last executing test programs:

5m10.147667703s ago: executing program 3 (id=4469):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40041}, 0x200000c0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bf"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_wakeup_irq', 0x0, 0xb)
r4 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000000140)={r3, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000000206010200000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a32000000000500040000000000140007800800124000000000050015002200000005000500020000000500010006"], 0x64}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000080000085000000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x387131d88c629875, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r6, 0x0, 0xfffffffffffffffd}, 0x18)
sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)={0x1c, 0x3, 0x6, 0x401, 0x0, 0x0, {0x7}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x10)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x80000001}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000740)=@bpf_tracing={0x1a, 0x18, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x1}, [@printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8ee0}}, @map_idx={0x18, 0x2, 0x5, 0x0, 0x3}, @jmp={0x5, 0x1, 0x2, 0xa, 0x8, 0x1, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xc}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xd42}}]}, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0xcc, &(0x7f0000000580)=""/204, 0x41000, 0x2, '\x00', 0x0, 0x18, r3, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000003c0)={0x5, 0xe, 0x10000, 0x5}, 0x10, 0xc82a, r2, 0x5, &(0x7f0000000680)=[r7], &(0x7f00000006c0)=[{0x2, 0x5, 0x9, 0xa}, {0x3, 0x4, 0xe, 0x8}, {0x5, 0x3, 0x4}, {0x4, 0x2, 0x0, 0x1}, {0x1, 0x4, 0xc, 0xb}], 0x10, 0x281d}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x0, 0x10040, 0x8f})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50)
r8 = syz_io_uring_setup(0x3c0c, &(0x7f0000000400)={0x0, 0xc890, 0x4000}, 0x0, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0)
close(r9)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000004000000000000000000000085000000bc000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_io_uring_setup(0x3b3d, &(0x7f0000000100)={0x0, 0x9665, 0x2082, 0x2, 0x230, 0x0, r8}, &(0x7f0000000000), &(0x7f0000000080))
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x3}, &(0x7f0000001fee)='R\x10rust\xe3c*s\xa8rVid:\xc4e', 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@ptr={0xa}]}, {0x0, [0x0, 0x0, 0x0, 0x5f, 0x2e, 0x61]}}, 0x0, 0x2c}, 0x28)

5m10.014837523s ago: executing program 3 (id=4473):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x120)
write$P9_RREADLINK(r1, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0001000000000000b7c8a90fc55a5c62071f2a8af8ff00000000bfa2b7030000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095721a25ed2d6cd01f3f85ae1b4867e177"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @netfilter, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x7fff}, 0x18)
r4 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x0, 0x0)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r4, 0x84, 0xc, &(0x7f0000000040)=0x4, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000200), &(0x7f0000000240)=r2}, 0x20)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000140)={0x0, 0x6000, 0x0, 0x200, 0x1}, 0x20)

5m9.798045531s ago: executing program 3 (id=4475):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b000000000000", @ANYRES64, @ANYRES32=0x0, @ANYBLOB='\x00'/10], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="5bfce703025760c2760a241cbe6510c78e9188f00f8f59f88702324d", @ANYRESDEC, @ANYRESDEC, @ANYRESHEX], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00', r0}, 0x3d)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000200)='kmem_cache_free\x00'}, 0x18)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r1, &(0x7f0000000000)={0x23, 0xfe, 0x0, 0x1}, 0x10)
ioctl$SIOCPNENABLEPIPE(r1, 0x89ed, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth0\x00'})
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDDELIO(r3, 0x4b34, 0x3bf)
ioctl$KDDISABIO(r3, 0x4b37)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000240)='asymmetric\x00', &(0x7f00000000c0)=@chain)
keyctl$restrict_keyring(0x1d, 0x0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000000)={'\x00', 0x9, 0x0, 0x3e0, 0x6dc, 0x1})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000000)={0x0, 0x6, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="8000000000010104000000000000000002000000240001801400018008000100e015000108000200e00000010c000280050001000000000024000280140001800800010000000000080002007f0000010c00028005000100000000000800074000000000080003400000100e140004800500014000000000f7e7024000000000"], 0x80}}, 0x0)

5m9.69164205s ago: executing program 3 (id=4478):
socket$inet(0x2, 0x1, 0x0)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0x4}, 0x100b28, 0x6, 0x0, 0x7, 0x8, 0x20005, 0x80, 0x0, 0x0, 0x0, 0x20000009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a3100000000090003007379"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a80000000060a010400000000000000000a0000010900010073797a310000000054000480500001800b00010074617267657400004000028008000240000000012c0003007339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c70000000000000000000000000000000008000100544545000900020073797a320000"], 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)

5m9.56905148s ago: executing program 3 (id=4484):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
rmdir(0x0)

5m9.533864532s ago: executing program 3 (id=4486):
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x208004, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00', @ANYRES64, @ANYRESOCT], 0x1, 0x277, &(0x7f0000000000)="$eJzs3cFqE10UB/CTNm3zdZPA50pcDLhxFZq+wSAVxIAQyaKuGmwL0oTCFAK6sN35Lj6Oj+ETRBAizQSTqaMgto4mvx8Mc8jNH+5kkXsX5yZHD0Znx+cXp4f/f4pGI4l6xFV8jojYiM0oqs2u7cJrVwEA/Gt6vUFa9Ry4W1mWDrYiYue7kf6HSiYEAAAAAAAAAADAbyvt/59EtJb6/2vz+4b+fwBYCfr/V1+WpYPd+f6tSP8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUJ3JdNqc/uSqen4AwO2z/gPA+rH+A8D6mRTW+lpY/wFg9b04fPks7XYPeknSiBi9H/fH/fyej6en8TqGcRJ70Ywvcb0/mMvrJ0+7B3vJTCuORpfz/OW4v1nMd6IZrfJ8J88nxfxW7C7n96MZ98rz+6X57Xj0cCnfjmZ8fBXnMYzjuM4u8u86SfL4efdGfmf2PgAAAAAAAAAAAAAAAAAAAPgT2sk3pef32+0fjef5X/h9gBvn6+txv17tswMAAAAAAAAAAAAAAAAAAMDf4uLN27PBcHiSKW6h+M+nqliRouIvJgAAAAAAAAAAAAAAAAAAWEOLQ79VzwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqrP4//+7K6p+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGA9fA0AAP//C4boJw==") (async)
r0 = socket(0xa, 0x3, 0xff)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0xa00, 0xb) (async)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000280), 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) (async)
setsockopt$inet6_int(r0, 0x29, 0x38, &(0x7f00000000c0)=0x80, 0x4) (async)
syz_emit_ethernet(0x4e, &(0x7f00000020c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900182b01fe800000000000000000000000000025fe8000000000000000000000000000aaff"], 0x0)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002240)=""/17, 0x15}, 0x8e0f}], 0x400029c, 0x40010142, 0x0)

4m53.477760922s ago: executing program 32 (id=4486):
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x208004, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00', @ANYRES64, @ANYRESOCT], 0x1, 0x277, &(0x7f0000000000)="$eJzs3cFqE10UB/CTNm3zdZPA50pcDLhxFZq+wSAVxIAQyaKuGmwL0oTCFAK6sN35Lj6Oj+ETRBAizQSTqaMgto4mvx8Mc8jNH+5kkXsX5yZHD0Znx+cXp4f/f4pGI4l6xFV8jojYiM0oqs2u7cJrVwEA/Gt6vUFa9Ry4W1mWDrYiYue7kf6HSiYEAAAAAAAAAADAbyvt/59EtJb6/2vz+4b+fwBYCfr/V1+WpYPd+f6tSP8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUJ3JdNqc/uSqen4AwO2z/gPA+rH+A8D6mRTW+lpY/wFg9b04fPks7XYPeknSiBi9H/fH/fyej6en8TqGcRJ70Ywvcb0/mMvrJ0+7B3vJTCuORpfz/OW4v1nMd6IZrfJ8J88nxfxW7C7n96MZ98rz+6X57Xj0cCnfjmZ8fBXnMYzjuM4u8u86SfL4efdGfmf2PgAAAAAAAAAAAAAAAAAAAPgT2sk3pef32+0fjef5X/h9gBvn6+txv17tswMAAAAAAAAAAAAAAAAAAMDf4uLN27PBcHiSKW6h+M+nqliRouIvJgAAAAAAAAAAAAAAAAAAWEOLQ79VzwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqrP4//+7K6p+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGA9fA0AAP//C4boJw==") (async)
r0 = socket(0xa, 0x3, 0xff)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0xa00, 0xb) (async)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000280), 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) (async)
setsockopt$inet6_int(r0, 0x29, 0x38, &(0x7f00000000c0)=0x80, 0x4) (async)
syz_emit_ethernet(0x4e, &(0x7f00000020c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900182b01fe800000000000000000000000000025fe8000000000000000000000000000aaff"], 0x0)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002240)=""/17, 0x15}, 0x8e0f}], 0x400029c, 0x40010142, 0x0)

23.541392915s ago: executing program 2 (id=10837):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000180)='./file1\x00', 0xc20d, &(0x7f0000003240)=ANY=[], 0x1, 0x360, &(0x7f0000000400)="$eJzs3c9rM0UYwPEnaZI3yUubHERRkA72opeljZ7FIC0IAUvbiK0gbNuNhqxJyYZqRGx78irePQkeSm8WPBS0/0Av3vQigrdeBA/2oK7sr2azSZo2Jsa3/X6gZDIzz+5OZlKeTbvZy7c//6BWsbSK3pJ4WklMRORKJC9xCcT8x7hbTknYobz0+Pcfn1/fLKe9CrVS3Hi5oJSam//uw08yfrezR3KRf/fyt8KvF09fPHv598b7VUtVLVVvtJSuths/t/Rt01C7VaumKbVqGrplqGrdMppe+zf+dszG3l5b6fXd2exe07Aspdfbqma0VauhWs220t/Tq3WlaZqazQqGKR+vrenFEYN3xnwwmJBms6jPiEimp6V8PJUDAgAAUxXN/+NOSj9K/r8lc6XS8ppyOnfy/5MXzluP3zqd8/P/s1S//P+Vn7xtdeX/zulEJ/9veOcHleH5/5dyh/y/NyN6WEbO//MTOBiMZj7VUxXreubk/1n//es6eudk0S2Q/wMAAAAAAAAAAAAAAAAAAAAA8CS4su2cbdu54DH46VxC4D/HvTRo/h+JSNqZfZv5v8/WN7ck7V6458yx+dl+eb/sPfodzkXEFOMvO8pZG8GVR8qRl+/NAz/+YL8847YUK1J14mVJcpJ311Mo3rZX3igtLymPH399mVI2HF+QnDwVjv/WXZ1OfKE73t9/Sl5cCMVrkpMfdqQhpuy6kZ39f7qk1OtvliLxGbefiPzyn08KAAAAAABjpqlrfc/fNW1Qu/ctI8WK+zGRIYuSkz/7n98v9j0/T+SeS0x79AAAAAAAPAxW++OaLnGj6RZMs18hIwObxlBIdNUkRaRv51SkJnnTlmdCI7zt8aTEu4PJvx3XV8Grepeo4B8pnAO/bvLvqCLhzkHd8C0H43drYonRpyl2KO4COAw3xeUW4YnIwVvzToXq23lh4HaOokMOPjZKDXidZbV3O/EbVkKyp8aOjbYAnvni6z/G9wZ59dSf7Y+Gdz4yDftAbjMpkYKzi96m5ER/6QAAAACYik7SH9S8Fm4O30gkfLMc/nIPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAYTeQr/SKFaY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+L/4JwAA///tT/As")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
recvfrom$inet(r1, &(0x7f00000007c0)=""/151, 0x97, 0x10020, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r2, &(0x7f0000000200)=""/179, 0xb3)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff})
close(0x4)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r3, 0x0, r4, 0x0, 0x80, 0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x2c, r0, 0x10ada85e65c25359, 0xfffffffd, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x9}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8441}, 0x4000000)
sendmsg$TIPC_NL_MEDIA_GET(r5, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000380)={&(0x7f0000000880)={0x1a8, 0x0, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x50, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xeeb8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9b08}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x10001}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xf0bb35d}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_BEARER={0x80, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x4, @local, 0x80000001}}, {0x14, 0x2, @in={0x2, 0x4e22, @loopback}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x5, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x7, @mcast2, 0xfe000000}}}}]}, @TIPC_NLA_NET={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x403}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x200000}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xa3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}]}, @TIPC_NLA_MEDIA={0x64, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x4000000}, 0x494)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x142)
fsetxattr$system_posix_acl(r6, &(0x7f0000000280)='system.posix_acl_default\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="020000000100050000000000040003000000000008000700", @ANYRES32=0x0, @ANYBLOB="100007000000000020"], 0x2c, 0x3)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000080)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000780)={0x80002000})

23.515038716s ago: executing program 2 (id=10838):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000020000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
sendmsg$nl_xfrm(r2, 0x0, 0x2000)

23.46696633s ago: executing program 2 (id=10839):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffff001}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000850}, 0x40)

23.466356981s ago: executing program 2 (id=10840):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'macsec0\x00', <r2=>0x0})
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000001ec0)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6, 0x0, 0xfffffffffffffffd}, 0x18)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x10)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a40)=ANY=[@ANYRESHEX, @ANYBLOB="f9fb788f4fd1a07d6d0c5ae6aa63acd24435c7c2fe1b16d78b8c", @ANYRES16=r7, @ANYRESDEC=r9, @ANYRESDEC=r8, @ANYBLOB="2dc9776107ad224772e654c2975b8e78afd8a8cec88f8883a3d73d23585780a1e5b0f394342b2e0078c18936250d9e48f53dfa4632a21051e6c19a4ed37489ca13d7d945414e3ae8e18d32466f6c7f4c6ceecfbc1b8a3a5cad1e8f5bce984a2f4e4385bb717320638717f90aff41730f5662d87b1e9510a01bf44ed3cde867a24c7ee1a7af239bf8ab", @ANYRESOCT=r3, @ANYRESDEC=r1], 0x44}, 0x1, 0x0, 0x0, 0x8810}, 0x44000)
sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000030605000000000000000000000000000500010007"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000010)
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=@newlink={0x3c, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x1503}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=@getqdisc={0x44, 0x26, 0x400, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x4, 0xfff3}, {0x6, 0xa}, {0x10, 0xe}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000095}, 0x40)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f0000000100)={[{@shortname_mixed}, {@utf8}, {@fat=@fmask={'fmask', 0x3d, 0x36}}, {@uni_xlate}, {@uni_xlateno}, {@fat=@fmask={'fmask', 0x3d, 0xba5}}, {@shortname_lower}, {@uni_xlateno}, {@utf8}, {@fat=@check_strict}, {@utf8no}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x7}}, {@rodir}, {@fat=@flush}, {@fat=@nfs_nostale_ro}, {@rodir}, {}]}, 0x6, 0x2b8, &(0x7f0000000640)="$eJzs3U9rK1UYB+B30mQSdZEsXInggC5cXW7v1k2K3AtiV16yUBdabAvSBKGFgn8wduXWjQsXfgJB8IO48RsIbgV3ViiMzGSmSdqYJtJUvH2eTd+eOb+Zd6aHdrro6Ycvj472szg8++LX6HSSaPSjH+dJ9KIRta9iTv+bAAD+z87zPP7IJ9bJJRHR2VxbAMAGrfbzvzktf7qTtgCADXr67ntv7+zuPn4nyzrxZPT16aD4zb74ODm+cxgfxzAO4mF04yKifFFoRfm2UJRP8jwfN7NCL14bjU8HRXL0wc/V+Xd+jyjz29GNXjl0+bZR5t/afbydTczkx0Ufz1fX7xf5R9GNFy/Dc/lHC/IxSOP1V2f6fxDd+OWj+CSGsV82Mc1/uZ1lb+bf/vn5+0V7RT4Znw7a5bypfOuOvzQAAAAAAAAAAAAAAAAAAAAAADzDHlR757Sj3L+nGKr239m6KD5pRVbrze/PM8kn9Ylm9wfK83ycx/f1/joPsyzLq4nTfDNeas5uLAgAAAAAAAAAAAAAAAAAAAD318mnnx3tDYcHx7dS1LsBNCPir6cR//Y8/ZmRV2L55HZ1zb3hsFGV83OasyOxVc9JIpa2UdzELT2Wm4rnrvVcFT/8uO4JOzfPaS2+1m0W9eo62ksWP8N21COdapF8l0ZM56Sx4rXSfzqUxzrLL114qLv2vacvlMV4yZxIljX2xm+TJ1eNJFfvIi2f6sJ4qypm4lfWxkrrOTqT+PXvFYndOgAAAAAAAAAAAAAAAAAAYKOmf/274ODZ0mgjb2+sLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4U9P//79GMa7CK0xO4/jkP75FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7oG/AwAA//83x1yS")
r10 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
open_by_handle_at(r10, &(0x7f00000004c0)=ANY=[@ANYBLOB="0800cb33000be4c975fc68d4a995be64a6daae2945c047608e349f92dc3500f42889a4cb9fe7e470cb457c4dc5157414d0302caa8e7a16eb0cc5023670d1d00d11919ec6f4edb672a49d5fd02d30ce0a41391ff887e66aecf50e4e440c4e80e26b29d5fc719af0bc31e4f29f98d0c0ebed6f39e91b36fa28"], 0x10a01)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000002a00)={&(0x7f0000000300)=@newlink={0x40, 0x10, 0x421, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}]}, 0x40}}, 0x0)
r11 = add_key$keyring(&(0x7f0000000100), 0x0, 0x0, 0x0, 0xffffffffffffffff)
r12 = getpid()
r13 = syz_pidfd_open(r12, 0x0)
setns(r13, 0x24020000)
add_key(&(0x7f0000000340)='encrypted\x00', &(0x7f00000003c0)={'syz', 0x0}, &(0x7f0000000580)="6f856b760df7c964f0477ce1399842d72c500f6a74dee96601f77b2239aecddd57a6b50f0534832107a01e8fca447e552a71bd15066dd70373e294e9f2e0e4505390cafc63b2c74d48362da7a56937f6dc45ada6095d0483d2f2328effe99a8212499d49812f2aef097a74d453745c4c2088820c3ea15bf8bf9079ed5e05a62a560857e22ba87ed4597a7b61ad0d419d4dc35071e7995bc2c8d1a503f91effe74a4ba0", 0xa3, r11)
syz_clone(0xfdba2180, 0x0, 0x0, 0x0, 0x0, 0x0)

23.23319829s ago: executing program 2 (id=10843):
r0 = syz_io_uring_setup(0x3b52, &(0x7f00000004c0)={0x0, 0x5883, 0x10000, 0x8003, 0x1c2}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000300)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
lgetxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1})
io_uring_enter(r0, 0x10007b0f, 0x96f0, 0x20, 0x0, 0x0)

22.738684299s ago: executing program 2 (id=10845):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r0}, 0x9)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xb, 0xff, 0x4932, 0x7f, 0x1, 0x1}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{r1}, &(0x7f0000000000)=0x7d8, &(0x7f0000000180)='%ps    \x00'}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000100)=0x7d8, &(0x7f0000000140)='%pi6   \x00'}, 0x20)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, &(0x7f0000000200)=""/197, &(0x7f0000000380), &(0x7f0000000300), 0x2, r2}, 0x38)

22.738561329s ago: executing program 33 (id=10845):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r0}, 0x9)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xb, 0xff, 0x4932, 0x7f, 0x1, 0x1}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{r1}, &(0x7f0000000000)=0x7d8, &(0x7f0000000180)='%ps    \x00'}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000100)=0x7d8, &(0x7f0000000140)='%pi6   \x00'}, 0x20)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, &(0x7f0000000200)=""/197, &(0x7f0000000380), &(0x7f0000000300), 0x2, r2}, 0x38)

5.012689014s ago: executing program 5 (id=11094):
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
openat$selinux_policy(0xffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000002c0)={0x2, &(0x7f0000000180)=[{0x28, 0x6, 0x1, 0xfffff030}, {0x6, 0x0, 0x1, 0x1}]}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) (async)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
preadv(r2, &(0x7f0000002880)=[{&(0x7f00000000c0)=""/91, 0x5b}], 0x1, 0xa2e1, 0xc)
r3 = openat$cgroup_procs(r1, &(0x7f0000000080)='tasks\x00', 0x2, 0x0)
preadv(r3, &(0x7f0000000340)=[{&(0x7f0000000140)=""/253, 0xfd}], 0x1, 0x4, 0x3) (async, rerun: 32)
syz_read_part_table(0x60d, &(0x7f0000002200)="$eJzs3D9olHcYB/DvJbmcUTAdnFxqHDoJRXE0Q5XkqlgIp1IIDvYfIs0UIXDSw5Q4tBkUM0jHLlK4DhonYwYnRaFzEQeLkMGlYBepHXLl7l6SOyjF0oRS/HyGe353PDzf94F3/V34XxtIuTi1Kp3y/qd/298a3TzP50xzYvJ4q9VqnU5KOZtyxsq7l5MMpX9q9icZ7plz8/udq9/+9mG5+fTUq/fOPVgc2JhZyTtJdvU2Z+SvHqXyzzZlO9wafzi6cGW2erX9pdpYW/84uf1yorZycnFp+UT52Oft3y8nj4r+7osxkoup51K+zCdDbxz19eax1Jc/386vj194Um2sfdd8fnB9b3Xw7vkjr/etXrt/KJlrR0yl87JvGv6Xi/fkL/Tkz41dn15qHD1wZ8+Nw/V7j2svBn9vdRWR5a3JBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABge9xqf1yZrV6tj194Um2sffPzTx/dfjlRWzm5uLR8YvjYs6LvUVGHinox9VxKOclMZvJFZt88crrUmz/+cHRhI/+Pncnzg+t7q82754+8nly9dv9Qp6uUqXYZ2IqN+/XnN9bmxq5PLzWOHriz58bh+r3HtReD3b6ZSj7rrJuksvWPAQAAAAAAAAAAAAAAAAAAwFtuYvL4vqkPaqeTUs7uSPLrV51b9q3KyI/p3Lzv2l/UZ5Vkd5KbO7r/BdB8eurV8LkHi78Ul+LnU8l8kl0/rJxJ3t3IudwfW96czH/pzwAAAP//gTiR5w==") (async, rerun: 32)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x105042, 0x1db)
writev(r4, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x100000}], 0x1)

4.430962841s ago: executing program 5 (id=11100):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f0000000240)=0x2, 0x4)

4.384589865s ago: executing program 5 (id=11102):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, &(0x7f0000000080)=0x8000000ffffffff)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xb30, 0x0, 0x0, 0x40f00, 0x49, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r6}, 0x10)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89f1, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
timer_settime(r4, 0x0, 0x0, 0x0)
splice(r1, 0x0, r2, 0x0, 0x7, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

3.34217755s ago: executing program 0 (id=11118):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffff001}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, 0x0, 0x40)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000850}, 0x40)

3.276319685s ago: executing program 0 (id=11121):
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0xb, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0xfe, &(0x7f00000001c0)=[{&(0x7f00000007c0)="d8000000180081054e81f782db4cb90402200800fe00fe05e8fe55a10a0015000600142603600e1208000f007f370301a8001600a40002400f000100035c0461c1d67f6f94007134cf6edb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090014d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00350db798262f3d40fad95667e006dcdf63951f215c3f8b6ad2cba0e2375ee535e3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x20000800)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r2, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c010000", @ANYRES16=<r4=>r3, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000400000200000200080001000300000005000200030000000500020008000000240003"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0)
r5 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000004600)=[{{&(0x7f0000000240)=@nfc, 0x80, 0x0}, 0xff}], 0x1, 0x103, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='mm_page_free_batched\x00'}, 0x18)
r6 = gettid()
process_vm_writev(r6, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f00000003c0)={<r7=>0xffffffffffffffff})
sendmmsg$sock(r7, &(0x7f00000044c0), 0x4000000000001c0, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="020028bd7000fedbdf2508000000140006006e696376663000"/34], 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x884)
bpf$MAP_CREATE(0x0, &(0x7f0000000fc0)=ANY=[@ANYBLOB="1e000000127b00007f0000000800000001000000", @ANYRES32=0x1, @ANYBLOB="0500"/20, @ANYRES32=r4, @ANYRES32=r3, @ANYBLOB="0200000002000000040000000b0000000000000000000000000000002e41851500f3b2f29c5309f22f84e8267f5fcbe79e388ad3db2f28413069566a17f11f1d023abb1b6c0720816e70db1b5014dcdb1adc023bd9e9c58b1b2963f63bb2f6b20da2e79af74605e69bec0ee4b02d4b85eb214e05bb8f8b8c95d28dfdb41a616ea5bc354ec3e5bc34db74fb"], 0x50)
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
r8 = inotify_init1(0x0)
inotify_add_watch(r8, &(0x7f0000000080)='./file0\x00', 0x40000012)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r9}, 0x18)
r10 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r10, 0x89f0, &(0x7f0000000000)={'bridge0\x00', 0x0})
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.021389476s ago: executing program 0 (id=11125):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, 0x0, &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0)
r1 = msgget$private(0x0, 0xfffffffffffffffd)
msgrcv(r1, 0x0, 0x0, 0x1, 0x3000)
msgrcv(r1, 0x0, 0x0, 0x1, 0x0)
msgsnd(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="01fcd39e9691b40000000000eff1"], 0x8, 0x0)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file0\x00', &(0x7f0000000480), 0x4000)
getresuid(&(0x7f0000000180), &(0x7f0000000200), &(0x7f0000000500))
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000580))
lstat(&(0x7f0000000600)='./file1\x00', &(0x7f00000003c0))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000dc0)='/proc/tty/drivers\x00', 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x30, r3, 0x10ada85e65c25359, 0xfffffffd, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x78}}}}, [@NL80211_ATTR_TID_CONFIG={0x8, 0x11d, 0x0, 0x1, [{0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x8441}, 0x4000000)
socket$kcm(0x10, 0x2, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x10)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000200), 0x4)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}], 0x1)

2.311286003s ago: executing program 6 (id=11133):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, 0x2}, 0x94)
syz_emit_ethernet(0xbe, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @empty}, {0x0, 0x17c1, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "0b86c107cddd39d10e870794ae120f860174b07efe05336d54f519ebba5a2b26", "5e5992c2209db5127a4a84d3d6e03d081a4118a2bbd22f0ca038289c45b30eca6703476382c29175c40096a9c60c3cce", "6a9f3a451dd7eb4523e02c2a4a00f81073727f3ac9f91e284b975a32", {"8f865412904b133eebafc6eb170fb006", "21144ab13a642475fc21552dce5cda9c"}}}}}}}, 0x0)
r0 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0xd000001b})
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file2\x00', 0x404, &(0x7f00000001c0)=ANY=[@ANYRES16=0x0, @ANYRESOCT, @ANYRES8], 0x1, 0x122e, &(0x7f0000002580)="$eJzs3MFrHFUcB/BftqlZU5tErdX2oA+9eBqaHDwJEiQFyYJSG6EVhCmZ6JJxN2SWwIoYe/Lq0b9BPHpTxH8gV/8Cb7mIpxzEEXZSk60NmlqyRT+fy/zIb76Z99hl4S3v7f7rX368uVFlG/kgWlNT0dqKSAcpUrTinhdXm+ut26vLnc7KjZSuL99cfC2lNPfSD+9/+s3LPw4uvPft3Hczsbfwwf4vSz/vXd67sv/7zY+6VepWqdcfpDzd6fcH+Z2ySOvdajNL6Z2yyKsidXtVsT3W3yj7W1vDlPfWL85ubRdVlfLeMG0WwzTop8H2MOUf5t1eyrIsXZwNTnT+729Z+/qgrr+PqOvz8UTUdV0/GbMxFU/FxZiLzyPi6Xgmno1L8Vxcjufjhbgyuusshg8AAAAAAAAAAAAAAAAAAAD/Hwej0/zj5/8vHJ7/n48F5/8BAAAAAAAAAAAAAAAAAADgDLx76/bqcqezciOldkT5xc7azlpzbfrLG9GNMoq4FvPxW4xO/zea+vpbnZVraeRcROwe5nd31s6N5xdHPydwmJ8e9e7lF5t8irvlsfxMzDb5dkQUsRTzcenY89tH+aUH5tvx6ivHnp/FfL0b0Y8y1kfPPsp/tpjSm2937stfHd0HAAAA/wVZ+tPC+Pq3Wb9n2Un9Jn+K7wfuW19Px9Xpyc6diGr4yWZelsX2eNH+y18mVsw8HsM4TdH6N/GZOLHVGmt99VPEpGf6WBTtw/fyo/iHU5OfzkMUdx/J3MeLCX8wcSaOXvRJjwQAAAAAAAAAAIDT+Cf7AX+Nh95FOB0P2Fn2xmSmCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MEOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAoQIAAP//uXHE5A==")
truncate(&(0x7f0000000200)='./file2\x00', 0x40000000007)
syz_emit_ethernet(0x66, &(0x7f0000000b80)={@broadcast, @random="6487a2bed3d6", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x14, 0x300, 0x0, 0x0, 0x6c, 0x0, @private}, {{}, {}, {}, {}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4}}}}}}}}, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x5)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000000000140000006000000000082f00fe88a43de1a400000000000000007d01ff0200000000000000000000000000010000883e"], 0xfdef)
r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00'}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r2 = getpgid(0x0)
timer_create(0x7, &(0x7f0000000240)={0x0, 0x34, 0x0, @tid=r2}, &(0x7f00000003c0))
utime(&(0x7f0000000000)='.\x00', 0x0)
add_key$user(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000200)="5fbf", 0x2, r1)

2.251374928s ago: executing program 6 (id=11134):
msgrcv(0x0, 0x0, 0x0, 0x1, 0x0)
msgsnd(0x0, 0x0, 0x8, 0x0)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file0\x00', &(0x7f0000000480), 0x4000)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000580))
lstat(&(0x7f0000000600)='./file1\x00', &(0x7f00000003c0))
socket$kcm(0x10, 0x2, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x10)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1)
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2})
syz_genetlink_get_family_id$mptcp(&(0x7f00000001c0), r1)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}], 0x1)

2.194030892s ago: executing program 4 (id=11135):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r1=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0, r1, 0x0, 0x7ffffffe}}, 0x20)

2.193807222s ago: executing program 4 (id=11136):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0x6}, 0x18)
socket(0x2, 0x80805, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x2}, 0x2, r4}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8, 0x0, 0x3}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffffb}, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)

2.193128023s ago: executing program 4 (id=11137):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000080)={0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r1, 0x80045505, 0x0)
ioctl$USBDEVFS_SETCONFIGURATION(r1, 0x80045505, &(0x7f0000000000)=0x7ffffffe)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000180)={0x0, 0x4, 0x1000000b, 0x9, 0x4, "00000000000000000000c2041a02003d00"})
r5 = syz_open_pts(r0, 0x62080)
r6 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001b00)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, 0x0, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x118, 0x2, {{0x10000, 0x0, 0x57b2}, [@TCA_NETEM_REORDER={0xc, 0x3, {0xdc, 0x3}}, @TCA_NETEM_LOSS={0xc0, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x4, 0x2, 0x3e}}, @NETEM_LOSS_GE={0x14, 0x2, {0x2, 0x7, 0x2}}, @NETEM_LOSS_GE={0x14, 0x2, {0x2, 0xffffdb78, 0xf, 0x6}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x1, 0x5, 0x85bc, 0x1ff}}, @NETEM_LOSS_GE={0x14, 0x2, {0x4, 0x8000000, 0x5}}, @NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x5, 0x7, 0x7}}, @NETEM_LOSS_GE={0x12, 0x2, {0x6, 0xf, 0xa9c8}}, @NETEM_LOSS_GI={0x18, 0x1, {0x2007, 0x0, 0x8, 0x50195274, 0x1}}, @NETEM_LOSS_GE={0x14, 0x2, {0x4, 0x0, 0x59, 0x2}}]}, @TCA_NETEM_LOSS={0x4}, @TCA_NETEM_SLOT={0x2c, 0xc, {0x7, 0x100, 0x40, 0x9, 0x2, 0x94}}]}}}]}, 0x148}}, 0x0)
dup3(r5, r0, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x800, 0x44180)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f00000001c0)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TIOCSBRK(r0, 0x5427)

2.0986941s ago: executing program 0 (id=11139):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r0, 0x0, 0x0, 0x20004040, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x2, @dev={0xfe, 0x80, '\x00', 0x13}, 0x7}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r3}, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0900000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0)

2.005954578s ago: executing program 0 (id=11140):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX])

1.942515633s ago: executing program 0 (id=11141):
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x36e, &(0x7f00000007c0)="$eJzs3U1oM0UYwPEnaZImeXmbHERRkA6+CHpZ2uhZDNKCELC0jdgKwrbdaMialGyoRsS2J4+Kd0+Ch9KbBQ8F7VnoxZteRPDWi6BgBXVlv5LNV9PGpMH2/4OSycw8uzPZSXk27WYv3vj03UrJ0kp6Q6JJJRERkUuRrEQlEPEfo245IfLJd622A3n+wW8/PL22UUx6FWo5v/5CTik1N//Nex+m/G6ns3Kefevi19wv54+fP3nxz/o7ZUuVLVWtNZSutmo/NfQt01A7ZauiKbViGrplqHLVMupe+1f+dsza7m5T6dWdh+ndumFZSq82VcVoqkZNNepNpb+tl6tK0zT1MC0Ypni0uqrnRwzeHvNgMCH1el6fEZFUT0vxaCoDAgAAU9Wd/0edlH5Y/h/Syv83Za5QWFpVTud2/n/8zFnjwesnc37+f5rol/+/+KO3rY783zmdaOf/Ne/8oDQ8//9cbpD/92ZE98vI+X92AoPBaOYTPVWRjmdO/p/237+uwzePF9wC+T8AAAAAAAAAAAAAAAAAAAAAAP8Hl7adsW07EzwGP+1LCPznuJMGHf9ZEUk6R9/m+N9laxubknQv3HOOsfnxXnGv6D36Hc5ExBTjb7ubszaCK4+UIyvfmvt+/P5eccZtyZek7MTLomQk666nULxtL79aWFpUHj++dZlSOhyfk4w8Fo7/2l2dTnyuM97ff0KeexSK1yQj329LTUzZcSPb+/9oUalXXit0xafcfiLy860fFAAAAAAAxkxTLX3P3zVtULv3LSP5kvsxkSELkpG/+p/fL/Q9P49lnopNe/YAAAAAANwPVvODii5Ro+4WTLNfISUDm8ZQiHXUxEWkb+dEV038qi3PhGZ43fEkxLuDyX+d1xfBq3qTqOAfKZyBt5r8O6rIaOMJ5u/WRGLP/u43/XnTeUUOxF0AB+GmqFwjPNY9+HmnQvXt/Gjgdg79ibRqgo+NEgNeZ1np3U70ipUQ76mxI6MtgCc++/KP8b1BXjrxV8D7wzsfmoa9L9c5KF0FZxe9TfGJ/+IBAAAAcOvaSX9Q83K4OXwjkfDNcvjLPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYzSRr/TrKgze++xtThUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYun8DAAD//7ct9c4=")
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x4000)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000100)=@ccm_128={{0x304}, "2697312e4e898ca7", "35e23ca3a988def7dfbd438c536346cd", "11398f4a", "50cc97386065eda9"}, 0x28)

1.660849366s ago: executing program 1 (id=11143):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffff001}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000850}, 0x40)

1.60815874s ago: executing program 1 (id=11144):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000040)={<r1=>r0, 0x5, 0x7f7})
recvmmsg(r1, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/159, 0x9f}, {&(0x7f0000000080)=""/55, 0x37}], 0x2}, 0x4}, {{&(0x7f0000000240)=@nfc, 0x80, &(0x7f00000005c0)=[{&(0x7f00000002c0)=""/19, 0x13}, {&(0x7f0000000300)=""/244, 0xf4}, {&(0x7f0000000400)=""/176, 0xb0}, {&(0x7f00000004c0)=""/242, 0xf2}], 0x4, &(0x7f0000000600)=""/87, 0x57}, 0x80}], 0x2, 0x42, &(0x7f0000000700)={0x77359400})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x32126, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r2 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1064, 0x80, 0x4, 0x224}, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', r6, 0x0, 0x100000000}, 0x18)
syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_OPENAT2={0x1c, 0x40, 0x0, 0xffffffffffffffff, &(0x7f00000004c0)={0x200000, 0x158, 0x18}, 0x0, 0x18, 0x0, 0x23456})
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x2000759, &(0x7f00000006c0)={[{@jqfmt_vfsold}, {@noblock_validity}, {@discard}, {@errors_remount}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xff}, 0x0}, {@noauto_da_alloc}, {@max_batch_time={'max_batch_time', 0x3d, 0xc}}, {@jqfmt_vfsv1}, {@journal_path={'journal_path', 0x3d, './file0'}}, {@lazytime}, {@resuid}, {@dax_always}, {@test_dummy_encryption_v1}, {@auto_da_alloc}, {@nodioread_nolock}, {@data_writeback}, {@noblock_validity}], [], 0x2c}, 0x0, 0x51b, &(0x7f0000001300)="$eJzs3M9vFNcdAPDvrtc2LlC79Be/WralVa1Wxdj8PPQAqJW4VKrUqqLHrW0QxUCFXQksq5iqAqmHVvwF/XGrlL8gp+QSJVEOiXIF5RpFQpEvkByiiWZ3ZrPr3bXXZu2V8ecjzfJm5s3M+87Mw2/e29kAdq1y+lGI2BcRTyJitDbbnKFc++fFytL0ZytL04VIkt9+Wqjme76yNJ1nzbfbm82MFyOKfy/EkdbDDs/fW7xRmZubvZMtmFgoZqmblWuz12ZvTZ0/f/rUyLmzU2d6EmdapueH/3r76KHLf3j86+krj//4zmtpeZNsfWMcNWPVz6GujzDQsqQc5eZz2eDH3Rd9R9jfkC6U0s9i/wpD19K7tpTV3ScxGgPVuZrR+NXf+lo4YEslSZIMtyyt/y1bThoVCrUNkuRBArwCCtHvEgD9kf+hf76SPgEsTbc+B7/anl2M6hNQGveLbKqtKVWfYMtjEYNRm7bCtyLiyvLn/06naNsPAQDQW29cjHh0qdbuyKfammJ8pyHf17OxobGI+EZEHIiIb2btl29HVPN+NyIONmyzv4tRgPKq+db2zwcjWaKxudozafvvF9nYVnP7r17ysYFsbn81/sHC1etzsyezczIeg8Pp/GTrruvdam/+8sN/dTp+uaH9l07p8fO2YFaOT0qrOuhmKguVl4079+xB9cTeb42/EKVCnoo4FBGHN7H/9Jxd/+n/j3Za3xR/GmdL/P/svPPSJgq0SvLfiJ/Urv9yVOPP+z5rwQ9lqYmFm3+emL+3+PPrjeOTk+fOTp2Z2BNzsycn8rui1bvvP/xNlmx5jGi+/knScP3zqrGlA2np9f9a2/u/PnI5lqbq47XzGz/Gw6ePOj7TbPb+Hyr8rprOx2fvVhYW7kxGDBWWW5dPfbXt3cpIU/40/vHj7ev/gYgv/pNtdyQi0pv4exHx/Yg4lpX9BxHxw4g4vkb8b1/60Z86PUKuH//WSuOf2dD1v7c4ElmiviRNXHgvonlJnhi48dbrLQf+R7kl/sHodP1PV1Pj2ZKZysKe9eJqU8C2iZc+gQAAALADHIuIfVEonsg6mvZFsXjiRMTeeg/K/MLPrt7+y62Z2jsCYzFYzHu6Rhv6QyezvuF0Pt1qqmE+XX+q2m+cJEkyks6nz+9zB/sbOux6ezvU/9THra+0AK+aDY2jdXqjDdiRVtf/p11v2fsvZADbqwffowF2KPUfdq+u6/9WvQUH9E27+n8/4kUfigJss3b1//ctSy5sS1mA7dWu/hv7h91h8/1/vgwAO53+f9iVunpJfhOJA5fXyFModbefUtev8a+XKMbavwIwFvXfNMjbNGvv8KNiRG/O2EBPz/xI0zUtts2zJ3pxrCium6e0gR9i2N5EsTI3l7/g0vfyDEfEOndv/Wa7nycWt7pg1XPzv/79zwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAbXwYAAP//363OhA==")
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r2, 0x47f8, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000001200)={0x280, 0x0, 0x0, 0x0, {0x11}, &(0x7f0000000000)=""/50, 0x32, 0x0, 0x0}, 0x58)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mount_setattr(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x8000, &(0x7f0000000500)={0x0, 0x7, 0x80000}, 0x20)

1.338408192s ago: executing program 6 (id=11145):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000240), 0x1, 0x4bf, &(0x7f0000000540)="$eJzs3c9vG1kdAPDvTJImm81usrASPwRsWRYKqtZO3N1otaflAkKrlRArThzakLhRFDuOYqc0oYf0f0CiEif4EzggcUDqiTs3uCGkckAqUIEaJA5GM56kaWqnEU08Vfz5SE8zb57t73tt573pt41fACPrckTsRcSliLgREbPF9aQo8VGvZK97/OjO8v6jO8tJdLuf/iPJ27NrceQ9mVeLz5yKiB98N+LHybNx2zu760uNRn2rqFc7zc1qe2f3L2vNpdX6an2jVltcWJz/4Nr7tTMb61vNXz/8ztrHP/zdb7/84A973/pp1q2Zou3oOM5Sb+gTh3Ey4xHx8XkEK8FYMZ5LZXeE/0saEZ+JiLez+79bdm8AgGHodmejO3u0DgBcdGmeA0vSSpELmIk0rVR6Obw3YzpttNqdqzdb2xsrvVzZXEykN9ca9fkiVzgXE0lWX8jPn9Rrx+rXIuKNiPjZ5Ct5vbLcaqyU+eADACPs1WPr/78ne+s/AHDBTZXdAQBg6Kz/ADB6rP8AMHqs/wAweqz/ADB6rP8AMHqs/wAwUr7/ySdZ6e4X33+9cmtne711692Venu90txeriy3tjYrq63Wav6dPc3nfV6j1dpceC+2b1c79Xan2t7Zvd5sbW90ruff6329PjGUUQEAJ3njrft/SiJi78NX8hJH9nKwVsPFlpbdAaA0Y2V3ACjNeNkdAErj7/hAny16nzLwvwjdG/gWUwu85K58Qf4fRpX8P4wu+X8YXfL/MLq63cSe/wAwYuT4gXP4938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC48GbykqSVYi/wmUjTSiXitYiYi4nk5lqjPh8Rr0fEHycnJrP6QtmdBgBeUPq3pNj/68rsOzPHWy8l/5nMjxHxk198+vPbS53O1kJ2/Z+H1zv3iuu1EwPZahAASnKwTh+s4wceP7qzfFCG2Z+H3+5tLprF3S9Kr2U8xvPjVP7gMP2vpKj3ZM8rY2cQf+9uRHy+3/iTPDcyV+x8ejx+Fvu1ocZPn4qf5m29Y/Zr8dkz6AuMmvvZ/PNRv/svjcv5sf/9P5XPUC/uYP7bf2b+Sw/nv7EB89/l08Z47/ffG9h2N+KL4/3iJ4fxkwHx3zll/D9/6StvD2rr/jLiSvSPfzRWtdPcrLZ3dt9day6t1lfrG7Xa4sLi/AfX3q9V8xx19SBT/ay/f3j19ZPGPz0g/tRzxv/1U47/V/+98aOvnhD/m1/r//v/5gnxszXxG6eMvzT9m4Hbd2fxV/qPv3jP4PFfPWX8B3/dXTnlSwGAIWjv7K4vNRr1LSdDO8me3V6Cbjgp7ST7E3AWn/O5c+xq2TMTcN6e3PRl9wQAAAAAAAAAAAAAABhkGD/wVPYYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+FwAA//+vctdr")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000200)=0x8)
r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1ff)
sendfile(r2, r1, 0x0, 0xfffa83)

1.225740021s ago: executing program 4 (id=11146):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000040)={<r1=>r0, 0x5, 0x7f7})
recvmmsg(r1, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/159, 0x9f}, {&(0x7f0000000080)=""/55, 0x37}], 0x2}, 0x4}, {{&(0x7f0000000240)=@nfc, 0x80, &(0x7f00000005c0)=[{&(0x7f00000002c0)=""/19, 0x13}, {&(0x7f0000000300)=""/244, 0xf4}, {&(0x7f0000000400)=""/176, 0xb0}, {&(0x7f00000004c0)=""/242, 0xf2}], 0x4, &(0x7f0000000600)=""/87, 0x57}, 0x80}], 0x2, 0x42, &(0x7f0000000700)={0x77359400})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x32126, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r2 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1064, 0x80, 0x4, 0x224}, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', r6, 0x0, 0x100000000}, 0x18)
syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_OPENAT2={0x1c, 0x40, 0x0, 0xffffffffffffffff, &(0x7f00000004c0)={0x200000, 0x158, 0x18}, 0x0, 0x18, 0x0, 0x23456})
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x2000759, &(0x7f00000006c0)={[{@jqfmt_vfsold}, {@noblock_validity}, {@discard}, {@errors_remount}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xff}, 0x0}, {@noauto_da_alloc}, {@max_batch_time={'max_batch_time', 0x3d, 0xc}}, {@jqfmt_vfsv1}, {@journal_path={'journal_path', 0x3d, './file0'}}, {@lazytime}, {@resuid}, {@dax_always}, {@test_dummy_encryption_v1}, {@auto_da_alloc}, {@nodioread_nolock}, {@data_writeback}, {@noblock_validity}], [], 0x2c}, 0x0, 0x51b, &(0x7f0000001300)="$eJzs3M9vFNcdAPDvrtc2LlC79Be/WralVa1Wxdj8PPQAqJW4VKrUqqLHrW0QxUCFXQksq5iqAqmHVvwF/XGrlL8gp+QSJVEOiXIF5RpFQpEvkByiiWZ3ZrPr3bXXZu2V8ecjzfJm5s3M+87Mw2/e29kAdq1y+lGI2BcRTyJitDbbnKFc++fFytL0ZytL04VIkt9+Wqjme76yNJ1nzbfbm82MFyOKfy/EkdbDDs/fW7xRmZubvZMtmFgoZqmblWuz12ZvTZ0/f/rUyLmzU2d6EmdapueH/3r76KHLf3j86+krj//4zmtpeZNsfWMcNWPVz6GujzDQsqQc5eZz2eDH3Rd9R9jfkC6U0s9i/wpD19K7tpTV3ScxGgPVuZrR+NXf+lo4YEslSZIMtyyt/y1bThoVCrUNkuRBArwCCtHvEgD9kf+hf76SPgEsTbc+B7/anl2M6hNQGveLbKqtKVWfYMtjEYNRm7bCtyLiyvLn/06naNsPAQDQW29cjHh0qdbuyKfammJ8pyHf17OxobGI+EZEHIiIb2btl29HVPN+NyIONmyzv4tRgPKq+db2zwcjWaKxudozafvvF9nYVnP7r17ysYFsbn81/sHC1etzsyezczIeg8Pp/GTrruvdam/+8sN/dTp+uaH9l07p8fO2YFaOT0qrOuhmKguVl4079+xB9cTeb42/EKVCnoo4FBGHN7H/9Jxd/+n/j3Za3xR/GmdL/P/svPPSJgq0SvLfiJ/Urv9yVOPP+z5rwQ9lqYmFm3+emL+3+PPrjeOTk+fOTp2Z2BNzsycn8rui1bvvP/xNlmx5jGi+/knScP3zqrGlA2np9f9a2/u/PnI5lqbq47XzGz/Gw6ePOj7TbPb+Hyr8rprOx2fvVhYW7kxGDBWWW5dPfbXt3cpIU/40/vHj7ev/gYgv/pNtdyQi0pv4exHx/Yg4lpX9BxHxw4g4vkb8b1/60Z86PUKuH//WSuOf2dD1v7c4ElmiviRNXHgvonlJnhi48dbrLQf+R7kl/sHodP1PV1Pj2ZKZysKe9eJqU8C2iZc+gQAAALADHIuIfVEonsg6mvZFsXjiRMTeeg/K/MLPrt7+y62Z2jsCYzFYzHu6Rhv6QyezvuF0Pt1qqmE+XX+q2m+cJEkyks6nz+9zB/sbOux6ezvU/9THra+0AK+aDY2jdXqjDdiRVtf/p11v2fsvZADbqwffowF2KPUfdq+u6/9WvQUH9E27+n8/4kUfigJss3b1//ctSy5sS1mA7dWu/hv7h91h8/1/vgwAO53+f9iVunpJfhOJA5fXyFModbefUtev8a+XKMbavwIwFvXfNMjbNGvv8KNiRG/O2EBPz/xI0zUtts2zJ3pxrCium6e0gR9i2N5EsTI3l7/g0vfyDEfEOndv/Wa7nycWt7pg1XPzv/79zwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAbXwYAAP//363OhA==")
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r2, 0x47f8, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000001200)={0x280, 0x0, 0x0, 0x0, {0x11}, &(0x7f0000000000)=""/50, 0x32, 0x0, 0x0}, 0x58)
syz_open_dev$evdev(0x0, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mount_setattr(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x8000, &(0x7f0000000500)={0x0, 0x7, 0x80000}, 0x20)

1.130148769s ago: executing program 5 (id=11147):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r1=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0, r1, 0x0, 0x7ffffffe}}, 0x20)

1.10615284s ago: executing program 1 (id=11148):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)="3bfdd75fa5717852d59a9367444a2130e72cd4dabc8854532cca0c32a5b9f844a4610c7525650ce3d3b76b15026d93e6dee896115e9364066aa3d14e33ef732b4681335c576902153114bdb9c74b538a71115fb1d1a63d1b04129661b29aab89d0be999a6b7c9bea755adedbf305a79f70b71d3d4c98577b49db4963ce89b0def5e840f459659cb6f86d56b069a5de11d601d348ff88ca6e5e2cfe40176880b33e9e8dbc32ba2e6a99b1b50276dc4f06166000d7069a3cc76f", 0xb9}, {&(0x7f0000000180)="892950e2405ee8629d9384a91c16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911040000000000000003c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x16}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62458c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa", 0x47}, {&(0x7f00000025c0)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fcf5adf3e13fdb05b57b748bd14eda042a97fdd84498304a504a0a159b972e8200c2d0f536a3465ec498ed12b924bd134057df36129d3ebe3dd3ce9f0671e5278143e4afa3d43f444681de1b5f9725fca34fa357fe2154981666fb9dc202fc17a0199eb1c25bdd1005e590e84783ee9894c888998dc25a83c14aeee31d114acfa0bcd235d571cd765f4b9259ba43e6fc30291d8a642146c4771898030b736aeee6b247abb0784b154e104e7dcda401f9b1736fea30a41a4153fe6a9a525bd0a3487571f914f05b590e242341ade289d8f5b842c6be4a93c2755dfd47174def782a2f8f61c068b5a012f02c0801601e860def788121e8808c01fed4c920a3698d0d684920918c95b17f76bbcb4f265c931d8f79560ff8114b70f4dd6791e2ed70cfeb89905791b88be26efe1c5c66b7b50b3d2be0dbc066dfc31618f9507f6f340b85a2f76a6dcac9d6ccc289ace5e5fecd25afe22ffa451f5e365ab33cc985f2e9d7f7fb1be4794740a94215d7db14b0ffcec19e5e3c5ae0d8578ef3b65d2a7a77a11e390a6c3a6b391061c886b961e3c2f42d62047bfe1356a44b840d3d956105f4c0fa95db08c4933f00de77cdc057c28b41fecfc8398c442be1ad065954f6c9dfeb2fd7207e8548a00a1d50bdf522d2abfdafd71723616a34830fbfa8fc81e0c2639cc12f363a4919b7a00ac8189dad3e7e54122a2ef430f623658d5e281c9a19442995bb9b0e3f7d13e3016b6f9523be196bf23bbcc5ec802f43ef8b651d688d9d5a44f35c9847e4c32bce3e9ebed2326adadc76f06a195db32c80b3090d7cd65c9d8518ba4e528c5eb5c7a1c5695b21595fa8a8621734bfda8afddd65e1f37a1990220a00fa9bd2c22b0117ceb08ae6af3c944c2eca924abfddad065d1472d0c3f742a49b1e78c669471873706ad157d831d7482b773f07b0673a6ce1e227a7a4d13744bf459434c0ab1c323a38b1a84cbf1ce9741f2b8fdcc2e073e56171603d035aacd83e71d5132831f4f1e8bf517979f132a33fd03783272e9b8c96dfa4e1d320a58d82acfc8d3d53a5a52daafe4dc8be08f4ad53e11cc21374b6ff4ff5ea2ecc5d3f7c057f74f0098e57d990090475cdaffdef0da917653ed10fb70b94b72e5b4d95cbea0fc1dd2579635ad6ab545ba4d7b6d2f5442bdb78beb6c8ed62942a439117025b4566b48d9f3a17fdf4577e8606a4bc4c26557e58312fd2d1a541ebec3e5ae28eef8b2ab0597083716dd12889335570ee7839530eee879d9b137606cd4dd7103991671b4464bb68529eb19fb7a8845e3491bfbac688a87cf0744f429ea112014402915c4c1f6bae08d689d3cb7d641d7befe8fc74a2242310a9a367a39531b4c86da5b39df524e52f33ff9c40b48cb196ffc9ca855b6e698ade8a83e52b9ddc5031ff09e1907e4f8b0d07e64e1fb8e427f8819a7be907aa216bf8e2a4c7cc87ed53bf9490d4cc788b91f3b9f705e984a7e62c7a495e8421b97c39dc954b35468f17c6682334f4e16308448f457faeffff6d1f818522fa441d3a48168bdb12ffebace436a3915b63076cb6a655718647f87eaaf313b5bbd430421eed3a2215e439600a56eac8c65291eb103326a8034662bd337ab51577d9110ec7151be5cc9c54b2a30891acac5ad006ed537dbeb8f16eecbde7cf4e71373faf3c36b772f6d7ea9346875c8cf1049d49d4f8eb01b946c11e8c8e3ab2015f282167acddcc77fff03e1be9134252af0abfe538b4d25fc4ff874b52b9fb0996b5f32b4141dbd30578ff46e13ef6c63fc1620f62cb11a3dce401993976c272a5f62fde3f2a0e654d19e7a39dcdb622b9526d2a15cc18e6f817c916a00775353dd9c8954e66d0445b59bb0f5e6e3b46447232f52a0e398b057d123ef503afcbd48544db6434d2025bfc8dab72262a4fa5426a03061e7f8966e0086ff8ab5a91ab59f19b830394ee8bc76d6fb4816b8f4cde35b7eb9d3811228d51c54828f97fd1e648196c81bc73ed56249a59f318704e84656a6cedd2b8c1e1808d1cc648749abc643131e494c01336d4a14b8609656f2c972dc23c5c2e43fe40119fb88b5ec2aade35c03646e347354c493de8ab3672ccf94af0df333c6678299129d79be0eec281c5b3858ce3995566a390b674635b356692e3e9c53a089638ba0d69e772b7b410a5ae03de12e7de755ee559e1707b7b8003aabc8e2ce03c01e3183ff2d93262f6d5ceaafecdae66bc7cb3952c5a6571d864d502f281db5a228695badca5d022fdb6da56ab15dc377d1c1f8581ff56e28c2b2a84edb629547d28275c2ed571103b4ca7cdeb0776ba9f9dffcd78d21c3d4caa9289ed199672f4e7b912068c49c817114c37d37ea03954bae87d1ddae3da2ad85feb2fbb735b75a51f7bee5c8d88cc7bf64700d1a46ec6b631ae22ac7b06730a86a26bdcb992e1c7b50142de96b14a8468e4514068a30896fc677fddefaebb125c693a8d460469c7fe535f844781940f66d6abd091191c3122d584f5b0f5b0d443713d7d5186124d73de28aca30b719d4a55e09d259bddbf16995aeb1000880890afbd24d4066b0398985a40999de22ce176348e1c1f57eaf75b92a1e4f1482e89a00ac2cc36b20e36af9ec310599c19a5b1d6f8fadba104c58c801c6633315f82ebfa88faddd0b693e2f827f586c1cc5538e93bcf10f81af6dd7ee727df3b5018c0b4e31e40d040a47503b6ace4d29a1162ce487351825255f5584aff7cbd421f85c3d9fbb3784abd9848f16028b68f0d32ed8bb80106e8cc4acb939ff88bd39976d166b2addebf628b3fcd056da2f60e1b90f7a32702954921908ebccb683622a1f574ceba6951bef5e751c338c8279318dc28e36b9fc2bb17c3ad08aceb00fc388e6db112a738f86a4a1eb11526e1b9d73250b326285ed47c4398d93a3933d9a784249b65ad7d78a1f81d96ef36493ed693045a2150a8eb43cecc0c93e7d20b15b39a0646b081c2923b816365b7fbb41683a41732d942c5aa12faf876ec7f036becde8f3295af6dacff38d076d8e06260fee167703bb610745374a2758a6b88e465ca77d1f3105ae8b6b04a1eb509fb178d6249dbbc84d5d1d069278449a89d03e4a9a395d8170c329a296cfc329798cb9b9f1078d098cf3f989fd4ec53e013fbe917df35292d44fb1f3da4da4432a1847d4721514ade8cda5e5c0b51183580fc35266a970ebba74faeda56d4dcb56df51f96ad237452cedbd0cb2bee112713c3d450835811bf3da9745136d428e148fd0932dc77c8d8e61a16c625241fad8425b4ece394eedd5f165bd94923bfa1172be8edc8a4fcaae5f77ee8cc510192b27964da09c3e84efb4bc7154da1a24da8b7e544b42278d2574687ec76143afa6cf193d52a2a7f4c20ee57b6056a1337d5e408117a6cf1ab49c8980f39597f69902085d3e8d374d44e6ab4ed1185a26be2bc7281e9cfbbeb6bed899aa1924d3faa06d95999fbeaf2337494e0c2c39eef5a73fcde84459a9ea48d4e015d9e5bb5839354967ce02f637bc8678d2595b9a918fc36b927d7501f0ac2e3471ce02b5df355689c87f191ef5390900a41deec29984e45a878ece964b0009aad561316fc3b30ce1b49266d32eb17cd30f3e17e1f59014e8c518940dd0a093d1349c1a7c2581963bbe0ba372b6426e81c33c71b2ec8141c5713e52a37fff0a417a5b259e1420d9fb6a731f5baa0cc494221947895aa8fa14745a986a366bff9d0c239a19f85372497565b5b703da16439019df5f3d29f4247fb528854c9648630f03e9dedde5a08a47728ea6a4d42e62eff6fa3bd402325e0f4387b60171c37c180f958ad80955779c899517e7ea76eed00598e01552eaaf08b723daf9d466e8c57af43a15a46528b1119f5074aa3c51f77357ebe158275bc06b89640d7ce3c0a03af01418d7dc6ae8a1be8ab08c1722d66d1e9277480b8b178447667c024f9b78f8a878a2d7cf8e83e5104f6964b2907a989abafc7d7d0df941abf3d7283b6a11d46c2911a42182ec27ab785d92946e1ee8ef44846d561850d2a98c305c382f36d4cfc9b2bfd3b86ef21a0d187adcafbec8268c7d662a34dda1c83c4967097743133bc8c587edf249f5668c34ddb112fa4eb1bea9c8f6a000f1f34428b54688a5e214a7919868b25dbe930e86a243ecf54afe0b518c647d04873d2cf62cb2ab27f00015537a4fd2ea3dc8777abdf3284622347016566da0b9c406ca8c40694e4013a53fbf2e803d51b0bbe5e9df5fc74f66be618856357ccf803c53ed0e3b3fe79f69f0ede9b565d8f7a8ce5aa8cbb4e8fa61be3fd00ffb07e45065498925c14c0b311942d4ed951ad6237aadb5405bc7b2d79e1fd295b7c2ed8efa883e44c86a5053e2f421c6d4dc0c47d3a05d911db37d6efdb8e50fb3f06139ac147bc7162c21aece79eaf72e9779f19eb5395cec3d15a7594ea70a6b373d98651d2215b210f037ea3f8a57ded74474f6fdb64a08b56af52168da70b30aee03472cd8bee5af04cad7303004a4aba464b99", 0xcb3}, {&(0x7f00000006c0)="97b13f5cf9f584c87e0e637d2ff483a311bb412cb3b03c3d9e97e435f2fceb58ff0402ed7b96244b43386c222917662028d7a01206a1990722ccef1d8f39f7c8ae242e58359217b1c6161ea741445cf16b0c48eb18a6c72174dfb7cd1bd0f409dad5a432bed4afb470da3656dd30d70769e229dc91037321d618e1eff4a176ea46d5cd4d5da97f80356e46d9e8166bf2d97210b631654ece218a2a204a1786ab5a60a881a7a294cd2f92438350e6e3ec4439ebe06133ff65b1e32b809ba0482783b563ec8e5778285da5211e5821135433053a7921319c544d5e797f", 0xdc}, {0x0}, {&(0x7f0000000b00)="1b080b7a30aec939ce8e26e0cbbe37fc064ceef965fd5e3b6739c966492dbdf71c04423d8a403e56dfd224e4e55918a5e31e683fec5cc9460882a0d1628d02d51a8da997073f856e2cd00586c6e8c89c71cf8be6121b0b3a85d597a1afb0cc311f30cc26183c8e594ce5ff62661c9e32cbc9dd9a72985e9857f3bddb52382b6c27ca85d5774cf17b92e2d2097f12a8687e70f90d46381a47706a9124a2cf61b84f26aae22fd4da84ae35b93f7be9fdfdfbf33c59f5c657e9f7e81b81b786082f88af4de07808ff3c954bae", 0xcb}], 0x8, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0)
recvmsg$unix(r1, &(0x7f0000001140)={0x0, 0x2, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1}, 0x40000100)

1.075429613s ago: executing program 5 (id=11149):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
r2 = msgget$private(0x0, 0xfffffffffffffffd)
msgrcv(r2, 0x0, 0x0, 0x1, 0x3000)
msgrcv(r2, 0x0, 0x0, 0x1, 0x0)
msgsnd(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="01fcd39e9691b40000000000eff1"], 0x8, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file0\x00', &(0x7f0000000480), 0x4000)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000580))
lstat(&(0x7f0000000600)='./file1\x00', &(0x7f00000003c0))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000dc0)='/proc/tty/drivers\x00', 0x0, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000200), 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2})
syz_genetlink_get_family_id$mptcp(&(0x7f00000001c0), 0xffffffffffffffff)
writev(r3, &(0x7f00000000c0)=[{0x0}], 0x1)

1.073776434s ago: executing program 6 (id=11150):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000180)='./file1\x00', 0xc20d, &(0x7f0000003240)=ANY=[], 0x1, 0x360, &(0x7f0000000400)="$eJzs3c9rM0UYwPEnaZI3yUubHERRkA72opeljZ7FIC0IAUvbiK0gbNuNhqxJyYZqRGx78irePQkeSm8WPBS0/0Av3vQigrdeBA/2oK7sr2azSZo2Jsa3/X6gZDIzz+5OZlKeTbvZy7c//6BWsbSK3pJ4WklMRORKJC9xCcT8x7hbTknYobz0+Pcfn1/fLKe9CrVS3Hi5oJSam//uw08yfrezR3KRf/fyt8KvF09fPHv598b7VUtVLVVvtJSuths/t/Rt01C7VaumKbVqGrplqGrdMppe+zf+dszG3l5b6fXd2exe07Aspdfbqma0VauhWs220t/Tq3WlaZqazQqGKR+vrenFEYN3xnwwmJBms6jPiEimp6V8PJUDAgAAUxXN/+NOSj9K/r8lc6XS8ppyOnfy/5MXzluP3zqd8/P/s1S//P+Vn7xtdeX/zulEJ/9veOcHleH5/5dyh/y/NyN6WEbO//MTOBiMZj7VUxXreubk/1n//es6eudk0S2Q/wMAAAAAAAAAAAAAAAAAAAAA8CS4su2cbdu54DH46VxC4D/HvTRo/h+JSNqZfZv5v8/WN7ck7V6458yx+dl+eb/sPfodzkXEFOMvO8pZG8GVR8qRl+/NAz/+YL8847YUK1J14mVJcpJ311Mo3rZX3igtLymPH399mVI2HF+QnDwVjv/WXZ1OfKE73t9/Sl5cCMVrkpMfdqQhpuy6kZ39f7qk1OtvliLxGbefiPzyn08KAAAAAABjpqlrfc/fNW1Qu/ctI8WK+zGRIYuSkz/7n98v9j0/T+SeS0x79AAAAAAAPAxW++OaLnGj6RZMs18hIwObxlBIdNUkRaRv51SkJnnTlmdCI7zt8aTEu4PJvx3XV8Grepeo4B8pnAO/bvLvqCLhzkHd8C0H43drYonRpyl2KO4COAw3xeUW4YnIwVvzToXq23lh4HaOokMOPjZKDXidZbV3O/EbVkKyp8aOjbYAnvni6z/G9wZ59dSf7Y+Gdz4yDftAbjMpkYKzi96m5ER/6QAAAACYik7SH9S8Fm4O30gkfLMc/nIPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAYTeQr/SKFaY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+L/4JwAA///tT/As")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
recvfrom$inet(r1, &(0x7f00000007c0)=""/151, 0x97, 0x10020, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff})
close(0x4)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r2, 0x0, r3, 0x0, 0x80, 0x6)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x2c, r0, 0x10ada85e65c25359, 0xfffffffd, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x9}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8441}, 0x4000000)
sendmsg$TIPC_NL_MEDIA_GET(r4, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000380)={&(0x7f0000000880)={0x1a8, 0x0, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x50, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xeeb8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9b08}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x10001}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xf0bb35d}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_BEARER={0x80, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x4, @local, 0x80000001}}, {0x14, 0x2, @in={0x2, 0x4e22, @loopback}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x5, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x7, @mcast2, 0xfe000000}}}}]}, @TIPC_NLA_NET={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x403}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x200000}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xa3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}]}, @TIPC_NLA_MEDIA={0x64, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x4000000}, 0x494)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x142)
fsetxattr$system_posix_acl(r5, &(0x7f0000000280)='system.posix_acl_default\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="020000000100050000000000040003000000000008000700", @ANYRES32=0x0, @ANYBLOB="100007000000000020"], 0x2c, 0x3)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000080)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000780)={0x80002000})

966.854022ms ago: executing program 6 (id=11151):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0)
r1 = msgget$private(0x0, 0xfffffffffffffffd)
msgrcv(r1, 0x0, 0x0, 0x1, 0x3000)
msgrcv(r1, 0x0, 0x0, 0x1, 0x0)
msgsnd(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="01fcd39e9691b40000000000eff1"], 0x8, 0x0)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file0\x00', &(0x7f0000000480), 0x4000)
getresuid(&(0x7f0000000180), &(0x7f0000000200), &(0x7f0000000500))
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000580))
lstat(&(0x7f0000000600)='./file1\x00', &(0x7f00000003c0))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000dc0)='/proc/tty/drivers\x00', 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x30, r3, 0x10ada85e65c25359, 0xfffffffd, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x78}}}}, [@NL80211_ATTR_TID_CONFIG={0x8, 0x11d, 0x0, 0x1, [{0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x8441}, 0x4000000)
socket$kcm(0x10, 0x2, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x10)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000200), 0x4)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}], 0x1)

292.710436ms ago: executing program 4 (id=11152):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r2, 0x20e, 0x126, 0x0, &(0x7f00000004c0)="b9180bb76003070c009e40f086dd1fff31000000330020010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d74733e0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r4, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x51cfa, 0x0, 0x8000008, 0x3, 0xfffffffe, 0x1, 0x0, 0x7cce8c743ee810df})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x40505330, &(0x7f00000001c0)={0x800100, 0xfffffffd, 0x22, 0x6, 0x1101, 0x1})
close_range(r0, 0xffffffffffffffff, 0x0)

260.913799ms ago: executing program 4 (id=11153):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, 0x0, &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0)
r1 = msgget$private(0x0, 0xfffffffffffffffd)
msgrcv(r1, 0x0, 0x0, 0x1, 0x3000)
msgrcv(r1, 0x0, 0x0, 0x1, 0x0)
msgsnd(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="01fcd39e9691b40000000000eff1"], 0x8, 0x0)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file0\x00', &(0x7f0000000480), 0x4000)
getresuid(&(0x7f0000000180), &(0x7f0000000200), &(0x7f0000000500))
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000580))
lstat(&(0x7f0000000600)='./file1\x00', &(0x7f00000003c0))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000dc0)='/proc/tty/drivers\x00', 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x30, r3, 0x10ada85e65c25359, 0xfffffffd, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x78}}}}, [@NL80211_ATTR_TID_CONFIG={0x8, 0x11d, 0x0, 0x1, [{0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x8441}, 0x4000000)
socket$kcm(0x10, 0x2, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x10)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000200), 0x4)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}], 0x1)

180.247425ms ago: executing program 1 (id=11154):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffff001}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000850}, 0x40)

167.913076ms ago: executing program 5 (id=11155):
msgrcv(0x0, 0x0, 0x0, 0x1, 0x0)
msgsnd(0x0, 0x0, 0x8, 0x0)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc)
newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file0\x00', &(0x7f0000000480), 0x4000)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000580))
lstat(&(0x7f0000000600)='./file1\x00', &(0x7f00000003c0))
socket$kcm(0x10, 0x2, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x10)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1)
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2})
syz_genetlink_get_family_id$mptcp(&(0x7f00000001c0), r1)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}], 0x1)

128.56318ms ago: executing program 1 (id=11156):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000080)={'team0\x00', <r2=>0x0})
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', <r4=>0x0})
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r3, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r5)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x511800, 0x0)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r7, 0x402, 0x30)
getdents64(r6, &(0x7f0000000080)=""/60, 0x3c)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000500)={0x3, 'pimreg1\x00', {0xffffffff}, 0xcc6})
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=ANY=[@ANYBLOB="f0ff000000", @ANYRES32=r2, @ANYBLOB="800000001ca4040000001980000006000100000000000400a4a3072a7218bf4d1d171be1eb553de100000100010400000000020000000000000004006f60859cd530f378a404b71b2646d6cb000006008000000000000500944f9f525e7134ab2ee577ee005485d300000100700800000000010049f4ffff000005005741f67fcd76f9804bcc62029e76541700000e0001000000000000000200000000000000020000000000000001f8080800000000000035006e696376663000000000000000000000000023000900000000001d000900000000002300ff030000000028004a260000000027002e000000"], 0xffffff74}}, 0x20004040)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9000000000010102000000000000000005000009140005800f0001006e657462696f732de4b9cc3f706e73000020001640000000000000000300000014000100010000c9ad0000000108001a400001000006ec12400001000038000e802c00018014000300fc02000000000000000000000000000014000400fe8800000000000000000000000001010600034000020000baaecc462cba4a7b8b94ad20e76f478231852a9dfca6352982f6e879ebf65a3f0800000040ac6be212d4d79cf2c4ea740100000000ff94097c299b0969d139297b6c1791063a2901dc0ff88a51db9d94ffd440dfb39929d1b1ddce2e561690358365f77e5316dc9cb9e31a174e6d88f7e0f7f5e934843d40aa81a57b7bb4ada2bf3a715c7bc2038aecc1a425506cd487ad8ab8c20b90a712de"], 0x90}, 0x1, 0x0, 0x0, 0x44000}, 0x90)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000180))
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a000000020000000900000008"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESOCT=r8, @ANYRES16=r8], &(0x7f0000000140)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x18)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[], 0x1b8}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x27, 0x0, 0x1, 0x40}, 0x28)
openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r11 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r12 = ioctl$LOOP_CTL_GET_FREE(r11, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r11, 0x4c81, r12)

54.934256ms ago: executing program 6 (id=11157):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000006480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000023c0)=""/4091, 0xffb}, 0x88}], 0x1, 0x2, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x4, 0x514, 0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x9, 0x3}, 0x0, 0x10000, 0x8, 0x1, 0x7, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000007}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x2, 0xffffffffffffffff, 0xfff}, 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000013000000850000008600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000800000000005e002200850000006d00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10)
creat(&(0x7f0000000100)='./bus\x00', 0x0)
open(&(0x7f0000000540)='./bus\x00', 0x0, 0x100)
r5 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r5, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r7}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) (fail_nth: 3)

0s ago: executing program 1 (id=11158):
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0x511e36599023629, 0x100000, 0x480000f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='rxrpc_call_reset\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10)
r2 = syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4}, &(0x7f0000000140)=<r3=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4)
io_uring_enter(r2, 0x66a8, 0x4000, 0xf, 0x0, 0x18)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
syz_emit_ethernet(0xcc, &(0x7f00000004c0)=ANY=[], 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x1)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x5e2a6000)
perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20200006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0x24fa, &(0x7f00000002c0)={0x0, 0x7, 0x10100, 0xfffffffe, 0x1}, &(0x7f00000000c0), &(0x7f0000000200))
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB='2'], 0x118)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x3000009, 0x11, r6, 0xc0d8a000)

kernel console output (not intermixed with test programs):

 456.211104][T30716] netlink: 12 bytes leftover after parsing attributes in process `syz.5.10404'.
[  456.235063][T30718] netlink: 48 bytes leftover after parsing attributes in process `syz.5.10405'.
[  456.728727][T30742] ALSA: seq fatal error: cannot create timer (-19)
[  456.838905][   T29] kauditd_printk_skb: 524 callbacks suppressed
[  456.838919][   T29] audit: type=1326 audit(449.501:63599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30752 comm="syz.5.10422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f284f0febe9 code=0x7ffc0000
[  456.868356][T30757] loop4: detected capacity change from 0 to 8192
[  456.871514][   T29] audit: type=1326 audit(449.501:63600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30752 comm="syz.5.10422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f284f0febe9 code=0x7ffc0000
[  456.878699][T30757] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  456.897953][   T29] audit: type=1326 audit(449.501:63601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30752 comm="syz.5.10422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f284f0febe9 code=0x7ffc0000
[  456.931509][   T29] audit: type=1326 audit(449.501:63602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30752 comm="syz.5.10422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f284f0febe9 code=0x7ffc0000
[  456.954611][   T29] audit: type=1326 audit(449.501:63603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30752 comm="syz.5.10422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f284f0febe9 code=0x7ffc0000
[  456.977707][   T29] audit: type=1326 audit(449.501:63604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30752 comm="syz.5.10422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7f284f0febe9 code=0x7ffc0000
[  457.000779][   T29] audit: type=1326 audit(449.501:63605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30752 comm="syz.5.10422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f284f0febe9 code=0x7ffc0000
[  457.023835][   T29] audit: type=1326 audit(449.501:63606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30752 comm="syz.5.10422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f284f0febe9 code=0x7ffc0000
[  457.046800][   T29] audit: type=1326 audit(449.501:63607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30752 comm="syz.5.10422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f284f0febe9 code=0x7ffc0000
[  457.070082][   T29] audit: type=1326 audit(449.501:63608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30752 comm="syz.5.10422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f284f0febe9 code=0x7ffc0000
[  457.080865][T30766] program +}[@ is using a deprecated SCSI ioctl, please convert it to SG_IO
[  457.107367][T30766] random: crng reseeded on system resumption
[  457.235794][T30768] loop4: detected capacity change from 0 to 1024
[  458.078556][T30801] loop2: detected capacity change from 0 to 512
[  458.089347][T30801] EXT4-fs error (device loop2): ext4_iget_extra_inode:5104: inode #15: comm syz.2.10441: corrupted in-inode xattr: invalid ea_ino
[  458.103825][T30801] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.10441: couldn't read orphan inode 15 (err -117)
[  458.117264][T30801] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000500000000 r/w without journal. Quota mode: writeback.
[  458.220533][T28864] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000500000000.
[  458.369436][T30830] FAULT_INJECTION: forcing a failure.
[  458.369436][T30830] name failslab, interval 1, probability 0, space 0, times 0
[  458.382168][T30830] CPU: 1 UID: 0 PID: 30830 Comm: syz.2.10448 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  458.382190][T30830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  458.382204][T30830] Call Trace:
[  458.382211][T30830]  <TASK>
[  458.382219][T30830]  __dump_stack+0x1d/0x30
[  458.382240][T30830]  dump_stack_lvl+0xe8/0x140
[  458.382256][T30830]  dump_stack+0x15/0x1b
[  458.382327][T30830]  should_fail_ex+0x265/0x280
[  458.382349][T30830]  should_failslab+0x8c/0xb0
[  458.382371][T30830]  kmem_cache_alloc_noprof+0x50/0x310
[  458.382395][T30830]  ? copy_sighand+0x52/0x1b0
[  458.382429][T30830]  copy_sighand+0x52/0x1b0
[  458.382450][T30830]  copy_process+0xcaf/0x2000
[  458.382476][T30830]  kernel_clone+0x16c/0x5c0
[  458.382497][T30830]  ? plist_check_list+0x1e4/0x210
[  458.382587][T30830]  ? perf_cgroup_switch+0x10c/0x480
[  458.382605][T30830]  __x64_sys_clone+0xe6/0x120
[  458.382633][T30830]  x64_sys_call+0x119c/0x2ff0
[  458.382651][T30830]  do_syscall_64+0xd2/0x200
[  458.382750][T30830]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  458.382770][T30830]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  458.382791][T30830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.382845][T30830] RIP: 0033:0x7f040d02ebe9
[  458.382857][T30830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  458.382872][T30830] RSP: 002b:00007f040ba4cfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  458.382888][T30830] RAX: ffffffffffffffda RBX: 00007f040d256180 RCX: 00007f040d02ebe9
[  458.382899][T30830] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000041200000
[  458.382911][T30830] RBP: 00007f040ba4d090 R08: 0000000000000000 R09: 0000000000000000
[  458.382922][T30830] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  458.382974][T30830] R13: 00007f040d256218 R14: 00007f040d256180 R15: 00007ffcfb8465a8
[  458.382990][T30830]  </TASK>
[  458.741683][T30838] FAULT_INJECTION: forcing a failure.
[  458.741683][T30838] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  458.754808][T30838] CPU: 1 UID: 0 PID: 30838 Comm: syz.1.10455 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  458.754888][T30838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  458.754901][T30838] Call Trace:
[  458.754908][T30838]  <TASK>
[  458.754916][T30838]  __dump_stack+0x1d/0x30
[  458.754938][T30838]  dump_stack_lvl+0xe8/0x140
[  458.754956][T30838]  dump_stack+0x15/0x1b
[  458.754970][T30838]  should_fail_ex+0x265/0x280
[  458.755023][T30838]  should_fail+0xb/0x20
[  458.755058][T30838]  should_fail_usercopy+0x1a/0x20
[  458.755081][T30838]  _copy_from_user+0x1c/0xb0
[  458.755118][T30838]  vt_resizex+0x4a/0x350
[  458.755143][T30838]  vt_ioctl+0x107a/0x1880
[  458.755182][T30838]  ? tty_jobctrl_ioctl+0x29e/0x810
[  458.755207][T30838]  tty_ioctl+0x7de/0xb80
[  458.755231][T30838]  ? __pfx_tty_ioctl+0x10/0x10
[  458.755254][T30838]  __se_sys_ioctl+0xce/0x140
[  458.755298][T30838]  __x64_sys_ioctl+0x43/0x50
[  458.755329][T30838]  x64_sys_call+0x1816/0x2ff0
[  458.755350][T30838]  do_syscall_64+0xd2/0x200
[  458.755372][T30838]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  458.755437][T30838]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  458.755464][T30838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.755485][T30838] RIP: 0033:0x7f5f1afbebe9
[  458.755497][T30838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  458.755514][T30838] RSP: 002b:00007f5f199fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  458.755589][T30838] RAX: ffffffffffffffda RBX: 00007f5f1b1e6090 RCX: 00007f5f1afbebe9
[  458.755602][T30838] RDX: 0000200000000080 RSI: 000000000000560a RDI: 000000000000000d
[  458.755616][T30838] RBP: 00007f5f199fe090 R08: 0000000000000000 R09: 0000000000000000
[  458.755630][T30838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  458.755643][T30838] R13: 00007f5f1b1e6128 R14: 00007f5f1b1e6090 R15: 00007fffa1055978
[  458.755662][T30838]  </TASK>
[  459.181208][T30857] netlink: 'syz.4.10464': attribute type 21 has an invalid length.
[  459.189337][T30857] netlink: 'syz.4.10464': attribute type 1 has an invalid length.
[  459.390620][T30869] loop4: detected capacity change from 0 to 1024
[  459.399524][T30869] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  459.411896][T30869] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #3: block 1: comm syz.4.10467: lblock 1 mapped to illegal pblock 1 (length 1)
[  459.426202][T30869] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.10467: Failed to acquire dquot type 0
[  459.438563][T30869] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.10467: Freeing blocks not in datazone - block = 0, count = 4096
[  459.452242][T30869] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.10467: Invalid inode bitmap blk 0 in block_group 0
[  459.466522][T30869] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem
[  459.475128][T15004] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:55: lblock 1 mapped to illegal pblock 1 (length 1)
[  459.489654][T15004] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:55: Failed to release dquot type 0
[  459.501729][T30869] EXT4-fs (loop4): 1 orphan inode deleted
[  459.509491][T30869] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  459.527577][T30869] EXT4-fs error (device loop4): ext4_search_dir:1474: inode #2: block 16: comm syz.4.10467: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0
[  459.532745][T30880] bond6: entered promiscuous mode
[  459.551213][T30880] bond6: entered allmulticast mode
[  459.559512][T30880] 8021q: adding VLAN 0 to HW filter on device bond6
[  459.574266][T30880] bond6 (unregistering): Released all slaves
[  459.606544][T26154] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  459.619691][T30887] netlink: 'syz.1.10472': attribute type 21 has an invalid length.
[  459.628050][T30887] netlink: 'syz.1.10472': attribute type 1 has an invalid length.
[  459.639491][T30889] 9pnet_fd: Insufficient options for proto=fd
[  459.700995][T30898] loop4: detected capacity change from 0 to 1024
[  459.708088][T30898] ext4: Unknown parameter 'nouser_xattr'
[  459.909281][T30921] 9pnet_fd: Insufficient options for proto=fd
[  460.062717][T30929] netlink: 'syz.1.10488': attribute type 21 has an invalid length.
[  460.071773][T30929] netlink: 'syz.1.10488': attribute type 1 has an invalid length.
[  460.142943][T30934] FAULT_INJECTION: forcing a failure.
[  460.142943][T30934] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  460.156400][T30934] CPU: 1 UID: 0 PID: 30934 Comm: syz.1.10490 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  460.156426][T30934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  460.156438][T30934] Call Trace:
[  460.156444][T30934]  <TASK>
[  460.156451][T30934]  __dump_stack+0x1d/0x30
[  460.156475][T30934]  dump_stack_lvl+0xe8/0x140
[  460.156495][T30934]  dump_stack+0x15/0x1b
[  460.156512][T30934]  should_fail_ex+0x265/0x280
[  460.156535][T30934]  should_fail+0xb/0x20
[  460.156621][T30934]  should_fail_usercopy+0x1a/0x20
[  460.156644][T30934]  _copy_from_user+0x1c/0xb0
[  460.156671][T30934]  do_sock_getsockopt+0xf1/0x240
[  460.156739][T30934]  __x64_sys_getsockopt+0x11e/0x1a0
[  460.156824][T30934]  x64_sys_call+0x2bc6/0x2ff0
[  460.156843][T30934]  do_syscall_64+0xd2/0x200
[  460.156932][T30934]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  460.156967][T30934]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  460.156993][T30934]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  460.157023][T30934] RIP: 0033:0x7f5f1afbebe9
[  460.157040][T30934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  460.157059][T30934] RSP: 002b:00007f5f19a1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  460.157079][T30934] RAX: ffffffffffffffda RBX: 00007f5f1b1e5fa0 RCX: 00007f5f1afbebe9
[  460.157093][T30934] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000005
[  460.157105][T30934] RBP: 00007f5f19a1f090 R08: 0000200000000340 R09: 0000000000000000
[  460.157118][T30934] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001
[  460.157174][T30934] R13: 00007f5f1b1e6038 R14: 00007f5f1b1e5fa0 R15: 00007fffa1055978
[  460.157190][T30934]  </TASK>
[  460.232619][T30939] loop2: detected capacity change from 0 to 128
[  460.342280][T30939] vfat: Unknown parameter 'ÿÿÿÿÿÿÿÿ€'
[  460.545046][T30958] netlink: 'syz.5.10501': attribute type 21 has an invalid length.
[  460.553270][T30958] netlink: 'syz.5.10501': attribute type 1 has an invalid length.
[  460.563574][T30956] loop2: detected capacity change from 0 to 512
[  460.573843][T30956] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  460.595591][T30956] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.10500: Failed to acquire dquot type 1
[  460.611245][T30956] EXT4-fs (loop2): 1 truncate cleaned up
[  460.617546][T30956] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  460.642117][T28864] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  460.677051][T30965] netlink: 'syz.5.10503': attribute type 21 has an invalid length.
[  460.702636][T30965] netlink: 'syz.5.10503': attribute type 1 has an invalid length.
[  460.740260][T30970] loop2: detected capacity change from 0 to 128
[  460.959478][T30981] loop2: detected capacity change from 0 to 1024
[  460.969209][T30981] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  460.984710][T30981] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.10508: Allocating blocks 465-513 which overlap fs metadata
[  460.999398][T30981] EXT4-fs (loop2): pa ffff888106a450e0: logic 256, phys. 369, len 9
[  461.007414][T30981] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 3
[  461.017635][T30981] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 18: block 113:freeing already freed block (bit 7); block bitmap corrupt.
[  461.044241][T30985] __nla_validate_parse: 25 callbacks suppressed
[  461.044314][T30985] netlink: 2 bytes leftover after parsing attributes in process `syz.1.10509'.
[  461.128086][T30988] netlink: 92 bytes leftover after parsing attributes in process `syz.1.10510'.
[  461.458577][T30995] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10513'.
[  461.481808][T30997] netlink: 144 bytes leftover after parsing attributes in process `syz.1.10514'.
[  461.492301][T30997] netlink: 168 bytes leftover after parsing attributes in process `syz.1.10514'.
[  461.679193][T31003] FAULT_INJECTION: forcing a failure.
[  461.679193][T31003] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  461.692283][T31003] CPU: 1 UID: 0 PID: 31003 Comm: syz.4.10517 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  461.692346][T31003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  461.692359][T31003] Call Trace:
[  461.692366][T31003]  <TASK>
[  461.692373][T31003]  __dump_stack+0x1d/0x30
[  461.692394][T31003]  dump_stack_lvl+0xe8/0x140
[  461.692413][T31003]  dump_stack+0x15/0x1b
[  461.692504][T31003]  should_fail_ex+0x265/0x280
[  461.692522][T31003]  should_fail+0xb/0x20
[  461.692536][T31003]  should_fail_usercopy+0x1a/0x20
[  461.692628][T31003]  _copy_to_user+0x20/0xa0
[  461.692657][T31003]  simple_read_from_buffer+0xb5/0x130
[  461.692692][T31003]  proc_fail_nth_read+0x10e/0x150
[  461.692716][T31003]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  461.692737][T31003]  vfs_read+0x1a8/0x770
[  461.692807][T31003]  ? __rcu_read_unlock+0x4f/0x70
[  461.692838][T31003]  ? __fget_files+0x184/0x1c0
[  461.692866][T31003]  ksys_read+0xda/0x1a0
[  461.692890][T31003]  __x64_sys_read+0x40/0x50
[  461.692912][T31003]  x64_sys_call+0x27bc/0x2ff0
[  461.692988][T31003]  do_syscall_64+0xd2/0x200
[  461.693013][T31003]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  461.693147][T31003]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  461.693168][T31003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.693257][T31003] RIP: 0033:0x7f16d59cd5fc
[  461.693273][T31003] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  461.693289][T31003] RSP: 002b:00007f16d442f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  461.693306][T31003] RAX: ffffffffffffffda RBX: 00007f16d5bf5fa0 RCX: 00007f16d59cd5fc
[  461.693317][T31003] RDX: 000000000000000f RSI: 00007f16d442f0a0 RDI: 0000000000000006
[  461.693330][T31003] RBP: 00007f16d442f090 R08: 0000000000000000 R09: 0000000000000000
[  461.693351][T31003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  461.693377][T31003] R13: 00007f16d5bf6038 R14: 00007f16d5bf5fa0 R15: 00007fffa1af5a58
[  461.693395][T31003]  </TASK>
[  461.936555][T28864] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  461.949190][T31015] 8021q: adding VLAN 0 to HW filter on device bond20
[  461.965082][T31015] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10523'.
[  461.984424][T31015] bond20 (unregistering): Released all slaves
[  462.002572][T31024] netlink: 92 bytes leftover after parsing attributes in process `syz.0.10521'.
[  462.054731][T31020] loop2: detected capacity change from 0 to 1024
[  462.080984][T31032] netlink: 144 bytes leftover after parsing attributes in process `syz.0.10527'.
[  462.091369][T31032] netlink: 168 bytes leftover after parsing attributes in process `syz.0.10527'.
[  462.335475][   T29] kauditd_printk_skb: 392 callbacks suppressed
[  462.335507][   T29] audit: type=1326 audit(454.637:63996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31039 comm="syz.0.10531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74de53ebe9 code=0x7ffc0000
[  462.365575][   T29] audit: type=1326 audit(454.637:63997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31039 comm="syz.0.10531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74de53ebe9 code=0x7ffc0000
[  462.388639][   T29] audit: type=1326 audit(454.646:63998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31039 comm="syz.0.10531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f74de540b07 code=0x7ffc0000
[  462.411605][   T29] audit: type=1326 audit(454.646:63999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31039 comm="syz.0.10531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f74de540a7c code=0x7ffc0000
[  462.434585][   T29] audit: type=1326 audit(454.646:64000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31039 comm="syz.0.10531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f74de5409b4 code=0x7ffc0000
[  462.457556][   T29] audit: type=1326 audit(454.646:64001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31039 comm="syz.0.10531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f74de5409b4 code=0x7ffc0000
[  462.480694][   T29] audit: type=1326 audit(454.646:64002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31039 comm="syz.0.10531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f74de53d84a code=0x7ffc0000
[  462.503543][   T29] audit: type=1326 audit(454.646:64003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31039 comm="syz.0.10531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74de53ebe9 code=0x7ffc0000
[  462.526553][   T29] audit: type=1326 audit(454.646:64004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31039 comm="syz.0.10531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74de53ebe9 code=0x7ffc0000
[  462.549574][   T29] audit: type=1326 audit(454.646:64005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31039 comm="syz.0.10531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f74de53ebe9 code=0x7ffc0000
[  462.904472][T31048] FAULT_INJECTION: forcing a failure.
[  462.904472][T31048] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  462.917607][T31048] CPU: 1 UID: 0 PID: 31048 Comm: syz.4.10533 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  462.917634][T31048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  462.917721][T31048] Call Trace:
[  462.917728][T31048]  <TASK>
[  462.917736][T31048]  __dump_stack+0x1d/0x30
[  462.917758][T31048]  dump_stack_lvl+0xe8/0x140
[  462.917779][T31048]  dump_stack+0x15/0x1b
[  462.917797][T31048]  should_fail_ex+0x265/0x280
[  462.917819][T31048]  should_fail+0xb/0x20
[  462.917949][T31048]  should_fail_usercopy+0x1a/0x20
[  462.917967][T31048]  _copy_from_iter+0xcf/0xe40
[  462.918010][T31048]  ? __build_skb_around+0x1a0/0x200
[  462.918043][T31048]  ? __alloc_skb+0x223/0x320
[  462.918076][T31048]  netlink_sendmsg+0x471/0x6b0
[  462.918116][T31048]  ? __pfx_netlink_sendmsg+0x10/0x10
[  462.918134][T31048]  __sock_sendmsg+0x145/0x180
[  462.918224][T31048]  ____sys_sendmsg+0x31e/0x4e0
[  462.918250][T31048]  ___sys_sendmsg+0x17b/0x1d0
[  462.918279][T31048]  __x64_sys_sendmsg+0xd4/0x160
[  462.918304][T31048]  x64_sys_call+0x191e/0x2ff0
[  462.918387][T31048]  do_syscall_64+0xd2/0x200
[  462.918412][T31048]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  462.918464][T31048]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  462.918489][T31048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.918516][T31048] RIP: 0033:0x7f16d59cebe9
[  462.918533][T31048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  462.918607][T31048] RSP: 002b:00007f16d440e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  462.918665][T31048] RAX: ffffffffffffffda RBX: 00007f16d5bf6090 RCX: 00007f16d59cebe9
[  462.918678][T31048] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000005
[  462.918690][T31048] RBP: 00007f16d440e090 R08: 0000000000000000 R09: 0000000000000000
[  462.918754][T31048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  462.918766][T31048] R13: 00007f16d5bf6128 R14: 00007f16d5bf6090 R15: 00007fffa1af5a58
[  462.918785][T31048]  </TASK>
[  462.920021][T31050] netlink: 2 bytes leftover after parsing attributes in process `syz.1.10535'.
[  463.599439][T31084] FAULT_INJECTION: forcing a failure.
[  463.599439][T31084] name failslab, interval 1, probability 0, space 0, times 0
[  463.612080][T31084] CPU: 0 UID: 0 PID: 31084 Comm: syz.1.10550 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  463.612103][T31084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  463.612115][T31084] Call Trace:
[  463.612121][T31084]  <TASK>
[  463.612129][T31084]  __dump_stack+0x1d/0x30
[  463.612215][T31084]  dump_stack_lvl+0xe8/0x140
[  463.612236][T31084]  dump_stack+0x15/0x1b
[  463.612250][T31084]  should_fail_ex+0x265/0x280
[  463.612269][T31084]  should_failslab+0x8c/0xb0
[  463.612295][T31084]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  463.612422][T31084]  ? sidtab_sid2str_get+0xa0/0x130
[  463.612442][T31084]  kmemdup_noprof+0x2b/0x70
[  463.612504][T31084]  sidtab_sid2str_get+0xa0/0x130
[  463.612526][T31084]  security_sid_to_context_core+0x1eb/0x2e0
[  463.612545][T31084]  security_sid_to_context+0x27/0x40
[  463.612651][T31084]  avc_audit_post_callback+0x10f/0x520
[  463.612677][T31084]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  463.612703][T31084]  common_lsm_audit+0x1bb/0x230
[  463.612788][T31084]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  463.612815][T31084]  slow_avc_audit+0x104/0x140
[  463.612839][T31084]  avc_has_perm+0x13a/0x180
[  463.612865][T31084]  selinux_mmap_file+0x147/0x1d0
[  463.612883][T31084]  security_mmap_file+0x175/0x1c0
[  463.612931][T31084]  vm_mmap_pgoff+0x90/0x2e0
[  463.612988][T31084]  ksys_mmap_pgoff+0x268/0x310
[  463.613022][T31084]  x64_sys_call+0x14a3/0x2ff0
[  463.613044][T31084]  do_syscall_64+0xd2/0x200
[  463.613072][T31084]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  463.613156][T31084]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  463.613179][T31084]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.613207][T31084] RIP: 0033:0x7f5f1afbebe9
[  463.613261][T31084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  463.613279][T31084] RSP: 002b:00007f5f19a1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  463.613297][T31084] RAX: ffffffffffffffda RBX: 00007f5f1b1e5fa0 RCX: 00007f5f1afbebe9
[  463.613309][T31084] RDX: 0000000001000002 RSI: 0000000000400000 RDI: 0000200000000000
[  463.613324][T31084] RBP: 00007f5f19a1f090 R08: 0000000000000005 R09: 0000000000108000
[  463.613344][T31084] R10: 0000000000011012 R11: 0000000000000246 R12: 0000000000000001
[  463.613357][T31084] R13: 00007f5f1b1e6038 R14: 00007f5f1b1e5fa0 R15: 00007fffa1055978
[  463.613373][T31084]  </TASK>
[  464.118401][T31115] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  464.118401][T31115] The task syz.4.10562 (31115) triggered the difference, watch for misbehavior.
[  464.895252][T31146] validate_nla: 5 callbacks suppressed
[  464.895276][T31146] netlink: 'syz.2.10574': attribute type 4 has an invalid length.
[  465.306511][T31172] loop2: detected capacity change from 0 to 8192
[  465.314658][T31172] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  465.381812][T31194] FAULT_INJECTION: forcing a failure.
[  465.381812][T31194] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  465.395045][T31194] CPU: 0 UID: 0 PID: 31194 Comm: syz.4.10592 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  465.395093][T31194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  465.395104][T31194] Call Trace:
[  465.395111][T31194]  <TASK>
[  465.395118][T31194]  __dump_stack+0x1d/0x30
[  465.395141][T31194]  dump_stack_lvl+0xe8/0x140
[  465.395162][T31194]  dump_stack+0x15/0x1b
[  465.395186][T31194]  should_fail_ex+0x265/0x280
[  465.395254][T31194]  should_fail+0xb/0x20
[  465.395308][T31194]  should_fail_usercopy+0x1a/0x20
[  465.395372][T31194]  _copy_from_user+0x1c/0xb0
[  465.395397][T31194]  __sys_bpf+0x178/0x7b0
[  465.395430][T31194]  __x64_sys_bpf+0x41/0x50
[  465.395474][T31194]  x64_sys_call+0x2aea/0x2ff0
[  465.395491][T31194]  do_syscall_64+0xd2/0x200
[  465.395527][T31194]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  465.395553][T31194]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  465.395578][T31194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.395635][T31194] RIP: 0033:0x7f16d59cebe9
[  465.395651][T31194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  465.395669][T31194] RSP: 002b:00007f16d442f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  465.395689][T31194] RAX: ffffffffffffffda RBX: 00007f16d5bf5fa0 RCX: 00007f16d59cebe9
[  465.395700][T31194] RDX: 000000000000001e RSI: 0000200000000080 RDI: 000000000000000a
[  465.395711][T31194] RBP: 00007f16d442f090 R08: 0000000000000000 R09: 0000000000000000
[  465.395722][T31194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  465.395774][T31194] R13: 00007f16d5bf6038 R14: 00007f16d5bf5fa0 R15: 00007fffa1af5a58
[  465.395794][T31194]  </TASK>
[  465.587256][T31197] ALSA: seq fatal error: cannot create timer (-19)
[  465.623501][T31199] tipc: Enabling of bearer <eth:syzkaller0
> rejected, failed to enable media
[  465.645822][T31199] syzkaller0: entered promiscuous mode
[  465.651448][T31199] syzkaller0: entered allmulticast mode
[  465.864206][T31240] FAULT_INJECTION: forcing a failure.
[  465.864206][T31240] name failslab, interval 1, probability 0, space 0, times 0
[  465.876891][T31240] CPU: 1 UID: 0 PID: 31240 Comm: syz.2.10614 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  465.876949][T31240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  465.876960][T31240] Call Trace:
[  465.876966][T31240]  <TASK>
[  465.876974][T31240]  __dump_stack+0x1d/0x30
[  465.876996][T31240]  dump_stack_lvl+0xe8/0x140
[  465.877017][T31240]  dump_stack+0x15/0x1b
[  465.877034][T31240]  should_fail_ex+0x265/0x280
[  465.877123][T31240]  ? do_mq_timedreceive+0x23c/0x6d0
[  465.877148][T31240]  should_failslab+0x8c/0xb0
[  465.877174][T31240]  __kmalloc_cache_noprof+0x4c/0x320
[  465.877204][T31240]  do_mq_timedreceive+0x23c/0x6d0
[  465.877271][T31240]  __x64_sys_mq_timedreceive+0xc6/0x160
[  465.877293][T31240]  x64_sys_call+0x2906/0x2ff0
[  465.877314][T31240]  do_syscall_64+0xd2/0x200
[  465.877393][T31240]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  465.877417][T31240]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  465.877442][T31240]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.877460][T31240] RIP: 0033:0x7f040d02ebe9
[  465.877473][T31240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  465.877509][T31240] RSP: 002b:00007f040ba8f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f3
[  465.877603][T31240] RAX: ffffffffffffffda RBX: 00007f040d255fa0 RCX: 00007f040d02ebe9
[  465.877682][T31240] RDX: 00000000fffffceb RSI: 0000200000004600 RDI: 0000000000000005
[  465.877695][T31240] RBP: 00007f040ba8f090 R08: 0000000000000000 R09: 0000000000000000
[  465.877708][T31240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  465.877720][T31240] R13: 00007f040d256038 R14: 00007f040d255fa0 R15: 00007ffcfb8465a8
[  465.877794][T31240]  </TASK>
[  466.137308][T31248] netlink: 'syz.4.10617': attribute type 21 has an invalid length.
[  466.152573][T31248] netlink: 'syz.4.10617': attribute type 1 has an invalid length.
[  466.198441][T31254] netlink: 'syz.1.10620': attribute type 4 has an invalid length.
[  466.915766][T31279] __nla_validate_parse: 21 callbacks suppressed
[  466.915794][T31279] netlink: 2 bytes leftover after parsing attributes in process `syz.0.10630'.
[  466.945871][T31283] netlink: 'syz.0.10632': attribute type 21 has an invalid length.
[  466.953937][T31283] netlink: 'syz.0.10632': attribute type 1 has an invalid length.
[  466.961924][T31283] netlink: 144 bytes leftover after parsing attributes in process `syz.0.10632'.
[  466.972407][T31283] netlink: 168 bytes leftover after parsing attributes in process `syz.0.10632'.
[  466.978006][T31284] netlink: 28 bytes leftover after parsing attributes in process `syz.2.10631'.
[  466.990612][T31284] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10631'.
[  466.999594][T31284] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10631'.
[  467.113432][T31292] loop2: detected capacity change from 0 to 8192
[  467.120895][T31292] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  467.221863][T31301] FAULT_INJECTION: forcing a failure.
[  467.221863][T31301] name failslab, interval 1, probability 0, space 0, times 0
[  467.234590][T31301] CPU: 1 UID: 0 PID: 31301 Comm: syz.0.10640 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  467.234614][T31301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  467.234625][T31301] Call Trace:
[  467.234632][T31301]  <TASK>
[  467.234638][T31301]  __dump_stack+0x1d/0x30
[  467.234670][T31301]  dump_stack_lvl+0xe8/0x140
[  467.234686][T31301]  dump_stack+0x15/0x1b
[  467.234700][T31301]  should_fail_ex+0x265/0x280
[  467.234745][T31301]  should_failslab+0x8c/0xb0
[  467.234766][T31301]  kmem_cache_alloc_noprof+0x50/0x310
[  467.234861][T31301]  ? alloc_empty_file+0x76/0x200
[  467.234925][T31301]  alloc_empty_file+0x76/0x200
[  467.234948][T31301]  path_openat+0x68/0x2170
[  467.234964][T31301]  ? mntput+0x4b/0x80
[  467.234988][T31301]  ? terminate_walk+0x27f/0x2a0
[  467.235029][T31301]  ? path_openat+0x1bf8/0x2170
[  467.235049][T31301]  ? _parse_integer_limit+0x170/0x190
[  467.235107][T31301]  do_filp_open+0x109/0x230
[  467.235133][T31301]  do_open_execat+0xd8/0x260
[  467.235152][T31301]  alloc_bprm+0x25/0x350
[  467.235169][T31301]  do_execveat_common+0x12e/0x750
[  467.235270][T31301]  ? getname_flags+0x154/0x3b0
[  467.235298][T31301]  __x64_sys_execveat+0x73/0x90
[  467.235327][T31301]  x64_sys_call+0x1fec/0x2ff0
[  467.235414][T31301]  do_syscall_64+0xd2/0x200
[  467.235441][T31301]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  467.235609][T31301]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  467.235636][T31301]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.235658][T31301] RIP: 0033:0x7f74de53ebe9
[  467.235673][T31301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  467.235746][T31301] RSP: 002b:00007f74dcf9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  467.235767][T31301] RAX: ffffffffffffffda RBX: 00007f74de765fa0 RCX: 00007f74de53ebe9
[  467.235802][T31301] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  467.235815][T31301] RBP: 00007f74dcf9f090 R08: 0000000000000000 R09: 0000000000000000
[  467.235829][T31301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  467.235842][T31301] R13: 00007f74de766038 R14: 00007f74de765fa0 R15: 00007ffdfd8d00e8
[  467.235863][T31301]  </TASK>
[  467.490419][T31299] loop4: detected capacity change from 0 to 8192
[  467.521493][T31299] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  467.534978][T31321] netlink: 28 bytes leftover after parsing attributes in process `syz.1.10643'.
[  467.544061][T31321] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10643'.
[  467.553110][T31321] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10643'.
[  467.654148][T31305] chnl_net:caif_netlink_parms(): no params data found
[  467.662653][T31336] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10650'.
[  467.705720][   T29] kauditd_printk_skb: 277 callbacks suppressed
[  467.705734][   T29] audit: type=1326 audit(459.669:64283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31329 comm="syz.1.10649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f5f1afbd69f code=0x7ffc0000
[  467.742067][   T29] audit: type=1326 audit(459.697:64284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31329 comm="syz.1.10649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f5f1afbec77 code=0x7ffc0000
[  467.765080][   T29] audit: type=1326 audit(459.697:64285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31329 comm="syz.1.10649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5f1afbd550 code=0x7ffc0000
[  467.788128][   T29] audit: type=1326 audit(459.697:64286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31329 comm="syz.1.10649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f5f1afbd84a code=0x7ffc0000
[  467.816484][   T29] audit: type=1326 audit(459.697:64287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31329 comm="syz.1.10649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  467.839623][   T29] audit: type=1326 audit(459.697:64288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31329 comm="syz.1.10649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  467.862729][   T29] audit: type=1326 audit(459.697:64289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31329 comm="syz.1.10649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  467.885763][   T29] audit: type=1326 audit(459.697:64290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31329 comm="syz.1.10649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  467.908915][   T29] audit: type=1326 audit(459.697:64291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31329 comm="syz.1.10649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  467.949126][T31305] bridge0: port 1(bridge_slave_0) entered blocking state
[  467.956220][T31305] bridge0: port 1(bridge_slave_0) entered disabled state
[  467.977878][T31305] bridge_slave_0: entered allmulticast mode
[  467.999522][T31305] bridge_slave_0: entered promiscuous mode
[  468.010466][T31305] bridge0: port 2(bridge_slave_1) entered blocking state
[  468.017584][T31305] bridge0: port 2(bridge_slave_1) entered disabled state
[  468.024799][T31305] bridge_slave_1: entered allmulticast mode
[  468.031657][T31305] bridge_slave_1: entered promiscuous mode
[  468.053875][T31305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  468.064488][T31305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  468.085232][T31305] team0: Port device team_slave_0 added
[  468.092106][T31305] team0: Port device team_slave_1 added
[  468.120455][T31305] batman_adv: batadv0: Adding interface: batadv_slave_0
[  468.127403][T31305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  468.153392][T31305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  468.164447][T15000] bridge0: port 3(batadv0) entered disabled state
[  468.171547][T15000] bridge_slave_1: left allmulticast mode
[  468.177261][T15000] bridge_slave_1: left promiscuous mode
[  468.182940][T15000] bridge0: port 2(bridge_slave_1) entered disabled state
[  468.191116][T15000] bridge_slave_0: left allmulticast mode
[  468.196800][T15000] bridge_slave_0: left promiscuous mode
[  468.202470][T15000] bridge0: port 1(bridge_slave_0) entered disabled state
[  468.256597][T15000] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  468.265829][T15000] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  468.274964][T15000] bond0 (unregistering): Released all slaves
[  468.283537][T15000] bond1 (unregistering): (slave batadv1): Releasing active interface
[  468.312721][T15000] bond1 (unregistering): (slave batadv2): Releasing active interface
[  468.325599][T15000] bond1 (unregistering): Released all slaves
[  468.338761][   T29] audit: type=1326 audit(460.258:64292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31329 comm="syz.1.10649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  468.344252][T15000] bond2 (unregistering): Released all slaves
[  468.391422][T15000] bond3 (unregistering): Released all slaves
[  468.401091][T15000] bond4 (unregistering): Released all slaves
[  468.409542][T15000] bond5 (unregistering): Released all slaves
[  468.418275][T15000] bond6 (unregistering): Released all slaves
[  468.438878][T15000] bond7 (unregistering): Released all slaves
[  468.451118][T15000] bond8 (unregistering): Released all slaves
[  468.459864][T15000] bond9 (unregistering): Released all slaves
[  468.468671][T15000] bond10 (unregistering): Released all slaves
[  468.550334][T15000] bond11 (unregistering): Released all slaves
[  469.023180][T15000] bond12 (unregistering): Released all slaves
[  469.031712][T15000] bond13 (unregistering): Released all slaves
[  469.040285][T15000] bond14 (unregistering): Released all slaves
[  469.048919][T15000] bond15 (unregistering): Released all slaves
[  469.057338][T15000] bond16 (unregistering): Released all slaves
[  469.065767][T15000] bond17 (unregistering): Released all slaves
[  469.074117][T15000] bond18 (unregistering): Released all slaves
[  469.084402][T15000] bond19 (unregistering): Released all slaves
[  469.086824][T31372] loop4: detected capacity change from 0 to 8192
[  469.097556][T31305] batman_adv: batadv0: Adding interface: batadv_slave_1
[  469.101347][T31372] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  469.104624][T31305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  469.104692][T31305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  469.161189][T31305] hsr_slave_0: entered promiscuous mode
[  469.167242][T31305] hsr_slave_1: entered promiscuous mode
[  469.240377][T15000] hsr_slave_0: left promiscuous mode
[  469.254979][T15000] batman_adv: batadv0: Removing interface: batadv_slave_0
[  469.262919][T15000] batman_adv: batadv0: Removing interface: batadv_slave_1
[  469.377148][T15000] team0 (unregistering): Port device team_slave_1 removed
[  469.398982][T15000] team0 (unregistering): Port device team_slave_0 removed
[  469.542500][T31392] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2
[  469.856195][T31305] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  469.864856][T31305] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  469.873442][T31305] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  469.882204][T31305] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  469.920449][T31305] 8021q: adding VLAN 0 to HW filter on device bond0
[  469.931940][T31305] 8021q: adding VLAN 0 to HW filter on device team0
[  469.941109][T14996] bridge0: port 1(bridge_slave_0) entered blocking state
[  469.948174][T14996] bridge0: port 1(bridge_slave_0) entered forwarding state
[  469.961635][T15004] bridge0: port 2(bridge_slave_1) entered blocking state
[  469.968694][T15004] bridge0: port 2(bridge_slave_1) entered forwarding state
[  470.028005][T31305] 8021q: adding VLAN 0 to HW filter on device batadv0
[  470.125086][T31305] veth0_vlan: entered promiscuous mode
[  470.132590][T31305] veth1_vlan: entered promiscuous mode
[  470.147474][T31305] veth0_macvtap: entered promiscuous mode
[  470.154704][T31305] veth1_macvtap: entered promiscuous mode
[  470.165057][T31305] batman_adv: batadv0: Interface activated: batadv_slave_0
[  470.176101][T31305] batman_adv: batadv0: Interface activated: batadv_slave_1
[  470.186426][T15000] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  470.195695][T15000] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  470.205711][T15000] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  470.214765][T15000] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  470.292033][T31434] FAULT_INJECTION: forcing a failure.
[  470.292033][T31434] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  470.305189][T31434] CPU: 1 UID: 0 PID: 31434 Comm: syz.5.10641 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  470.305249][T31434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  470.305259][T31434] Call Trace:
[  470.305265][T31434]  <TASK>
[  470.305271][T31434]  __dump_stack+0x1d/0x30
[  470.305288][T31434]  dump_stack_lvl+0xe8/0x140
[  470.305304][T31434]  dump_stack+0x15/0x1b
[  470.305342][T31434]  should_fail_ex+0x265/0x280
[  470.305360][T31434]  should_fail+0xb/0x20
[  470.305374][T31434]  should_fail_usercopy+0x1a/0x20
[  470.305438][T31434]  _copy_from_user+0x1c/0xb0
[  470.305461][T31434]  futex_parse_waitv+0x83/0x290
[  470.305518][T31434]  ? __pfx_io_futex_wakev_fn+0x10/0x10
[  470.305537][T31434]  io_futexv_prep+0x17a/0x260
[  470.305553][T31434]  io_submit_sqes+0x5db/0x1050
[  470.305644][T31434]  ? finish_task_switch+0xad/0x2b0
[  470.305666][T31434]  __se_sys_io_uring_enter+0x1c1/0x1b70
[  470.305683][T31434]  ? 0xffffffff81000000
[  470.305693][T31434]  ? __rcu_read_unlock+0x4f/0x70
[  470.305776][T31434]  ? get_pid_task+0x96/0xd0
[  470.305792][T31434]  ? proc_fail_nth_write+0x13b/0x160
[  470.305813][T31434]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  470.305904][T31434]  ? vfs_write+0x7e8/0x960
[  470.305921][T31434]  ? __rcu_read_unlock+0x4f/0x70
[  470.305937][T31434]  ? __fget_files+0x184/0x1c0
[  470.305987][T31434]  ? fput+0x8f/0xc0
[  470.306010][T31434]  __x64_sys_io_uring_enter+0x78/0x90
[  470.306056][T31434]  x64_sys_call+0x2de1/0x2ff0
[  470.306088][T31434]  do_syscall_64+0xd2/0x200
[  470.306109][T31434]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  470.306133][T31434]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  470.306153][T31434]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.306169][T31434] RIP: 0033:0x7f839c29ebe9
[  470.306182][T31434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  470.306196][T31434] RSP: 002b:00007f839ad07038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  470.306211][T31434] RAX: ffffffffffffffda RBX: 00007f839c4c5fa0 RCX: 00007f839c29ebe9
[  470.306281][T31434] RDX: 0000000000000000 RSI: 0000000000002d3e RDI: 0000000000000006
[  470.306292][T31434] RBP: 00007f839ad07090 R08: 0000000000000000 R09: 0000000000000000
[  470.306302][T31434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  470.306313][T31434] R13: 00007f839c4c6038 R14: 00007f839c4c5fa0 R15: 00007ffc1c42a1e8
[  470.306361][T31434]  </TASK>
[  470.576879][T31441] netlink: 'syz.0.10675': attribute type 21 has an invalid length.
[  470.585129][T31441] netlink: 'syz.0.10675': attribute type 1 has an invalid length.
[  470.877093][T31470] loop5: detected capacity change from 0 to 8192
[  470.886257][T31470] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  470.982619][T31484] loop5: detected capacity change from 0 to 128
[  471.593872][T31502] FAULT_INJECTION: forcing a failure.
[  471.593872][T31502] name failslab, interval 1, probability 0, space 0, times 0
[  471.606609][T31502] CPU: 0 UID: 0 PID: 31502 Comm: syz.4.10702 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  471.606672][T31502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  471.606685][T31502] Call Trace:
[  471.606691][T31502]  <TASK>
[  471.606699][T31502]  __dump_stack+0x1d/0x30
[  471.606718][T31502]  dump_stack_lvl+0xe8/0x140
[  471.606734][T31502]  dump_stack+0x15/0x1b
[  471.606778][T31502]  should_fail_ex+0x265/0x280
[  471.606797][T31502]  ? __se_sys_memfd_create+0x1cc/0x590
[  471.606815][T31502]  should_failslab+0x8c/0xb0
[  471.606853][T31502]  __kmalloc_cache_noprof+0x4c/0x320
[  471.606877][T31502]  ? fput+0x8f/0xc0
[  471.606905][T31502]  __se_sys_memfd_create+0x1cc/0x590
[  471.606928][T31502]  __x64_sys_memfd_create+0x31/0x40
[  471.607003][T31502]  x64_sys_call+0x2abe/0x2ff0
[  471.607025][T31502]  do_syscall_64+0xd2/0x200
[  471.607051][T31502]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  471.607105][T31502]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  471.607131][T31502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.607153][T31502] RIP: 0033:0x7f16d59cebe9
[  471.607166][T31502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  471.607217][T31502] RSP: 002b:00007f16d442ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  471.607246][T31502] RAX: ffffffffffffffda RBX: 0000000000000553 RCX: 00007f16d59cebe9
[  471.607257][T31502] RDX: 00007f16d442eef0 RSI: 0000000000000000 RDI: 00007f16d5a527e8
[  471.607268][T31502] RBP: 0000200000001080 R08: 00007f16d442ebb7 R09: 00007f16d442ee40
[  471.607279][T31502] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000200
[  471.607371][T31502] R13: 00007f16d442eef0 R14: 00007f16d442eeb0 R15: 00002000000001c0
[  471.607387][T31502]  </TASK>
[  472.260123][T31526] loop2: detected capacity change from 0 to 512
[  472.275113][T31526] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  472.285297][T31526] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  472.310934][T31526] EXT4-fs error (device loop2): __ext4_get_inode_loc:4861: comm syz.2.10711: Invalid inode table block 1 in block_group 0
[  472.327320][T31526] EXT4-fs (loop2): Remounting filesystem read-only
[  472.334163][T31526] EXT4-fs (loop2): get root inode failed
[  472.339978][T31526] EXT4-fs (loop2): mount failed
[  472.822346][T31533] __nla_validate_parse: 16 callbacks suppressed
[  472.822361][T31533] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10712'.
[  472.837831][T31533] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10712'.
[  472.878400][T31535] loop4: detected capacity change from 0 to 1024
[  472.885587][T31535] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  472.913164][T31535] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #3: block 1: comm syz.4.10715: lblock 1 mapped to illegal pblock 1 (length 1)
[  472.946600][T31535] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.10715: Failed to acquire dquot type 0
[  472.963062][T31535] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.10715: Freeing blocks not in datazone - block = 0, count = 4096
[  472.979285][T31535] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.10715: Invalid inode bitmap blk 0 in block_group 0
[  472.992329][T31535] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem
[  473.000958][T14997] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:48: lblock 1 mapped to illegal pblock 1 (length 1)
[  473.001031][T31535] EXT4-fs (loop4): 1 orphan inode deleted
[  473.001520][T31535] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  473.037124][T14997] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:48: Failed to release dquot type 0
[  473.054291][T31535] EXT4-fs error (device loop4): ext4_search_dir:1474: inode #2: block 16: comm syz.4.10715: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0
[  473.093553][T26154] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  473.127688][T31557] netlink: 48 bytes leftover after parsing attributes in process `syz.4.10722'.
[  473.144479][T31557] loop4: detected capacity change from 0 to 1024
[  473.151167][T31557] EXT4-fs: Ignoring removed orlov option
[  473.158993][T31557] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  473.341432][   T29] kauditd_printk_skb: 359 callbacks suppressed
[  473.341445][   T29] audit: type=1326 audit(464.935:64649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31563 comm="syz.0.10723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74de53ebe9 code=0x7ffc0000
[  473.370985][   T29] audit: type=1326 audit(464.935:64650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31563 comm="syz.0.10723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f74de53ebe9 code=0x7ffc0000
[  473.394128][   T29] audit: type=1326 audit(464.935:64651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31563 comm="syz.0.10723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f74de53ec23 code=0x7ffc0000
[  473.417365][   T29] audit: type=1326 audit(464.992:64652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31563 comm="syz.0.10723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f74de53d69f code=0x7ffc0000
[  473.440410][   T29] audit: type=1326 audit(464.992:64653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31563 comm="syz.0.10723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f74de53ec77 code=0x7ffc0000
[  473.463618][   T29] audit: type=1326 audit(465.010:64654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31563 comm="syz.0.10723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f74de53d550 code=0x7ffc0000
[  473.486755][   T29] audit: type=1326 audit(465.010:64655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31563 comm="syz.0.10723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f74de53d84a code=0x7ffc0000
[  473.509681][   T29] audit: type=1326 audit(465.010:64656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31563 comm="syz.0.10723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74de53ebe9 code=0x7ffc0000
[  473.532752][   T29] audit: type=1326 audit(465.010:64657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31563 comm="syz.0.10723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74de53ebe9 code=0x7ffc0000
[  473.555817][   T29] audit: type=1326 audit(465.010:64658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31563 comm="syz.0.10723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74de53ebe9 code=0x7ffc0000
[  473.641931][T26154] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  473.818987][T31577] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10728'.
[  473.827952][T31577] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10728'.
[  473.877135][T31581] loop5: detected capacity change from 0 to 128
[  473.905283][T31586] netlink: 'syz.4.10733': attribute type 21 has an invalid length.
[  473.913333][T31586] netlink: 'syz.4.10733': attribute type 1 has an invalid length.
[  473.921256][T31586] netlink: 144 bytes leftover after parsing attributes in process `syz.4.10733'.
[  473.932725][T31586] netlink: 168 bytes leftover after parsing attributes in process `syz.4.10733'.
[  474.340957][T31624] netlink: 28 bytes leftover after parsing attributes in process `syz.0.10746'.
[  474.739729][T31665] netlink: 'syz.2.10763': attribute type 21 has an invalid length.
[  474.747812][T31665] netlink: 'syz.2.10763': attribute type 1 has an invalid length.
[  474.755618][T31665] netlink: 144 bytes leftover after parsing attributes in process `syz.2.10763'.
[  474.780335][T31665] netlink: 168 bytes leftover after parsing attributes in process `syz.2.10763'.
[  474.971816][T31673] netdevsim netdevsim5: Direct firmware load for ./file0 failed with error -2
[  475.156934][T31682] loop5: detected capacity change from 0 to 128
[  475.268384][T31692] loop4: detected capacity change from 0 to 128
[  475.287129][T31687] loop5: detected capacity change from 0 to 8192
[  475.302142][T31687] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  475.324492][T31694] loop2: detected capacity change from 0 to 128
[  475.514597][T31715] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2
[  475.541297][T31717] netlink: 'syz.5.10783': attribute type 4 has an invalid length.
[  475.765252][T31732] loop5: detected capacity change from 0 to 8192
[  475.772657][T31732] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  476.446407][T31746] /dev/loop0: Can't lookup blockdev
[  476.456478][T31746] dummy0: entered allmulticast mode
[  476.520758][T31746] dummy0: left allmulticast mode
[  476.549745][T31750] netlink: 'syz.2.10795': attribute type 4 has an invalid length.
[  476.559216][T31746] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=31746 comm=+}[@
[  476.571380][T31746] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=31746 comm=+}[@
[  476.721955][T31756] loop2: detected capacity change from 0 to 128
[  476.745627][T31761] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=1538 sclass=netlink_audit_socket pid=31761 comm=syz.0.10793
[  476.877394][T31758] loop4: detected capacity change from 0 to 8192
[  476.884688][T31758] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  477.195570][T31783] netlink: 'syz.1.10809': attribute type 4 has an invalid length.
[  477.509002][T31804] loop2: detected capacity change from 0 to 1024
[  477.516335][T31804] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  477.531636][T31804] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #3: block 1: comm syz.2.10818: lblock 1 mapped to illegal pblock 1 (length 1)
[  477.546638][T31804] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.10818: Failed to acquire dquot type 0
[  477.562930][T31804] EXT4-fs error (device loop2): ext4_free_blocks:6696: comm syz.2.10818: Freeing blocks not in datazone - block = 0, count = 4096
[  477.567489][T31798] SELinux: failed to load policy
[  477.577713][T31804] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.10818: Invalid inode bitmap blk 0 in block_group 0
[  477.584638][ T6717] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  477.597098][T31804] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem
[  477.608699][ T6717] EXT4-fs error (device loop2): ext4_release_dquot:6973: comm kworker/u8:8: Failed to release dquot type 0
[  477.618679][T31804] EXT4-fs (loop2): 1 orphan inode deleted
[  477.634027][T31804] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  477.654984][T31804] EXT4-fs error (device loop2): ext4_search_dir:1474: inode #2: block 16: comm syz.2.10818: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0
[  477.699498][T28864] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  477.742879][T31812] netlink: 'syz.1.10821': attribute type 4 has an invalid length.
[  477.967011][T31827] netlink: 'syz.4.10827': attribute type 3 has an invalid length.
[  478.011952][T31831] netlink: 'syz.2.10829': attribute type 21 has an invalid length.
[  478.020342][T31831] netlink: 'syz.2.10829': attribute type 1 has an invalid length.
[  478.080667][T31833] loop4: detected capacity change from 0 to 1024
[  478.088089][T31833] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  478.102229][T31833] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #3: block 1: comm syz.4.10830: lblock 1 mapped to illegal pblock 1 (length 1)
[  478.119063][T31833] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.10830: Failed to acquire dquot type 0
[  478.130622][T31833] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.10830: Freeing blocks not in datazone - block = 0, count = 4096
[  478.146620][T31833] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.10830: Invalid inode bitmap blk 0 in block_group 0
[  478.160681][ T6717] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  478.186727][ T6717] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:8: Failed to release dquot type 0
[  478.198255][T31833] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem
[  478.211470][T31833] EXT4-fs (loop4): 1 orphan inode deleted
[  478.221294][T31833] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  478.245263][T31833] EXT4-fs error (device loop4): ext4_search_dir:1474: inode #2: block 16: comm syz.4.10830: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0
[  478.288755][T26154] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  478.300547][T31842] tipc: Enabling of bearer <eth:syzkaller0
> rejected, failed to enable media
[  478.320191][T31842] syzkaller0: entered promiscuous mode
[  478.325758][T31842] syzkaller0: entered allmulticast mode
[  478.372131][T31845] loop4: detected capacity change from 0 to 1024
[  478.408953][T31849] loop2: detected capacity change from 0 to 1024
[  478.415912][T31849] EXT4-fs: Ignoring removed bh option
[  478.421317][T31849] EXT4-fs: Ignoring removed nobh option
[  478.426899][T31849] EXT4-fs: inline encryption not supported
[  478.437561][T31849] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  478.462898][T31849] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 15: block 369:freeing already freed block (bit 23); block bitmap corrupt.
[  478.492803][T28864] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  478.523072][T31855] loop2: detected capacity change from 0 to 128
[  478.551147][T31857] __nla_validate_parse: 5 callbacks suppressed
[  478.551156][T31857] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10838'.
[  478.600931][T31862] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10840'.
[  478.613752][T31862] ipvlan2: entered promiscuous mode
[  478.623715][T31862] loop2: detected capacity change from 0 to 256
[  478.695079][   T29] kauditd_printk_skb: 640 callbacks suppressed
[  478.695093][   T29] audit: type=1326 audit(469.940:65293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31864 comm="syz.1.10841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  478.724361][   T29] audit: type=1326 audit(469.949:65294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31864 comm="syz.1.10841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  478.747681][   T29] audit: type=1326 audit(469.949:65295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31864 comm="syz.1.10841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  478.770758][   T29] audit: type=1326 audit(469.949:65296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31864 comm="syz.1.10841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  478.794078][   T29] audit: type=1326 audit(469.949:65297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31864 comm="syz.1.10841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  478.797385][T28864] FAT-fs (loop2): error, corrupted directory (invalid entries)
[  478.817163][   T29] audit: type=1326 audit(469.949:65298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31864 comm="syz.1.10841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  478.848007][   T29] audit: type=1326 audit(469.949:65299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31864 comm="syz.1.10841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  478.871214][   T29] audit: type=1326 audit(469.949:65300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31864 comm="syz.1.10841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  478.894384][   T29] audit: type=1326 audit(469.949:65301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31864 comm="syz.1.10841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=70 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  478.918431][   T29] audit: type=1326 audit(470.146:65302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31864 comm="syz.1.10841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  478.923036][T28864] FAT-fs (loop2): error, corrupted directory (invalid entries)
[  479.125030][T31875] loop5: detected capacity change from 0 to 1024
[  479.132338][T31875] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  479.145011][T31875] EXT4-fs error (device loop5): ext4_map_blocks:814: inode #3: block 1: comm syz.5.10844: lblock 1 mapped to illegal pblock 1 (length 1)
[  479.159345][T31875] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.10844: Failed to acquire dquot type 0
[  479.172155][T31875] EXT4-fs error (device loop5): ext4_free_blocks:6696: comm syz.5.10844: Freeing blocks not in datazone - block = 0, count = 4096
[  479.185869][T31875] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.10844: Invalid inode bitmap blk 0 in block_group 0
[  479.198786][T31875] EXT4-fs error (device loop5) in ext4_free_inode:361: Corrupt filesystem
[  479.207437][T14980] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:31: lblock 1 mapped to illegal pblock 1 (length 1)
[  479.221696][T31875] EXT4-fs (loop5): 1 orphan inode deleted
[  479.227855][T31875] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  479.241468][T14980] EXT4-fs error (device loop5): ext4_release_dquot:6973: comm kworker/u8:31: Failed to release dquot type 0
[  479.254064][T31875] EXT4-fs error (device loop5): ext4_search_dir:1474: inode #2: block 16: comm syz.5.10844: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0
[  479.275559][T14996] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  479.306209][T31305] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  479.344030][T14996] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  479.370179][T31882] pimreg: entered allmulticast mode
[  479.383708][T31886] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10849'.
[  479.397208][T14996] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  479.468583][T14996] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  479.490849][T31899] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10852'.
[  479.515437][T31899] loop4: detected capacity change from 0 to 512
[  479.552185][T31899] EXT4-fs (loop4): 1 orphan inode deleted
[  479.559597][T31899] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  479.572351][T14996] bridge_slave_1: left allmulticast mode
[  479.577980][T14996] bridge_slave_1: left promiscuous mode
[  479.583774][T14996] bridge0: port 2(bridge_slave_1) entered disabled state
[  479.593490][T14980] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:31: Failed to release dquot type 1
[  479.593533][T31896] loop5: detected capacity change from 0 to 512
[  479.621858][T14996] bridge_slave_0: left allmulticast mode
[  479.622229][T31896] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  479.627609][T14996] bridge_slave_0: left promiscuous mode
[  479.627751][T14996] bridge0: port 1(bridge_slave_0) entered disabled state
[  479.655645][T31896] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  479.667432][T31896] EXT4-fs error (device loop5): __ext4_get_inode_loc:4861: comm syz.5.10851: Invalid inode table block 1 in block_group 0
[  479.680961][T14996] erspan0: left allmulticast mode
[  479.686062][T14996] erspan0: left promiscuous mode
[  479.691102][T14996] GPL: port 1(erspan0) entered disabled state
[  479.709487][T31896] EXT4-fs (loop5): Remounting filesystem read-only
[  479.720914][T31896] EXT4-fs (loop5): get root inode failed
[  479.726698][T31896] EXT4-fs (loop5): mount failed
[  479.860589][T14996] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  479.870527][T14996] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  479.880294][T14996] bond0 (unregistering): Released all slaves
[  479.888994][T14996] bond1 (unregistering): Released all slaves
[  479.938881][T31881] chnl_net:caif_netlink_parms(): no params data found
[  479.992949][T31881] bridge0: port 1(bridge_slave_0) entered blocking state
[  480.000453][T31881] bridge0: port 1(bridge_slave_0) entered disabled state
[  480.014034][T31881] bridge_slave_0: entered allmulticast mode
[  480.026555][T31881] bridge_slave_0: entered promiscuous mode
[  480.038432][T31881] bridge0: port 2(bridge_slave_1) entered blocking state
[  480.045533][T31881] bridge0: port 2(bridge_slave_1) entered disabled state
[  480.052811][T31881] bridge_slave_1: entered allmulticast mode
[  480.059440][T31881] bridge_slave_1: entered promiscuous mode
[  480.078568][T31881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  480.089093][T31881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  480.132176][T31881] team0: Port device team_slave_0 added
[  480.138734][T31881] team0: Port device team_slave_1 added
[  480.155607][T31881] batman_adv: batadv0: Adding interface: batadv_slave_0
[  480.162585][T31881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  480.188486][T31881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  480.200679][T31881] batman_adv: batadv0: Adding interface: batadv_slave_1
[  480.207690][T31881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  480.233657][T31881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  480.249842][T14996] hsr_slave_0: left promiscuous mode
[  480.255562][T14996] hsr_slave_1: left promiscuous mode
[  480.261325][T14996] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  480.268730][T14996] batman_adv: batadv0: Removing interface: batadv_slave_0
[  480.280490][T14996] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  480.287953][T14996] batman_adv: batadv0: Removing interface: batadv_slave_1
[  480.299220][T14996] veth1_macvtap: left promiscuous mode
[  480.304729][T14996] veth0_macvtap: left promiscuous mode
[  480.310447][T14996] veth1_vlan: left promiscuous mode
[  480.315712][T14996] veth0_vlan: left promiscuous mode
[  480.388470][T14996] team0 (unregistering): Port device team_slave_1 removed
[  480.398236][T14996] team0 (unregistering): Port device team_slave_0 removed
[  480.409556][T31926] loop5: detected capacity change from 0 to 1024
[  480.452677][T31881] hsr_slave_0: entered promiscuous mode
[  480.459015][T31881] hsr_slave_1: entered promiscuous mode
[  480.464970][T31881] debugfs: 'hsr0' already exists in 'hsr'
[  480.470738][T31881] Cannot create hsr debugfs directory
[  480.583744][T31881] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  480.593154][T31881] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  480.603078][T31881] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  480.613127][T31881] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  480.700329][T31881] 8021q: adding VLAN 0 to HW filter on device bond0
[  480.715205][T31881] 8021q: adding VLAN 0 to HW filter on device team0
[  480.730502][T14996] bridge0: port 1(bridge_slave_0) entered blocking state
[  480.737654][T14996] bridge0: port 1(bridge_slave_0) entered forwarding state
[  480.749046][T15013] bridge0: port 2(bridge_slave_1) entered blocking state
[  480.756153][T15013] bridge0: port 2(bridge_slave_1) entered forwarding state
[  480.844704][T31946] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2
[  480.858277][T31881] 8021q: adding VLAN 0 to HW filter on device batadv0
[  480.994397][T31881] veth0_vlan: entered promiscuous mode
[  481.002760][T31881] veth1_vlan: entered promiscuous mode
[  481.018647][T31881] veth0_macvtap: entered promiscuous mode
[  481.028742][T31881] veth1_macvtap: entered promiscuous mode
[  481.041442][T31881] batman_adv: batadv0: Interface activated: batadv_slave_0
[  481.053528][T31881] batman_adv: batadv0: Interface activated: batadv_slave_1
[  481.066414][T14980] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  481.077713][T14980] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  481.086549][T14980] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  481.102758][T14980] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  481.133103][T31962] loop6: detected capacity change from 0 to 1024
[  481.139697][T31962] EXT4-fs: Ignoring removed bh option
[  481.145183][T31962] EXT4-fs: Ignoring removed nobh option
[  481.150744][T31962] EXT4-fs: inline encryption not supported
[  481.163490][T31962] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  481.189413][T31962] EXT4-fs error (device loop6): mb_free_blocks:2017: group 0, inode 15: block 369:freeing already freed block (bit 23); block bitmap corrupt.
[  481.219336][T31881] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  481.244095][T31966] loop6: detected capacity change from 0 to 1024
[  481.258233][T31966] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  481.269435][T31966] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (30349!=20869)
[  481.279861][T31966] EXT4-fs (loop6): invalid journal inode
[  481.285538][T31966] EXT4-fs (loop6): can't get journal size
[  481.293103][T31966] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  481.316249][T31881] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  481.332800][T31971] netlink: 40 bytes leftover after parsing attributes in process `syz.6.10864'.
[  481.347321][T31971] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  481.359888][T31971] bridge0: entered promiscuous mode
[  481.365087][T31971] macsec1: entered promiscuous mode
[  481.373263][T31971] bridge0: port 3(macsec1) entered blocking state
[  481.379855][T31971] bridge0: port 3(macsec1) entered disabled state
[  481.386518][T31971] macsec1: entered allmulticast mode
[  481.391912][T31971] bridge0: entered allmulticast mode
[  481.400419][T31971] macsec1: left allmulticast mode
[  481.405472][T31971] bridge0: left allmulticast mode
[  481.411696][T31971] bridge0: left promiscuous mode
[  481.419281][T31974] loop6: detected capacity change from 0 to 512
[  481.425807][T31974] EXT4-fs: Ignoring removed nobh option
[  481.443409][T31974] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #3: comm syz.6.10864: corrupted inode contents
[  481.455825][T31974] EXT4-fs error (device loop6): ext4_dirty_inode:6538: inode #3: comm syz.6.10864: mark_inode_dirty error
[  481.467606][T31978] 9pnet_fd: Insufficient options for proto=fd
[  481.467739][T31974] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #3: comm syz.6.10864: corrupted inode contents
[  481.485701][T31974] EXT4-fs error (device loop6): __ext4_ext_dirty:206: inode #3: comm syz.6.10864: mark_inode_dirty error
[  481.497447][T31974] EXT4-fs error (device loop6): ext4_acquire_dquot:6937: comm syz.6.10864: Failed to acquire dquot type 0
[  481.509966][T31974] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #16: comm syz.6.10864: corrupted inode contents
[  481.523740][T31974] EXT4-fs error (device loop6): ext4_dirty_inode:6538: inode #16: comm syz.6.10864: mark_inode_dirty error
[  481.537437][T31974] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #16: comm syz.6.10864: corrupted inode contents
[  481.549664][T31974] EXT4-fs error (device loop6): __ext4_ext_dirty:206: inode #16: comm syz.6.10864: mark_inode_dirty error
[  481.561153][T31974] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #16: comm syz.6.10864: corrupted inode contents
[  481.573222][T31974] EXT4-fs error (device loop6) in ext4_orphan_del:305: Corrupt filesystem
[  481.582027][T31974] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #16: comm syz.6.10864: corrupted inode contents
[  481.597579][T31974] EXT4-fs error (device loop6): ext4_truncate:4666: inode #16: comm syz.6.10864: mark_inode_dirty error
[  481.608858][T31974] EXT4-fs error (device loop6) in ext4_process_orphan:347: Corrupt filesystem
[  481.620926][T31974] EXT4-fs (loop6): 1 truncate cleaned up
[  481.627104][T31974] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  481.773055][T31881] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  481.855220][T31993] netlink: 'syz.4.10871': attribute type 21 has an invalid length.
[  481.864142][T31993] netlink: 'syz.4.10871': attribute type 1 has an invalid length.
[  481.872018][T31993] netlink: 144 bytes leftover after parsing attributes in process `syz.4.10871'.
[  481.901162][T31993] netlink: 168 bytes leftover after parsing attributes in process `syz.4.10871'.
[  481.958690][T32002] FAULT_INJECTION: forcing a failure.
[  481.958690][T32002] name failslab, interval 1, probability 0, space 0, times 0
[  481.971390][T32002] CPU: 0 UID: 0 PID: 32002 Comm: syz.0.10875 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  481.971443][T32002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  481.971450][T32002] Call Trace:
[  481.971454][T32002]  <TASK>
[  481.971459][T32002]  __dump_stack+0x1d/0x30
[  481.971474][T32002]  dump_stack_lvl+0xe8/0x140
[  481.971515][T32002]  dump_stack+0x15/0x1b
[  481.971525][T32002]  should_fail_ex+0x265/0x280
[  481.971549][T32002]  should_failslab+0x8c/0xb0
[  481.971613][T32002]  kmem_cache_alloc_node_noprof+0x57/0x320
[  481.971630][T32002]  ? dup_task_struct+0x70/0x6a0
[  481.971645][T32002]  dup_task_struct+0x70/0x6a0
[  481.971751][T32002]  ? _parse_integer+0x27/0x40
[  481.971764][T32002]  copy_process+0x399/0x2000
[  481.971780][T32002]  ? kstrtouint+0x76/0xc0
[  481.971790][T32002]  ? kstrtouint_from_user+0x9f/0xf0
[  481.971803][T32002]  ? __rcu_read_unlock+0x4f/0x70
[  481.971816][T32002]  kernel_clone+0x16c/0x5c0
[  481.971911][T32002]  ? vfs_write+0x7e8/0x960
[  481.971924][T32002]  __x64_sys_clone+0xe6/0x120
[  481.971943][T32002]  x64_sys_call+0x119c/0x2ff0
[  481.971992][T32002]  do_syscall_64+0xd2/0x200
[  481.972015][T32002]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  481.972029][T32002]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  481.972103][T32002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.972115][T32002] RIP: 0033:0x7f74de53ebe9
[  481.972124][T32002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  481.972134][T32002] RSP: 002b:00007f74dcf9efe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  481.972219][T32002] RAX: ffffffffffffffda RBX: 00007f74de765fa0 RCX: 00007f74de53ebe9
[  481.972226][T32002] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000e50c1600
[  481.972306][T32002] RBP: 00007f74dcf9f090 R08: 0000000000000000 R09: 0000000000000000
[  481.972313][T32002] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  481.972320][T32002] R13: 00007f74de766038 R14: 00007f74de765fa0 R15: 00007ffdfd8d00e8
[  481.972331][T32002]  </TASK>
[  481.991141][T32003] netlink: 20 bytes leftover after parsing attributes in process `syz.6.10874'.
[  482.187441][T32003] netlink: 12 bytes leftover after parsing attributes in process `syz.6.10874'.
[  482.230104][T32015] netdevsim netdevsim6: Direct firmware load for ./file0 failed with error -2
[  482.804867][T32022] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10881'.
[  483.337685][T32043] loop5: detected capacity change from 0 to 1024
[  483.366194][T32043] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  483.415434][T31305] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  483.571477][T32060] tmpfs: Bad value for 'size'
[  484.088041][T32071] __nla_validate_parse: 1 callbacks suppressed
[  484.088056][T32071] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10897'.
[  484.103912][T32071] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10897'.
[  484.136994][T32073] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  484.146864][   T29] kauditd_printk_skb: 276 callbacks suppressed
[  484.146876][   T29] audit: type=1326 audit(475.047:65573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32067 comm="syz.1.10896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  484.177839][   T29] audit: type=1326 audit(475.066:65574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32067 comm="syz.1.10896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  484.200968][   T29] audit: type=1326 audit(475.066:65575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32067 comm="syz.1.10896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  484.224016][   T29] audit: type=1326 audit(475.066:65576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32067 comm="syz.1.10896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  484.247056][   T29] audit: type=1326 audit(475.075:65577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32067 comm="syz.1.10896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  484.270203][   T29] audit: type=1326 audit(475.075:65578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32067 comm="syz.1.10896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  484.293310][   T29] audit: type=1326 audit(475.075:65579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32067 comm="syz.1.10896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  484.316356][   T29] audit: type=1326 audit(475.075:65580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32067 comm="syz.1.10896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  484.339412][   T29] audit: type=1326 audit(475.075:65581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32067 comm="syz.1.10896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  484.379232][T32078] loop5: detected capacity change from 0 to 128
[  484.406504][T32078] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  484.431354][T32084] netlink: 'syz.4.10903': attribute type 4 has an invalid length.
[  484.445897][T32082] loop6: detected capacity change from 0 to 128
[  484.455110][T32078] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  484.472729][T32086] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10904'.
[  484.514884][T32082] netlink: 24 bytes leftover after parsing attributes in process `syz.6.10902'.
[  484.545488][T32091] tipc: Enabling of bearer <eth:syzkaller0
> rejected, failed to enable media
[  484.628338][T32091] syzkaller0: entered promiscuous mode
[  484.633830][T32091] syzkaller0: entered allmulticast mode
[  484.659551][T32099] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10908'.
[  484.668506][T32099] netlink: 8 bytes leftover after parsing attributes in process `syz.6.10908'.
[  484.897776][   T29] audit: type=1326 audit(475.749:65582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32112 comm="syz.0.10913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74de53ebe9 code=0x7ffc0000
[  485.510029][T32122] netlink: 'syz.1.10915': attribute type 4 has an invalid length.
[  485.548248][T32126] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10917'.
[  485.616985][T32129] netlink: 24 bytes leftover after parsing attributes in process `syz.4.10918'.
[  485.834495][T32137] netlink: 'syz.5.10921': attribute type 21 has an invalid length.
[  485.861641][T32142] netlink: 'syz.1.10919': attribute type 21 has an invalid length.
[  485.863097][T32137] netlink: 'syz.5.10921': attribute type 1 has an invalid length.
[  485.874123][T32141] 9pnet_fd: Insufficient options for proto=fd
[  485.877601][T32137] netlink: 144 bytes leftover after parsing attributes in process `syz.5.10921'.
[  485.893058][T32142] netlink: 'syz.1.10919': attribute type 1 has an invalid length.
[  485.900984][T32142] netlink: 144 bytes leftover after parsing attributes in process `syz.1.10919'.
[  486.082561][T32144] loop6: detected capacity change from 0 to 512
[  486.162312][T32144] EXT4-fs (loop6): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  486.176502][T32144] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  486.188494][T32144] EXT4-fs error (device loop6): __ext4_get_inode_loc:4861: comm syz.6.10924: Invalid inode table block 1 in block_group 0
[  486.202400][T32144] EXT4-fs (loop6): Remounting filesystem read-only
[  486.210289][T32144] EXT4-fs (loop6): get root inode failed
[  486.216102][T32144] EXT4-fs (loop6): mount failed
[  486.642405][T32177] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  486.867680][T32180] netlink: 'syz.6.10936': attribute type 21 has an invalid length.
[  486.886331][T32180] netlink: 'syz.6.10936': attribute type 1 has an invalid length.
[  487.214204][T32184] loop6: detected capacity change from 0 to 8192
[  487.222818][T32196] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2
[  487.232422][T32184] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  487.443873][T32206] sch_fq: defrate 0 ignored.
[  487.520637][T32210] loop5: detected capacity change from 0 to 1024
[  487.554214][T32210] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  487.574151][T32210] EXT4-fs error (device loop5): ext4_map_blocks:814: inode #3: block 1: comm syz.5.10951: lblock 1 mapped to illegal pblock 1 (length 1)
[  487.591237][T32210] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.10951: Failed to acquire dquot type 0
[  487.603105][T32210] EXT4-fs error (device loop5): ext4_free_blocks:6696: comm syz.5.10951: Freeing blocks not in datazone - block = 0, count = 4096
[  487.618382][T32210] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.10951: Invalid inode bitmap blk 0 in block_group 0
[  487.631345][ T6717] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  487.631504][T32210] EXT4-fs error (device loop5) in ext4_free_inode:361: Corrupt filesystem
[  487.647921][ T6717] EXT4-fs error (device loop5): ext4_release_dquot:6973: comm kworker/u8:8: Failed to release dquot type 0
[  487.681764][T32210] EXT4-fs (loop5): 1 orphan inode deleted
[  487.690397][T32210] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  487.733539][T32225] loop6: detected capacity change from 0 to 4096
[  487.740384][T32225] EXT4-fs: Ignoring removed mblk_io_submit option
[  487.746885][T32225] EXT4-fs: test_dummy_encryption option not supported
[  487.760045][T32225] FAULT_INJECTION: forcing a failure.
[  487.760045][T32225] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  487.773287][T32225] CPU: 0 UID: 0 PID: 32225 Comm: syz.6.10952 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  487.773318][T32225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  487.773328][T32225] Call Trace:
[  487.773334][T32225]  <TASK>
[  487.773342][T32225]  __dump_stack+0x1d/0x30
[  487.773362][T32225]  dump_stack_lvl+0xe8/0x140
[  487.773382][T32225]  dump_stack+0x15/0x1b
[  487.773447][T32225]  should_fail_ex+0x265/0x280
[  487.773465][T32225]  should_fail_alloc_page+0xf2/0x100
[  487.773487][T32225]  __alloc_frozen_pages_noprof+0xff/0x360
[  487.773574][T32225]  alloc_pages_mpol+0xb3/0x250
[  487.773632][T32225]  alloc_pages_noprof+0x90/0x130
[  487.773691][T32225]  pte_alloc_one+0x2d/0x120
[  487.773715][T32225]  __pte_alloc+0x32/0x2b0
[  487.773743][T32225]  handle_mm_fault+0x1c55/0x2c20
[  487.773775][T32225]  do_user_addr_fault+0x636/0x1090
[  487.773809][T32225]  ? fpregs_restore_userregs+0xad/0x1d0
[  487.773834][T32225]  ? switch_fpu_return+0xe/0x20
[  487.773856][T32225]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  487.773885][T32225]  exc_page_fault+0x62/0xa0
[  487.773976][T32225]  asm_exc_page_fault+0x26/0x30
[  487.773998][T32225] RIP: 0033:0x7fd2d6a60c46
[  487.774013][T32225] Code: f0 72 6e 48 63 cd 48 01 c1 49 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 <47> 0f b6 0c 08 45 84 c9 74 08 45 88 0c 00 49 8b 47 10 48 83 c0 01
[  487.774096][T32225] RSP: 002b:00007fd2d55bc4a0 EFLAGS: 00010246
[  487.774109][T32225] RAX: 0000000000000001 RBX: 00007fd2d55bc540 RCX: 0000000000000101
[  487.774123][T32225] RDX: 0000000000000070 RSI: 0000000000000001 RDI: 00007fd2d55bc5e0
[  487.774136][T32225] RBP: 0000000000000102 R08: 00007fd2cd19d000 R09: 0000000000000000
[  487.774148][T32225] R10: 0000000000000000 R11: 00007fd2d55bc550 R12: 0000000000000001
[  487.774168][T32225] R13: 00007fd2d6c3da20 R14: 0000000000000000 R15: 00007fd2d55bc5e0
[  487.774184][T32225]  </TASK>
[  487.774192][T32225] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  487.978855][T32225] loop6: detected capacity change from 0 to 2048
[  488.045433][T32225] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  488.297131][T32210] EXT4-fs error (device loop5): ext4_search_dir:1474: inode #2: block 16: comm syz.5.10951: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0
[  488.438894][T31305] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  488.537434][T32247] netlink: 'syz.5.10962': attribute type 4 has an invalid length.
[  488.683074][T32255] loop5: detected capacity change from 0 to 128
[  488.764695][T32258] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2
[  489.054729][T32261] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  489.638795][T31881] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  489.660246][T32272] __nla_validate_parse: 18 callbacks suppressed
[  489.660262][T32272] netlink: 28 bytes leftover after parsing attributes in process `syz.6.10972'.
[  489.689720][T32274] /dev/loop4: Can't open blockdev
[  489.699281][T32276] /dev/loop1: Can't lookup blockdev
[  489.707184][   T29] kauditd_printk_skb: 184 callbacks suppressed
[  489.707197][   T29] audit: type=1326 audit(480.248:65764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32273 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d59cebe9 code=0x7ffc0000
[  489.738751][   T29] audit: type=1326 audit(480.248:65765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32275 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  489.742309][T32276] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  489.742309][T32276]    program +}[@ not setting count and/or reply_len properly
[  489.761257][   T29] audit: type=1326 audit(480.248:65766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32275 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  489.799821][   T29] audit: type=1326 audit(480.248:65767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32275 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  489.822382][   T29] audit: type=1326 audit(480.248:65768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32275 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  489.844798][   T29] audit: type=1326 audit(480.248:65769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32275 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  489.845025][T32280] loop6: detected capacity change from 0 to 1024
[  489.867252][   T29] audit: type=1326 audit(480.248:65770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32275 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  489.895956][   T29] audit: type=1326 audit(480.248:65771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32275 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  489.918420][   T29] audit: type=1326 audit(480.248:65772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32275 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  489.940876][   T29] audit: type=1326 audit(480.276:65773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32275 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f1afbebe9 code=0x7ffc0000
[  489.972745][T32274] netlink: '+}[@': attribute type 10 has an invalid length.
[  489.983380][T32274] team0: Port device dummy0 added
[  490.125100][T32291] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10981'.
[  490.216003][T32297] loop5: detected capacity change from 0 to 8192
[  490.223789][T32297] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  490.311868][T32301] syz.5.10984: attempt to access beyond end of device
[  490.311868][T32301] loop5: rw=0, sector=64, nr_sectors = 2 limit=0
[  490.325050][T32301] isofs_fill_super: bread failed, dev=loop5, iso_blknum=16, block=32
[  490.339080][T32301] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  490.339080][T32301]    program +}[@ not setting count and/or reply_len properly
[  490.384035][T32301] loop5: detected capacity change from 0 to 8192
[  490.525941][T32306] netlink: 27 bytes leftover after parsing attributes in process `syz.5.10986'.
[  490.566041][T32310] netlink: 12 bytes leftover after parsing attributes in process `syz.5.10987'.
[  490.596515][T32313] 9pnet_fd: Insufficient options for proto=fd
[  490.661441][T32315] loop6: detected capacity change from 0 to 8192
[  490.671398][T32315] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  490.778031][T32318] loop5: detected capacity change from 0 to 128
[  490.834382][T32323] netlink: 12 bytes leftover after parsing attributes in process `syz.6.10992'.
[  490.886685][T32327] 9pnet_fd: Insufficient options for proto=fd
[  491.080181][T32336] netlink: 16 bytes leftover after parsing attributes in process `syz.0.10998'.
[  491.089294][T32336] netlink: 48 bytes leftover after parsing attributes in process `syz.0.10998'.
[  491.136107][T32340] 9pnet_fd: Insufficient options for proto=fd
[  491.190924][T32345] netlink: 108 bytes leftover after parsing attributes in process `syz.1.10999'.
[  491.200588][T32344] FAULT_INJECTION: forcing a failure.
[  491.200588][T32344] name failslab, interval 1, probability 0, space 0, times 0
[  491.213323][T32344] CPU: 0 UID: 0 PID: 32344 Comm: syz.0.11002 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  491.213366][T32344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  491.213379][T32344] Call Trace:
[  491.213385][T32344]  <TASK>
[  491.213391][T32344]  __dump_stack+0x1d/0x30
[  491.213409][T32344]  dump_stack_lvl+0xe8/0x140
[  491.213465][T32344]  dump_stack+0x15/0x1b
[  491.213523][T32344]  should_fail_ex+0x265/0x280
[  491.213541][T32344]  should_failslab+0x8c/0xb0
[  491.213562][T32344]  kmem_cache_alloc_node_noprof+0x57/0x320
[  491.213623][T32344]  ? __alloc_skb+0x101/0x320
[  491.213649][T32344]  __alloc_skb+0x101/0x320
[  491.213677][T32344]  netlink_alloc_large_skb+0xba/0xf0
[  491.213779][T32344]  netlink_sendmsg+0x3cf/0x6b0
[  491.213802][T32344]  ? __pfx_netlink_sendmsg+0x10/0x10
[  491.213825][T32344]  __sock_sendmsg+0x145/0x180
[  491.213849][T32344]  ____sys_sendmsg+0x345/0x4e0
[  491.213870][T32344]  ___sys_sendmsg+0x17b/0x1d0
[  491.213939][T32344]  __sys_sendmmsg+0x178/0x300
[  491.213968][T32344]  __x64_sys_sendmmsg+0x57/0x70
[  491.213990][T32344]  x64_sys_call+0x1c4a/0x2ff0
[  491.214013][T32344]  do_syscall_64+0xd2/0x200
[  491.214095][T32344]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  491.214115][T32344]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  491.214140][T32344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.214202][T32344] RIP: 0033:0x7f74de53ebe9
[  491.214218][T32344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  491.214235][T32344] RSP: 002b:00007f74dcf9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  491.214255][T32344] RAX: ffffffffffffffda RBX: 00007f74de765fa0 RCX: 00007f74de53ebe9
[  491.214333][T32344] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  491.214347][T32344] RBP: 00007f74dcf9f090 R08: 0000000000000000 R09: 0000000000000000
[  491.214360][T32344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  491.214373][T32344] R13: 00007f74de766038 R14: 00007f74de765fa0 R15: 00007ffdfd8d00e8
[  491.214390][T32344]  </TASK>
[  491.608669][T32365] 9pnet_fd: Insufficient options for proto=fd
[  491.904247][T32378] netlink: 108 bytes leftover after parsing attributes in process `syz.6.11014'.
[  491.995643][T32384] loop6: detected capacity change from 0 to 128
[  492.081158][T32387] syzkaller0: entered promiscuous mode
[  492.086630][T32387] syzkaller0: entered allmulticast mode
[  492.220517][T32389] loop6: detected capacity change from 0 to 1024
[  492.226567][T32391] 9pnet_fd: Insufficient options for proto=fd
[  492.237965][T32389] ext4: Unknown parameter 'nouser_xattr'
[  492.269257][T32393] netlink: 'syz.6.11020': attribute type 21 has an invalid length.
[  492.279108][T32393] netlink: 'syz.6.11020': attribute type 1 has an invalid length.
[  492.286943][T32393] netlink: 144 bytes leftover after parsing attributes in process `syz.6.11020'.
[  492.397755][T32401] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  492.429424][T32400] 9pnet_fd: Insufficient options for proto=fd
[  492.535792][T32398] loop6: detected capacity change from 0 to 8192
[  492.548908][T32398] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  492.562771][T32408] netlink: 'syz.1.11027': attribute type 4 has an invalid length.
[  492.711777][T32418] 9pnet_fd: Insufficient options for proto=fd
[  492.789493][T32417] loop5: detected capacity change from 0 to 8192
[  492.808095][T32417] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  492.874024][T32424] SELinux: failed to load policy
[  493.003061][T32423] syzkaller0: entered promiscuous mode
[  493.008642][T32423] syzkaller0: entered allmulticast mode
[  493.752355][T32448] 9pnet_fd: Insufficient options for proto=fd
[  493.813796][T32455] 9pnet_fd: Insufficient options for proto=fd
[  494.129224][T32463] netlink: 'syz.0.11049': attribute type 7 has an invalid length.
[  494.137219][T32463] netlink: 'syz.0.11049': attribute type 8 has an invalid length.
[  494.254165][T32475] netlink: 'syz.4.11053': attribute type 4 has an invalid length.
[  494.382083][T32484] 9pnet_fd: Insufficient options for proto=fd
[  494.651609][T32490] 9pnet_fd: Insufficient options for proto=fd
[  494.896333][T32496] geneve2: entered promiscuous mode
[  494.901673][T32496] geneve2: entered allmulticast mode
[  494.914649][T32497] loop6: detected capacity change from 0 to 512
[  494.935450][T32497] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  494.955995][T32497] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  495.001273][T32507] FAULT_INJECTION: forcing a failure.
[  495.001273][T32507] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  495.014445][T32507] CPU: 1 UID: 0 PID: 32507 Comm: syz.1.11064 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  495.014470][T32507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  495.014563][T32507] Call Trace:
[  495.014570][T32507]  <TASK>
[  495.014578][T32507]  __dump_stack+0x1d/0x30
[  495.014597][T32507]  dump_stack_lvl+0xe8/0x140
[  495.014608][T32507]  dump_stack+0x15/0x1b
[  495.014617][T32507]  should_fail_ex+0x265/0x280
[  495.014629][T32507]  should_fail+0xb/0x20
[  495.014653][T32507]  should_fail_usercopy+0x1a/0x20
[  495.014666][T32507]  _copy_from_iter+0xcf/0xe40
[  495.014680][T32507]  ? __build_skb_around+0x1a0/0x200
[  495.014726][T32507]  ? __alloc_skb+0x223/0x320
[  495.014744][T32507]  netlink_sendmsg+0x471/0x6b0
[  495.014758][T32507]  ? __pfx_netlink_sendmsg+0x10/0x10
[  495.014770][T32507]  __sock_sendmsg+0x145/0x180
[  495.014795][T32507]  ____sys_sendmsg+0x31e/0x4e0
[  495.014809][T32507]  ___sys_sendmsg+0x17b/0x1d0
[  495.014829][T32507]  __x64_sys_sendmsg+0xd4/0x160
[  495.014843][T32507]  x64_sys_call+0x191e/0x2ff0
[  495.014879][T32507]  do_syscall_64+0xd2/0x200
[  495.014893][T32507]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  495.014907][T32507]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  495.014927][T32507]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.014954][T32507] RIP: 0033:0x7f5f1afbebe9
[  495.014963][T32507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  495.014977][T32507] RSP: 002b:00007f5f19a1f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  495.014988][T32507] RAX: ffffffffffffffda RBX: 00007f5f1b1e5fa0 RCX: 00007f5f1afbebe9
[  495.014995][T32507] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  495.015002][T32507] RBP: 00007f5f19a1f090 R08: 0000000000000000 R09: 0000000000000000
[  495.015009][T32507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  495.015016][T32507] R13: 00007f5f1b1e6038 R14: 00007f5f1b1e5fa0 R15: 00007fffa1055978
[  495.015045][T32507]  </TASK>
[  495.128906][T32512] __nla_validate_parse: 6 callbacks suppressed
[  495.128919][T32512] netlink: 108 bytes leftover after parsing attributes in process `syz.1.11066'.
[  495.254004][T32518] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2
[  495.255146][T32519] netlink: 'syz.4.11069': attribute type 21 has an invalid length.
[  495.271080][T32519] netlink: 'syz.4.11069': attribute type 1 has an invalid length.
[  495.279052][T32519] netlink: 144 bytes leftover after parsing attributes in process `syz.4.11069'.
[  495.292233][T32519] netlink: 168 bytes leftover after parsing attributes in process `syz.4.11069'.
[  495.341459][T32521] 9pnet_fd: Insufficient options for proto=fd
[  495.465661][T32524] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11071'.
[  495.474691][T32524] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11071'.
[  495.489668][T32527] netlink: 'syz.5.11072': attribute type 4 has an invalid length.
[  495.512187][T32528] GUP no longer grows the stack in syz.1.11073 (32528): 200000004000-20000000a000 (200000002000)
[  495.522846][T32528] CPU: 0 UID: 0 PID: 32528 Comm: syz.1.11073 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  495.522877][T32528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  495.522890][T32528] Call Trace:
[  495.522897][T32528]  <TASK>
[  495.522905][T32528]  __dump_stack+0x1d/0x30
[  495.522928][T32528]  dump_stack_lvl+0xe8/0x140
[  495.522949][T32528]  dump_stack+0x15/0x1b
[  495.522978][T32528]  __get_user_pages+0x198d/0x1fa0
[  495.523011][T32528]  ? __rcu_read_unlock+0x4f/0x70
[  495.523036][T32528]  get_user_pages_remote+0x1d5/0x6d0
[  495.523065][T32528]  __access_remote_vm+0x15c/0x590
[  495.523160][T32528]  access_remote_vm+0x32/0x40
[  495.523184][T32528]  proc_pid_cmdline_read+0x32b/0x6c0
[  495.523213][T32528]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  495.523238][T32528]  vfs_readv+0x3fb/0x690
[  495.523298][T32528]  __x64_sys_preadv+0xfd/0x1c0
[  495.523325][T32528]  x64_sys_call+0x282a/0x2ff0
[  495.523347][T32528]  do_syscall_64+0xd2/0x200
[  495.523400][T32528]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  495.523422][T32528]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  495.523446][T32528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.523536][T32528] RIP: 0033:0x7f5f1afbebe9
[  495.523552][T32528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  495.523569][T32528] RSP: 002b:00007f5f19a1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  495.523615][T32528] RAX: ffffffffffffffda RBX: 00007f5f1b1e5fa0 RCX: 00007f5f1afbebe9
[  495.523627][T32528] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000007
[  495.523638][T32528] RBP: 00007f5f1b041e19 R08: 0000000000000000 R09: 0000000000000000
[  495.523651][T32528] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[  495.523680][T32528] R13: 00007f5f1b1e6038 R14: 00007f5f1b1e5fa0 R15: 00007fffa1055978
[  495.523699][T32528]  </TASK>
[  495.742407][T31881] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  495.787562][T32535] Falling back ldisc for ttyS3.
[  495.827691][   T29] kauditd_printk_skb: 331 callbacks suppressed
[  495.827705][   T29] audit: type=1326 audit(485.973:66103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32529 comm="syz.4.11075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d59cebe9 code=0x7ffc0000
[  495.861257][   T29] audit: type=1326 audit(485.973:66104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32529 comm="syz.4.11075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d59cebe9 code=0x7ffc0000
[  495.873567][T32541] netlink: 108 bytes leftover after parsing attributes in process `syz.6.11078'.
[  495.884372][   T29] audit: type=1326 audit(485.973:66105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32529 comm="syz.4.11075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f16d59cebe9 code=0x7ffc0000
[  495.916470][   T29] audit: type=1326 audit(485.973:66106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32529 comm="syz.4.11075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d59cebe9 code=0x7ffc0000
[  495.922413][T32544] veth1_to_bridge: entered promiscuous mode
[  495.939513][   T29] audit: type=1326 audit(485.973:66107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32529 comm="syz.4.11075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d59cebe9 code=0x7ffc0000
[  495.950426][T32545] veth1_to_bridge: left promiscuous mode
[  495.968393][   T29] audit: type=1326 audit(485.973:66108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32529 comm="syz.4.11075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f16d59cebe9 code=0x7ffc0000
[  495.997153][   T29] audit: type=1326 audit(485.973:66109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32529 comm="syz.4.11075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d59cebe9 code=0x7ffc0000
[  496.020200][   T29] audit: type=1326 audit(485.973:66110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32529 comm="syz.4.11075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7f16d59cebe9 code=0x7ffc0000
[  496.043255][   T29] audit: type=1326 audit(485.973:66111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32529 comm="syz.4.11075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d59cebe9 code=0x7ffc0000
[  496.066439][   T29] audit: type=1326 audit(485.973:66112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32529 comm="syz.4.11075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f16d59cebe9 code=0x7ffc0000
[  496.217826][T32561] loop6: detected capacity change from 0 to 512
[  496.225507][T32561] EXT4-fs (loop6): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  496.235153][T32561] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  496.247345][T32561] EXT4-fs error (device loop6): __ext4_get_inode_loc:4861: comm syz.6.11081: Invalid inode table block 1 in block_group 0
[  496.277090][T32569] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=32569 comm=syz.4.11086
[  496.293792][T32561] EXT4-fs (loop6): Remounting filesystem read-only
[  496.300381][T32561] EXT4-fs (loop6): get root inode failed
[  496.306021][T32561] EXT4-fs (loop6): mount failed
[  496.371150][T32574] FAULT_INJECTION: forcing a failure.
[  496.371150][T32574] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  496.384261][T32574] CPU: 0 UID: 0 PID: 32574 Comm: syz.5.11088 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  496.384290][T32574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  496.384303][T32574] Call Trace:
[  496.384310][T32574]  <TASK>
[  496.384317][T32574]  __dump_stack+0x1d/0x30
[  496.384398][T32574]  dump_stack_lvl+0xe8/0x140
[  496.384415][T32574]  dump_stack+0x15/0x1b
[  496.384466][T32574]  should_fail_ex+0x265/0x280
[  496.384484][T32574]  should_fail+0xb/0x20
[  496.384499][T32574]  should_fail_usercopy+0x1a/0x20
[  496.384517][T32574]  _copy_from_user+0x1c/0xb0
[  496.384573][T32574]  __sys_connect+0xd0/0x2b0
[  496.384609][T32574]  __x64_sys_connect+0x3f/0x50
[  496.384637][T32574]  x64_sys_call+0x2c08/0x2ff0
[  496.384660][T32574]  do_syscall_64+0xd2/0x200
[  496.384750][T32574]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  496.384775][T32574]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  496.384801][T32574]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.384892][T32574] RIP: 0033:0x7f839c29ebe9
[  496.384906][T32574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  496.384934][T32574] RSP: 002b:00007f839ad07038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  496.384951][T32574] RAX: ffffffffffffffda RBX: 00007f839c4c5fa0 RCX: 00007f839c29ebe9
[  496.384965][T32574] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000006
[  496.384977][T32574] RBP: 00007f839ad07090 R08: 0000000000000000 R09: 0000000000000000
[  496.384996][T32574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  496.385009][T32574] R13: 00007f839c4c6038 R14: 00007f839c4c5fa0 R15: 00007ffc1c42a1e8
[  496.385025][T32574]  </TASK>
[  496.414993][T32569] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  496.543878][T32576] bridge: RTM_NEWNEIGH with invalid ether address
[  496.667739][T32583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  496.667832][T32583] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  496.674332][T32584] netlink: 108 bytes leftover after parsing attributes in process `syz.5.11091'.
[  496.753673][T32586] netlink: 'syz.5.11092': attribute type 4 has an invalid length.
[  496.878105][T32589] pim6reg1: entered promiscuous mode
[  496.878120][T32589] pim6reg1: entered allmulticast mode
[  496.878306][T32589] FAULT_INJECTION: forcing a failure.
[  496.878306][T32589] name failslab, interval 1, probability 0, space 0, times 0
[  496.878330][T32589] CPU: 1 UID: 0 PID: 32589 Comm: syz.5.11093 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  496.878426][T32589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  496.878435][T32589] Call Trace:
[  496.878441][T32589]  <TASK>
[  496.878447][T32589]  __dump_stack+0x1d/0x30
[  496.878465][T32589]  dump_stack_lvl+0xe8/0x140
[  496.878485][T32589]  dump_stack+0x15/0x1b
[  496.878557][T32589]  should_fail_ex+0x265/0x280
[  496.878578][T32589]  ? ____ip_mc_inc_group+0x1c9/0x5c0
[  496.878604][T32589]  should_failslab+0x8c/0xb0
[  496.878650][T32589]  __kmalloc_cache_noprof+0x4c/0x320
[  496.878680][T32589]  ____ip_mc_inc_group+0x1c9/0x5c0
[  496.878769][T32589]  ip_mc_up+0xbd/0x150
[  496.878789][T32589]  inetdev_event+0x9f9/0xc10
[  496.878894][T32589]  ? __rcu_read_unlock+0x4f/0x70
[  496.878992][T32589]  ? ib_netdevice_event+0x281/0x5f0
[  496.879089][T32589]  ? __pfx_arp_netdev_event+0x10/0x10
[  496.879108][T32589]  ? __pfx_inetdev_event+0x10/0x10
[  496.879136][T32589]  raw_notifier_call_chain+0x6c/0x1b0
[  496.879157][T32589]  ? call_netdevice_notifiers_info+0x9c/0x100
[  496.879262][T32589]  call_netdevice_notifiers_info+0xae/0x100
[  496.879289][T32589]  __dev_notify_flags+0xff/0x1a0
[  496.879315][T32589]  netif_change_flags+0xac/0xd0
[  496.879399][T32589]  dev_change_flags+0xce/0x180
[  496.879461][T32589]  ? netdev_name_node_lookup+0xa4/0xd0
[  496.879553][T32589]  dev_ifsioc+0x44b/0xaa0
[  496.879573][T32589]  ? __rcu_read_unlock+0x4f/0x70
[  496.879591][T32589]  dev_ioctl+0x70a/0x960
[  496.879609][T32589]  sock_do_ioctl+0x197/0x220
[  496.879634][T32589]  sock_ioctl+0x41b/0x610
[  496.879756][T32589]  ? __pfx_sock_ioctl+0x10/0x10
[  496.879811][T32589]  __se_sys_ioctl+0xce/0x140
[  496.879850][T32589]  __x64_sys_ioctl+0x43/0x50
[  496.879880][T32589]  x64_sys_call+0x1816/0x2ff0
[  496.879898][T32589]  do_syscall_64+0xd2/0x200
[  496.879919][T32589]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  496.879968][T32589]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  496.879993][T32589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.880015][T32589] RIP: 0033:0x7f839c29ebe9
[  496.880030][T32589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  496.880054][T32589] RSP: 002b:00007f839ad07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  496.880073][T32589] RAX: ffffffffffffffda RBX: 00007f839c4c5fa0 RCX: 00007f839c29ebe9
[  496.880087][T32589] RDX: 0000200000000380 RSI: 0000000000008914 RDI: 0000000000000008
[  496.880101][T32589] RBP: 00007f839ad07090 R08: 0000000000000000 R09: 0000000000000000
[  496.880114][T32589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  496.880127][T32589] R13: 00007f839c4c6038 R14: 00007f839c4c5fa0 R15: 00007ffc1c42a1e8
[  496.880153][T32589]  </TASK>
[  497.047168][T32592] FAULT_INJECTION: forcing a failure.
[  497.047168][T32592] name failslab, interval 1, probability 0, space 0, times 0
[  497.047206][T32592] CPU: 1 UID: 0 PID: 32592 Comm: syz.0.11095 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  497.047248][T32592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  497.047331][T32592] Call Trace:
[  497.047338][T32592]  <TASK>
[  497.047406][T32592]  __dump_stack+0x1d/0x30
[  497.047424][T32592]  dump_stack_lvl+0xe8/0x140
[  497.047441][T32592]  dump_stack+0x15/0x1b
[  497.047458][T32592]  should_fail_ex+0x265/0x280
[  497.047480][T32592]  should_failslab+0x8c/0xb0
[  497.047505][T32592]  kmem_cache_alloc_node_noprof+0x57/0x320
[  497.047551][T32592]  ? __alloc_skb+0x101/0x320
[  497.047581][T32592]  __alloc_skb+0x101/0x320
[  497.047611][T32592]  netlink_alloc_large_skb+0xba/0xf0
[  497.047669][T32592]  netlink_sendmsg+0x3cf/0x6b0
[  497.047690][T32592]  ? __pfx_netlink_sendmsg+0x10/0x10
[  497.047711][T32592]  __sock_sendmsg+0x145/0x180
[  497.047815][T32592]  ____sys_sendmsg+0x31e/0x4e0
[  497.047858][T32592]  ___sys_sendmsg+0x17b/0x1d0
[  497.047891][T32592]  __x64_sys_sendmsg+0xd4/0x160
[  497.047917][T32592]  x64_sys_call+0x191e/0x2ff0
[  497.047995][T32592]  do_syscall_64+0xd2/0x200
[  497.048021][T32592]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  497.048096][T32592]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  497.048122][T32592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  497.048143][T32592] RIP: 0033:0x7f74de53ebe9
[  497.048159][T32592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  497.048178][T32592] RSP: 002b:00007f74dcf9f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  497.048195][T32592] RAX: ffffffffffffffda RBX: 00007f74de765fa0 RCX: 00007f74de53ebe9
[  497.048279][T32592] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  497.048292][T32592] RBP: 00007f74dcf9f090 R08: 0000000000000000 R09: 0000000000000000
[  497.048306][T32592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  497.048380][T32592] R13: 00007f74de766038 R14: 00007f74de765fa0 R15: 00007ffdfd8d00e8
[  497.048398][T32592]  </TASK>
[  497.105618][T11043] hid-generic 0003:0004:000B.0001: unknown main item tag 0x0
[  497.423664][T32603] netlink: 12 bytes leftover after parsing attributes in process `syz.6.11098'.
[  497.426787][T11043] hid-generic 0003:0004:000B.0001: unknown main item tag 0x0
[  497.557456][T11043] hid-generic 0003:0004:000B.0001: unknown main item tag 0x0
[  497.557481][T11043] hid-generic 0003:0004:000B.0001: unknown main item tag 0x0
[  497.572294][T11043] hid-generic 0003:0004:000B.0001: unknown main item tag 0x0
[  497.572320][T11043] hid-generic 0003:0004:000B.0001: unknown main item tag 0x0
[  497.572345][T11043] hid-generic 0003:0004:000B.0001: unknown main item tag 0x0
[  497.572414][T11043] hid-generic 0003:0004:000B.0001: unknown main item tag 0x0
[  497.572433][T11043] hid-generic 0003:0004:000B.0001: unknown main item tag 0x0
[  497.572453][T11043] hid-generic 0003:0004:000B.0001: unknown main item tag 0x0
[  497.574624][T11043] hid-generic 0003:0004:000B.0001: hidraw0: USB HID vc.f8 Device [syz0] on syz0
[  497.662866][T32609] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  497.779790][T32631] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11109'.
[  498.078271][T32633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  498.089077][T32633] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  498.278965][T32643] pim6reg1: entered promiscuous mode
[  498.284381][T32643] pim6reg1: entered allmulticast mode
[  498.514255][T32651] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  498.801097][T32661] netlink: 'syz.0.11121': attribute type 21 has an invalid length.
[  498.832931][T32661] netlink: 'syz.0.11121': attribute type 1 has an invalid length.
[  498.841023][T32661] netlink: 144 bytes leftover after parsing attributes in process `syz.0.11121'.
[  499.577768][T32677] netdevsim netdevsim6: Direct firmware load for ./file0 failed with error -2
[  499.777605][T32690] loop6: detected capacity change from 0 to 8192
[  499.785406][T32690] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  499.847058][T32696] netlink: 'syz.4.11136': attribute type 4 has an invalid length.
[  500.728721][T32725] loop6: detected capacity change from 0 to 512
[  500.851160][T32725] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  500.903065][T32725] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  500.985783][T31881] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  501.030512][T32738] loop6: detected capacity change from 0 to 128
[  501.215757][   T29] kauditd_printk_skb: 283 callbacks suppressed
[  501.215771][   T29] audit: type=1326 audit(491.005:66396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32744 comm="syz.6.11151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2d6b9ebe9 code=0x7ffc0000
[  501.267618][   T29] audit: type=1326 audit(491.005:66397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32744 comm="syz.6.11151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2d6b9ebe9 code=0x7ffc0000
[  501.290816][   T29] audit: type=1326 audit(491.042:66398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32744 comm="syz.6.11151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd2d6b9ebe9 code=0x7ffc0000
[  501.313830][   T29] audit: type=1326 audit(491.042:66399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32744 comm="syz.6.11151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2d6b9ebe9 code=0x7ffc0000
[  501.337001][   T29] audit: type=1326 audit(491.042:66400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32744 comm="syz.6.11151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2d6b9ebe9 code=0x7ffc0000
[  501.360159][   T29] audit: type=1326 audit(491.042:66401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32744 comm="syz.6.11151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fd2d6b9ebe9 code=0x7ffc0000
[  501.383240][   T29] audit: type=1326 audit(491.042:66402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32744 comm="syz.6.11151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2d6b9ebe9 code=0x7ffc0000
[  501.406353][   T29] audit: type=1326 audit(491.042:66403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32744 comm="syz.6.11151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2d6b9ebe9 code=0x7ffc0000
[  501.429383][   T29] audit: type=1326 audit(491.042:66404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32744 comm="syz.6.11151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7fd2d6b9ebe9 code=0x7ffc0000
[  501.452490][   T29] audit: type=1326 audit(491.052:66405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32744 comm="syz.6.11151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2d6b9ebe9 code=0x7ffc0000
[  501.945679][T32759] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pid=32759 comm=syz.1.11156
[  502.090653][T32766] FAULT_INJECTION: forcing a failure.
[  502.090653][T32766] name failslab, interval 1, probability 0, space 0, times 0
[  502.103446][T32766] CPU: 0 UID: 0 PID: 32766 Comm: syz.6.11157 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  502.103474][T32766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  502.103487][T32766] Call Trace:
[  502.103531][T32766]  <TASK>
[  502.103539][T32766]  __dump_stack+0x1d/0x30
[  502.103561][T32766]  dump_stack_lvl+0xe8/0x140
[  502.103582][T32766]  dump_stack+0x15/0x1b
[  502.103599][T32766]  should_fail_ex+0x265/0x280
[  502.103682][T32766]  should_failslab+0x8c/0xb0
[  502.103707][T32766]  kmem_cache_alloc_node_noprof+0x57/0x320
[  502.103737][T32766]  ? __alloc_skb+0x101/0x320
[  502.103798][T32766]  __alloc_skb+0x101/0x320
[  502.103830][T32766]  alloc_skb_with_frags+0x7d/0x470
[  502.103855][T32766]  sock_alloc_send_pskb+0x43a/0x4f0
[  502.103936][T32766]  ? __rcu_read_unlock+0x4f/0x70
[  502.103960][T32766]  packet_sendmsg+0x222b/0x31f0
[  502.104021][T32766]  ? __account_obj_stock+0x211/0x350
[  502.104049][T32766]  ? avc_has_perm+0xf7/0x180
[  502.104076][T32766]  ? selinux_socket_sendmsg+0x175/0x1b0
[  502.104110][T32766]  ? __pfx_packet_sendmsg+0x10/0x10
[  502.104189][T32766]  __sock_sendmsg+0x145/0x180
[  502.104217][T32766]  ____sys_sendmsg+0x345/0x4e0
[  502.104243][T32766]  ___sys_sendmsg+0x17b/0x1d0
[  502.104288][T32766]  __sys_sendmmsg+0x178/0x300
[  502.104321][T32766]  __x64_sys_sendmmsg+0x57/0x70
[  502.104344][T32766]  x64_sys_call+0x1c4a/0x2ff0
[  502.104364][T32766]  do_syscall_64+0xd2/0x200
[  502.104467][T32766]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  502.104491][T32766]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  502.104566][T32766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.104630][T32766] RIP: 0033:0x7fd2d6b9ebe9
[  502.104646][T32766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  502.104664][T32766] RSP: 002b:00007fd2d55de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  502.104739][T32766] RAX: ffffffffffffffda RBX: 00007fd2d6dc6090 RCX: 00007fd2d6b9ebe9
[  502.104814][T32766] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000012
[  502.104828][T32766] RBP: 00007fd2d55de090 R08: 0000000000000000 R09: 0000000000000000
[  502.104841][T32766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  502.104871][T32766] R13: 00007fd2d6dc6128 R14: 00007fd2d6dc6090 R15: 00007ffedc6ca7d8
[  502.104891][T32766]  </TASK>
[  502.375179][T32767] ==================================================================
[  502.383266][T32767] BUG: KCSAN: data-race in getrusage / vms_clear_ptes
[  502.390024][T32767] 
[  502.392330][T32767] write to 0xffff888109bd8158 of 8 bytes by task 32765 on cpu 1:
[  502.400032][T32767]  vms_clear_ptes+0x18f/0x2d0
[  502.404698][T32767]  mmap_region+0x759/0x1630
[  502.409187][T32767]  do_mmap+0x9b3/0xbe0
[  502.413244][T32767]  vm_mmap_pgoff+0x17a/0x2e0
[  502.417821][T32767]  ksys_mmap_pgoff+0xc2/0x310
[  502.422486][T32767]  x64_sys_call+0x14a3/0x2ff0
[  502.427145][T32767]  do_syscall_64+0xd2/0x200
[  502.431638][T32767]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.437514][T32767] 
[  502.439817][T32767] read to 0xffff888109bd8158 of 8 bytes by task 32767 on cpu 0:
[  502.447423][T32767]  getrusage+0xa52/0xbb0
[  502.451650][T32767]  io_sq_thread+0x5dd/0x1190
[  502.456226][T32767]  ret_from_fork+0xda/0x150
[  502.460712][T32767]  ret_from_fork_asm+0x1a/0x30
[  502.465457][T32767] 
[  502.467756][T32767] value changed: 0x00000000000014eb -> 0x00000000000016b5
[  502.474838][T32767] 
[  502.477141][T32767] Reported by Kernel Concurrency Sanitizer on:
[  502.483276][T32767] CPU: 0 UID: 0 PID: 32767 Comm: iou-sqp-32765 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  502.493322][T32767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  502.503362][T32767] ==================================================================