+0x1c/0xb0
[  514.264527][T29984]  ___sys_sendmsg+0xc1/0x1d0
[  514.264564][T29984]  __x64_sys_sendmsg+0xd4/0x160
[  514.264652][T29984]  x64_sys_call+0x191e/0x3000
[  514.264672][T29984]  do_syscall_64+0xd2/0x200
[  514.264689][T29984]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  514.264804][T29984]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  514.264894][T29984]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  514.264910][T29984] RIP: 0033:0x7f4c8c33efc9
[  514.264922][T29984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  514.264936][T29984] RSP: 002b:00007f4c8ada7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  514.264952][T29984] RAX: ffffffffffffffda RBX: 00007f4c8c595fa0 RCX: 00007f4c8c33efc9
[  514.264962][T29984] RDX: 0000000020000004 RSI: 00002000000004c0 RDI: 0000000000000006
[  514.265020][T29984] RBP: 00007f4c8ada7090 R08: 0000000000000000 R09: 0000000000000000
[  514.265030][T29984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  514.265040][T29984] R13: 00007f4c8c596038 R14: 00007f4c8c595fa0 R15: 00007fff2f280ae8
[  514.265055][T29984]  </TASK>
[  514.300453][T29972] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8710'.
[  514.505410][T29992] smc: net device bond0 applied user defined pnetid SYZ0
[  514.512990][T29992] smc: net device bond0 erased user defined pnetid SYZ0
[  514.539549][T29997] siw: device registration error -23
[  514.811070][T30007] siw: device registration error -23
[  515.625928][T30030] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8726'.
[  515.639054][T30034] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  515.645579][T30034] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  515.653100][T30034] vhci_hcd vhci_hcd.0: Device attached
[  515.689641][T30035] vhci_hcd: connection closed
[  515.689766][T10896] vhci_hcd: stop threads
[  515.698866][T10896] vhci_hcd: release socket
[  515.703267][T10896] vhci_hcd: disconnect device
[  515.795337][T30043] FAULT_INJECTION: forcing a failure.
[  515.795337][T30043] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  515.808454][T30043] CPU: 0 UID: 0 PID: 30043 Comm: syz.5.8730 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  515.808566][T30043] Tainted: [W]=WARN
[  515.808573][T30043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  515.808586][T30043] Call Trace:
[  515.808594][T30043]  <TASK>
[  515.808606][T30043]  __dump_stack+0x1d/0x30
[  515.808626][T30043]  dump_stack_lvl+0xe8/0x140
[  515.808721][T30043]  dump_stack+0x15/0x1b
[  515.808739][T30043]  should_fail_ex+0x265/0x280
[  515.808758][T30043]  should_fail+0xb/0x20
[  515.808772][T30043]  should_fail_usercopy+0x1a/0x20
[  515.808861][T30043]  _copy_from_iter+0xd2/0xe80
[  515.808881][T30043]  ? __build_skb_around+0x1ab/0x200
[  515.808976][T30043]  ? __alloc_skb+0x223/0x320
[  515.809004][T30043]  netlink_sendmsg+0x471/0x6b0
[  515.809034][T30043]  ? __pfx_netlink_sendmsg+0x10/0x10
[  515.809053][T30043]  __sock_sendmsg+0x145/0x180
[  515.809077][T30043]  sock_write_iter+0x1a7/0x1f0
[  515.809103][T30043]  ? __pfx_sock_write_iter+0x10/0x10
[  515.809203][T30043]  vfs_write+0x52a/0x960
[  515.809238][T30043]  ksys_write+0xda/0x1a0
[  515.809317][T30043]  __x64_sys_write+0x40/0x50
[  515.809353][T30043]  x64_sys_call+0x2802/0x3000
[  515.809375][T30043]  do_syscall_64+0xd2/0x200
[  515.809394][T30043]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  515.809420][T30043]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  515.809467][T30043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.809555][T30043] RIP: 0033:0x7f721eb8efc9
[  515.809571][T30043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  515.809589][T30043] RSP: 002b:00007f721d5ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  515.809629][T30043] RAX: ffffffffffffffda RBX: 00007f721ede5fa0 RCX: 00007f721eb8efc9
[  515.809642][T30043] RDX: 0000000000000024 RSI: 0000200000000000 RDI: 0000000000000003
[  515.809655][T30043] RBP: 00007f721d5ef090 R08: 0000000000000000 R09: 0000000000000000
[  515.809668][T30043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  515.809738][T30043] R13: 00007f721ede6038 R14: 00007f721ede5fa0 R15: 00007ffcda42f1d8
[  515.809757][T30043]  </TASK>
[  516.151348][T30015] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  516.278218][T30058] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  516.732712][T30090] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8743'.
[  516.747695][T30090] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8743'.
[  516.793253][T30093] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8745'.
[  516.871483][T30105] serio: Serial port ptm0
[  516.888178][T30094] lo speed is unknown, defaulting to 1000
[  516.937949][T30130] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8748'.
[  516.982407][T30094] chnl_net:caif_netlink_parms(): no params data found
[  516.999435][T30217] serio: Serial port ptm1
[  517.040613][T30094] bridge0: port 1(bridge_slave_0) entered blocking state
[  517.047744][T30094] bridge0: port 1(bridge_slave_0) entered disabled state
[  517.055379][T30094] bridge_slave_0: entered allmulticast mode
[  517.061940][T30094] bridge_slave_0: entered promiscuous mode
[  517.069783][T30094] bridge0: port 2(bridge_slave_1) entered blocking state
[  517.076829][T30094] bridge0: port 2(bridge_slave_1) entered disabled state
[  517.084097][T30094] bridge_slave_1: entered allmulticast mode
[  517.090543][T30094] bridge_slave_1: entered promiscuous mode
[  517.110392][T30094] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  517.132762][T30094] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  517.165723][T10897] bond0 (unregistering): Released all slaves
[  517.174250][T30094] team0: Port device team_slave_0 added
[  517.180915][T30094] team0: Port device team_slave_1 added
[  517.198625][T30094] batman_adv: batadv0: Adding interface: batadv_slave_0
[  517.205704][T30094] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  517.231739][T30094] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  517.244924][T30094] batman_adv: batadv0: Adding interface: batadv_slave_1
[  517.251992][T30094] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  517.277898][T30094] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  517.317854][T30094] hsr_slave_0: entered promiscuous mode
[  517.323992][T30094] hsr_slave_1: entered promiscuous mode
[  517.330169][T30094] debugfs: 'hsr0' already exists in 'hsr'
[  517.335934][T30094] Cannot create hsr debugfs directory
[  517.345730][T10897] hsr_slave_0: left promiscuous mode
[  517.354623][T10897] hsr_slave_1: left promiscuous mode
[  517.435752][T10899] ==================================================================
[  517.443854][T10899] BUG: KCSAN: data-race in alloc_pid / copy_process
[  517.450431][T10899] 
[  517.452734][T10899] read-write to 0xffffffff8685feb8 of 4 bytes by task 10896 on cpu 1:
[  517.460860][T10899]  alloc_pid+0x539/0x720
[  517.465081][T10899]  copy_process+0xe25/0x2000
[  517.469670][T10899]  kernel_clone+0x16c/0x5c0
[  517.474159][T10899]  user_mode_thread+0x7d/0xb0
[  517.478994][T10899]  call_usermodehelper_exec_work+0x41/0x160
[  517.484867][T10899]  process_scheduled_works+0x4ce/0x9d0
[  517.490312][T10899]  worker_thread+0x582/0x770
[  517.494889][T10899]  kthread+0x489/0x510
[  517.498949][T10899]  ret_from_fork+0x122/0x1b0
[  517.503573][T10899]  ret_from_fork_asm+0x1a/0x30
[  517.508319][T10899] 
[  517.510622][T10899] read to 0xffffffff8685feb8 of 4 bytes by task 10899 on cpu 0:
[  517.518227][T10899]  copy_process+0x17fc/0x2000
[  517.522898][T10899]  kernel_clone+0x16c/0x5c0
[  517.527390][T10899]  user_mode_thread+0x7d/0xb0
[  517.532052][T10899]  call_usermodehelper_exec_work+0x41/0x160
[  517.537924][T10899]  process_scheduled_works+0x4ce/0x9d0
[  517.543371][T10899]  worker_thread+0x582/0x770
[  517.547951][T10899]  kthread+0x489/0x510
[  517.552018][T10899]  ret_from_fork+0x122/0x1b0
[  517.556614][T10899]  ret_from_fork_asm+0x1a/0x30
[  517.561367][T10899] 
[  517.563672][T10899] value changed: 0x800000f3 -> 0x800000f4
[  517.569368][T10899] 
[  517.571671][T10899] Reported by Kernel Concurrency Sanitizer on:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  517.577810][T10899] CPU: 0 UID: 0 PID: 10899 Comm: kworker/u8:11 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  517.589439][T10899] Tainted: [W]=WARN
[  517.593218][T10899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  517.603254][T10899] Workqueue: events_unbound call_usermodehelper_exec_work
[  517.610354][T10899] ==================================================================
[  517.911066][T10897] IPVS: stop unused estimator thread 0...
[  517.949454][T10897] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  518.004773][T10897] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  518.061568][T10897] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  518.118716][T10897] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  518.435558][T10897] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  518.481044][T10897] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  518.518711][T10897] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  518.575855][T10897] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  518.816421][T10897] bridge_slave_1: left allmulticast mode
[  518.822086][T10897] bridge_slave_1: left promiscuous mode
[  518.827681][T10897] bridge0: port 2(bridge_slave_1) entered disabled state
[  518.835336][T10897] bridge_slave_0: left allmulticast mode
[  518.841001][T10897] bridge_slave_0: left promiscuous mode
[  518.846615][T10897] bridge0: port 1(bridge_slave_0) entered disabled state
[  518.899574][T10897] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  518.909265][T10897] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  518.919089][T10897] bond0 (unregistering): Released all slaves
[  518.994337][T10897] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  519.003697][T10897] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  519.012797][T10897] bond0 (unregistering): Released all slaves
[  519.020889][T10897] bond1 (unregistering): Released all slaves
[  519.041832][T10897] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  519.051532][T10897] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  519.061200][T10897] bond0 (unregistering): Released all slaves
[  519.071010][T10897] bond1 (unregistering): (slave ip6gretap1): Releasing active interface
[  519.079392][T10897] ip6gretap1 (unregistering): left allmulticast mode
[  519.096779][   T42] smc: removing ib device syz1
[  519.101913][T10897] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  519.111287][T10897] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  519.120214][T10897] bond0 (unregistering): Released all slaves
[  519.127838][T10897] bond1 (unregistering): Released all slaves
[  519.156965][T10897] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  519.166444][T10897] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  519.175664][T10897] bond0 (unregistering): Released all slaves
[  519.314004][T10897] hsr_slave_0: left promiscuous mode
[  519.319761][T10897] hsr_slave_1: left promiscuous mode
[  519.325330][T10897] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  519.332749][T10897] batman_adv: batadv0: Removing interface: batadv_slave_0
[  519.340269][T10897] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  519.347653][T10897] batman_adv: batadv0: Removing interface: batadv_slave_1
[  519.357482][T10897] hsr_slave_0: left promiscuous mode
[  519.363164][T10897] hsr_slave_1: left promiscuous mode
[  519.368675][T10897] batman_adv: batadv0: Removing interface: batadv_slave_0
[  519.377671][T10897] hsr_slave_0: left promiscuous mode
[  519.383281][T10897] hsr_slave_1: left promiscuous mode
[  519.388821][T10897] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  519.396262][T10897] batman_adv: batadv0: Removing interface: batadv_slave_0
[  519.403807][T10897] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  519.411160][T10897] batman_adv: batadv0: Removing interface: batadv_slave_1
[  519.420240][T10897] hsr_slave_0: left promiscuous mode
[  519.425887][T10897] hsr_slave_1: left promiscuous mode
[  519.431525][T10897] batman_adv: batadv0: Removing interface: batadv_slave_0
[  519.438960][T10897] batman_adv: batadv0: Removing interface: batadv_slave_1
[  519.446309][T10897] hsr_slave_0: left promiscuous mode
[  519.451986][T10897] hsr_slave_1: left promiscuous mode
[  519.457541][T10897] batman_adv: batadv0: Removing interface: batadv_slave_0
[  519.464962][T10897] batman_adv: batadv0: Removing interface: batadv_slave_1
[  519.477044][T10897] veth1_vlan: left promiscuous mode
[  519.482741][T10897] veth1_macvtap: left promiscuous mode
[  519.488223][T10897] veth0_macvtap: left promiscuous mode
[  519.493774][T10897] veth1_vlan: left promiscuous mode
[  519.498992][T10897] veth0_vlan: left promiscuous mode
[  519.564902][T10897] team0 (unregistering): Port device team_slave_1 removed
[  519.574072][T10897] team0 (unregistering): Port device team_slave_0 removed
[  519.624101][T10897] team0 (unregistering): Port device team_slave_1 removed
[  519.633381][T10897] team0 (unregistering): Port device team_slave_0 removed
[  519.678385][T10897] team0 (unregistering): Port device team_slave_1 removed
[  519.687280][T10897] team0 (unregistering): Port device team_slave_0 removed
[  519.733999][T10897] team0 (unregistering): Port device team_slave_1 removed
[  519.743047][T10897] team0 (unregistering): Port device team_slave_0 removed
[  519.778865][T10897] team0 (unregistering): Port device team_slave_1 removed
[  519.788234][T10897] team0 (unregistering): Port device team_slave_0 removed