last executing test programs:

3.876502883s ago: executing program 1 (id=3061):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000200)=0x9, 0x8, 0x0)
mmap(&(0x7f0000543000/0x1000)=nil, 0x1000, 0x0, 0x2031, 0xffffffffffffffff, 0xcc4c6000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x2000, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x27fa7000)

3.875368253s ago: executing program 1 (id=3063):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000040)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x8})
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000280)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64e9f4080003000601000004000200d700", 0x5a}, {&(0x7f0000000680)="ffaf", 0x2}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x4080)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000101b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, @void, @value}, 0x94)
recvmmsg(0xffffffffffffffff, &(0x7f0000006940)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000003c0)=""/6, 0x6}], 0x1}, 0x3}], 0x1, 0x40, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$sock(r3, &(0x7f00000044c0), 0x4000000000001c0, 0x0)
recvfrom(r4, &(0x7f0000000040)=""/60, 0x3c, 0x40, 0x0, 0x0)

3.712657005s ago: executing program 1 (id=3067):
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000400)='.\x00', 0xa4000021)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setresgid(0xee00, 0xee01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r1 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
r2 = dup2(r1, r1)
write$tun(r2, 0x0, 0x46)

3.619461956s ago: executing program 1 (id=3069):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000340)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@data_err_abort}, {@dioread_lock}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000020000000000002000085000000ae000000"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x41, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kfree\x00', r0}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {0x0, 0xcf}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8}]}}}, @IFLA_MASTER={0x8}]}, 0x40}}, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r1, &(0x7f0000000a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000940)=""/3, 0x3, 0x3, 0x4, 0x0, 0x0, 0xc08}}, 0x120)
write$UHID_DESTROY(r1, &(0x7f0000000200), 0x4)

3.220715382s ago: executing program 1 (id=3073):
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x8b6}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000300)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r0, 0x0, &(0x7f0000000040)='./file0\x00', 0x64, 0x183000, 0x23456})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
io_uring_enter(r0, 0x47f6, 0x0, 0x2, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f0000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4, 0x0, 0xffffffffffffffff}, 0x18)

2.407077975s ago: executing program 4 (id=3075):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000200)=0x9, 0x8, 0x0)
mmap(&(0x7f0000543000/0x1000)=nil, 0x1000, 0x0, 0x2031, 0xffffffffffffffff, 0xcc4c6000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x2000, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x27fa7000)

2.268392766s ago: executing program 4 (id=3077):
r0 = perf_event_open(&(0x7f0000000500)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x9204, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
open(&(0x7f0000000000)='./file0\x00', 0x20000, 0x10) (async)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x20000, 0x10)
sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f0000000600)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, 0x1, 0x2, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x6084}, 0x4000800)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r3, 0x0, 0x8}, 0x18)
io_uring_register$IORING_UNREGISTER_PBUF_RING(0xffffffffffffffff, 0x17, 0x0, 0x1)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000008c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000e868495fb58d00b6ad1f50ad32d6ad25dfd73a015e0ca6a0f68a7d007dc6751dfb265a0e3ccae669e173a64bc1cfd514600650a58f145ff1205fc9ddaa275e687d452d64e7cc957d77578f4c25235138d5521f9453559c35da860e8efbc64e57cbb7aee976f2b54421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983cd44c05bd0a48dfe3e26e7a23129d6606ed28a69989d552af6d9a9df2c3af36e0360070011bbecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f163d1a1a83109753f54b21cd027edd68149ee99eebc6f7d6dd4aed4af7588c8e1b44ccb19e810879b81a7000000e7ffffff00000000d7900a820b63278f4e9a217b98ef7042ad2a928903000000cbe43a1ed25268816b00000000000009d27d753a30a147b24a48435bd8a568669596e9e0867958e1dd7a0defb6670c06054002238260000000000040587c1ed797aa21a38e1e389f640a0b8b0000000000a835ad0f61ba739cd0c31b05c00fba8a4aee676d7caa2e53b91a68ff2e60da7b01a2e5785a238afa4aba70c08b0d71b6f72d6a8d87fb08533d97ad96d3943c4cc8306dac433a5cdf78b04963d679d5a5d07e618a1ef9057fec00f9e93021f5a8d30e716de8cde9c6000000000c3b64d10f0939b42b33ab2a8717096c58bb3bb1d457d8bb96870f5a7e2ba31fd69bb80235d957eaa9a40b764e5381ffa604aaafb76a980e72b408f686b185736693089213b4e140f8f38e5589663115093889deb646122a5dc5a9e5ba4d37749a36b880110e2bf524b79bc91105f1d3f7d0de694a9417d68694f17ba5e27ea1cec518b93fadcfe0de010ae9be3273ff73c34b5695080a35bfa5c69e3b533e1b939c81b3beda037b7191cb0000000000000000000010e5d683b8938db5c305cf7e6e62a6890ba9e1f4ee64f8202b59de5036569febfaa95f4633db108b2f786333ec7bacc927f4a1785165b5d2444b4c022bb5cff472e6a0c8ee9d6d8df83b704669147b732ac508c9b9f0ca0a1ce45319d43d4643eb285835daf2065b57bebd61ad6671296c27253a5f9688d57c91ccd40ffe2dbc5dd1613a2e6f5b363cc8d205ce6ef3c3c6ded7dd3dfdb39008d8997213f68cdc971c1d6fdacb7729a5560880a77525e9cfb94ef1735dfe74e6b948697f7e3580436b532a82e315d56b17a5dba98436cc24babaae409f0aab0b40af116001bc85492455956e853ead08b5793d4ecf72378a3dfd9cc837b1c66212d9a2be8fd6341c2f837c7fe09924a51ec42912856cce3d3b2d092c80813aad03e1e63a655f4138730f302df339f30a4fbd453c9a0fba381d071ad7cb80a52bec572e29b0b9b55c235806b97e166609f8083ce776075c"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000008c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000e868495fb58d00b6ad1f50ad32d6ad25dfd73a015e0ca6a0f68a7d007dc6751dfb265a0e3ccae669e173a64bc1cfd514600650a58f145ff1205fc9ddaa275e687d452d64e7cc957d77578f4c25235138d5521f9453559c35da860e8efbc64e57cbb7aee976f2b54421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983cd44c05bd0a48dfe3e26e7a23129d6606ed28a69989d552af6d9a9df2c3af36e0360070011bbecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f163d1a1a83109753f54b21cd027edd68149ee99eebc6f7d6dd4aed4af7588c8e1b44ccb19e810879b81a7000000e7ffffff00000000d7900a820b63278f4e9a217b98ef7042ad2a928903000000cbe43a1ed25268816b00000000000009d27d753a30a147b24a48435bd8a568669596e9e0867958e1dd7a0defb6670c06054002238260000000000040587c1ed797aa21a38e1e389f640a0b8b0000000000a835ad0f61ba739cd0c31b05c00fba8a4aee676d7caa2e53b91a68ff2e60da7b01a2e5785a238afa4aba70c08b0d71b6f72d6a8d87fb08533d97ad96d3943c4cc8306dac433a5cdf78b04963d679d5a5d07e618a1ef9057fec00f9e93021f5a8d30e716de8cde9c6000000000c3b64d10f0939b42b33ab2a8717096c58bb3bb1d457d8bb96870f5a7e2ba31fd69bb80235d957eaa9a40b764e5381ffa604aaafb76a980e72b408f686b185736693089213b4e140f8f38e5589663115093889deb646122a5dc5a9e5ba4d37749a36b880110e2bf524b79bc91105f1d3f7d0de694a9417d68694f17ba5e27ea1cec518b93fadcfe0de010ae9be3273ff73c34b5695080a35bfa5c69e3b533e1b939c81b3beda037b7191cb0000000000000000000010e5d683b8938db5c305cf7e6e62a6890ba9e1f4ee64f8202b59de5036569febfaa95f4633db108b2f786333ec7bacc927f4a1785165b5d2444b4c022bb5cff472e6a0c8ee9d6d8df83b704669147b732ac508c9b9f0ca0a1ce45319d43d4643eb285835daf2065b57bebd61ad6671296c27253a5f9688d57c91ccd40ffe2dbc5dd1613a2e6f5b363cc8d205ce6ef3c3c6ded7dd3dfdb39008d8997213f68cdc971c1d6fdacb7729a5560880a77525e9cfb94ef1735dfe74e6b948697f7e3580436b532a82e315d56b17a5dba98436cc24babaae409f0aab0b40af116001bc85492455956e853ead08b5793d4ecf72378a3dfd9cc837b1c66212d9a2be8fd6341c2f837c7fe09924a51ec42912856cce3d3b2d092c80813aad03e1e63a655f4138730f302df339f30a4fbd453c9a0fba381d071ad7cb80a52bec572e29b0b9b55c235806b97e166609f8083ce776075c"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = syz_io_uring_setup(0x27f3, &(0x7f0000000340)={0x0, 0x4, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000140), &(0x7f0000000100)=<r8=>0x0)
syz_io_uring_setup(0x7414, &(0x7f00000003c0)={0x0, 0xd326, 0x800, 0x0, 0x2ac}, &(0x7f0000000040), &(0x7f0000000180)) (async)
syz_io_uring_setup(0x7414, &(0x7f00000003c0)={0x0, 0xd326, 0x800, 0x0, 0x2ac}, &(0x7f0000000040)=<r9=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r9, r8, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) (async)
syz_io_uring_submit(r9, r8, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r7, 0x184c, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000002c0)=0x7e)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_int(r10, 0x29, 0x19, 0x0, &(0x7f0000000240))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
r11 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r11, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c)
setsockopt$packet_rx_ring(r11, 0x107, 0x5, &(0x7f0000000100)=@req3={0xfffffffd, 0x0, 0x47b, 0x0, 0x0, 0x800, 0x861}, 0x1c) (async)
setsockopt$packet_rx_ring(r11, 0x107, 0x5, &(0x7f0000000100)=@req3={0xfffffffd, 0x0, 0x47b, 0x0, 0x0, 0x800, 0x861}, 0x1c)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r12)
r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r14, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="4d7e00000000fbdbdf252a00000008002f000000000008000200", @ANYRES32=r4], 0x24}, 0x4, 0x700000000000000}, 0x8850)
r15 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c00000010003df600"/20, @ANYRES32=0x0, @ANYBLOB="000000e8ff07000014000300000000000000000000000000000000001800128008000100707070000c00028008000100", @ANYRES32=r15], 0x4c}}, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c00000010003df600"/20, @ANYRES32=0x0, @ANYBLOB="000000e8ff07000014000300000000000000000000000000000000001800128008000100707070000c00028008000100", @ANYRES32=r15], 0x4c}}, 0x0)

2.124240249s ago: executing program 2 (id=3080):
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8245, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e1c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x7f, 0x7ffc0002}]})
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r1 = socket(0x2a, 0x2, 0x5)
sendto(r1, 0x0, 0x0, 0x0, &(0x7f0000000040)=@qipcrtr, 0x80)
read$qrtrtun(r0, 0x0, 0xeffd)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
dup2(r0, r1)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0}, 0x18)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001240)=[{&(0x7f0000000040)=""/73, 0x49}], 0x1)
lsm_set_self_attr(0x66, 0x0, 0x2000, 0x0)

2.123557699s ago: executing program 4 (id=3081):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @multicast2}, 0x2}}, 0x2e)
r2 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x4, 0x0, 0x0, 0x5, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x67a, 0x1, 0xfffffffe, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000240)=ANY=[@ANYRES64=r0, @ANYRES32=r3, @ANYRESDEC=r2, @ANYRESOCT=r0, @ANYRESHEX=r0, @ANYBLOB="bd59fd72ee6b7763c7684e11bd21f01d44c988d38bf564c0443a27c89e4f894393e10a79479b4caf1f55f71f85a94f98eb7b3cb28136f6380e7d0d96cd2af03b8635379589b1f9acd94e0a64776202b28e2e63f376d90c74394792948d9476eec5afe22504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r4 = syz_open_procfs(0x0, &(0x7f0000000440)='attr\x00')
getdents64(r4, &(0x7f0000000300)=""/55, 0x37)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b000000000084eee2b845e14a2ca34667abc0c42cc01d7cbed6e5af26da98ce9d9e9f5ca852bee8406800d5ee2c4a2c87464e1e67cfe9e5fdb6f24eb125367a24d3820725e3328a4369e0ce9d0fab53740fc0ba1847f484a89268db6086f7d35931d6dfe9e1a5cef946b4cf8a1040ff2c2158f0988de7c695aae91acca55d63750baccb7f00f73f4c720ce5eb3c0aa646d5c7b6ac724516370fb846bb934b846a85a1e9569e475393bfffca4a7657c772de5b94813fa3b7f72df765477540419f35eb7f10122edb8cc42243c22f3d2b3ac2f5d7e2bfba2f663811bfdfb6b10d0e30a793333099e742bc09a0a2912e6e6b69f7c0a1ce5896e0f079384b8657019b89aa55b2d19ca4aaf87c", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000100000006000000000050dfcbc2e992c5d7df1267927b70572ac301aae9ed798728b21a91d7a645a4d61cc81c22fd86101ee11e19472f23cfeb", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r7}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r5, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'})
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000001c0)='mm_page_free\x00', r8, 0x0, 0x6}, 0x18)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r9, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1)
r10 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
sendfile(r10, r10, 0x0, 0x800000009)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r11 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r11, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x2, 0x2}}, 0x26)
close_range(r1, 0xffffffffffffffff, 0x0)

1.876265082s ago: executing program 4 (id=3083):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000001340)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0400000000000000000000000000000000000000d3e1202139f5fbe004ba9f18dc0bfce6caef5af30f8c550810019483b1fc13e94a127620544b664b237d310069350c386685f33a31e606bc33341fb27bc67de49d912225000b31e2a61ab37fc8418a7b62a6155b0635a0e9000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000358c3b90670468ad00000018110300", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001540)=@newtaction={0x898, 0x30, 0x12f, 0x4000, 0x0, {}, [{0x884, 0x1, [@m_police={0x880, 0x1, 0x0, 0x0, {{0xb}, {0x854, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x7c3, 0x2, 0x3, 0xffffff81, 0x10, 0xc, 0x2, 0x3, 0x40, 0x200, 0x8, 0x9, 0x0, 0x5, 0x0, 0x8, 0xa, 0x6, 0x200, 0x1, 0x3, 0xcc37, 0x5, 0xb5, 0x8, 0x4, 0x0, 0x6, 0xfb1, 0x72a4, 0xd, 0x7fff, 0x5, 0x3, 0x0, 0x2, 0x7, 0xc3a0, 0x4, 0xc, 0x0, 0xaf, 0x1, 0x6, 0x5, 0x6, 0x5, 0x80, 0xe, 0x2, 0x7, 0x6, 0x7, 0x1991, 0x8, 0xfffffe29, 0x5, 0x3, 0x101, 0xfff, 0x4, 0x5, 0x8000, 0x4, 0x7, 0x0, 0x0, 0xfffffff3, 0x1, 0x9, 0x80020003, 0x2, 0x3, 0x5, 0x101, 0x1, 0xfffffffc, 0x6, 0x7fffffff, 0x200, 0x1, 0x7309, 0x6, 0x3, 0x100, 0x2, 0x7, 0x6d0, 0x226, 0x7ff, 0x0, 0x6, 0x7, 0xfffff001, 0x6, 0x7ed8, 0x203, 0xffff, 0x0, 0x0, 0x249, 0x5, 0x2fbf, 0x2, 0x8000, 0x7, 0x25fe9fd5, 0x1, 0x9, 0x1, 0xe, 0x9, 0x0, 0x10000003, 0x4e, 0xa158, 0x8, 0x1, 0x119203c5, 0xd0, 0x7, 0x80000001, 0x3226, 0x8, 0x3, 0x4, 0xc64f, 0xffffff6e, 0x5, 0x6, 0x6, 0xfffffff7, 0x6, 0x7, 0x1, 0xc, 0x6, 0x7, 0x200, 0x60459141, 0x1, 0x5, 0x101, 0x84, 0x0, 0x1, 0x5, 0x2, 0x29dc, 0x0, 0x2d5, 0x7, 0xfffffffa, 0x1000, 0x6, 0x94, 0x15a, 0x4, 0x6, 0x2, 0x4002, 0x2, 0x4, 0xfff, 0x5, 0x1, 0x3, 0x4003, 0x80, 0x7a5b054a, 0x8, 0xffffff80, 0x1, 0xfff, 0x3, 0xb, 0x8, 0x3, 0x4, 0x2, 0x6, 0xf, 0x2, 0x7, 0x1, 0x77, 0x20009, 0x274d, 0x6, 0x40, 0xfffffffe, 0xb, 0x7, 0x1, 0x9ab, 0x7, 0xffffffc0, 0xa95, 0x2000007, 0x3c, 0x2c7, 0x7, 0x8, 0x4, 0x0, 0x99f, 0x5, 0x7ff, 0x0, 0x6, 0x4, 0x4, 0xb, 0x7ff, 0x1e, 0x3, 0xe49, 0x56, 0x9, 0x1, 0x6, 0x2, 0x6a1c, 0x9, 0x8, 0x4dbda2da, 0x7fff, 0x5, 0x5, 0x0, 0x7, 0x8, 0x7fff, 0xed, 0x7fff, 0x1000, 0xcbe, 0x7ff, 0x6, 0x8, 0xb, 0xff, 0x5, 0x1, 0x377a0eb2, 0x9, 0x5, 0x8, 0x5, 0x4, 0xfffffffd, 0x2, 0xeffe, 0xe74, 0x8]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x6, 0x3a40da20, 0x9, 0x7, 0x4, 0x8000, 0x7fffffff, 0x2, 0x1, 0x7fff, 0x86, 0x10000, 0x2, 0x40, 0x2, 0x99d, 0x6, 0xffffff92, 0xe9c, 0x3ff, 0xfffffffe, 0x10001, 0xa, 0xfffff000, 0x7f, 0x4, 0x0, 0x81, 0x6f0, 0x18e, 0x8, 0x4, 0x3, 0x4, 0x2, 0xffffffff, 0x0, 0x80000000, 0x3, 0x9, 0xfffc, 0x2, 0xd, 0x3, 0x5, 0x1, 0x80000001, 0x8, 0x7, 0x2, 0xd92e, 0x7fffffff, 0x3, 0x90, 0xc0, 0x5b, 0x1, 0xe6, 0x1, 0x5, 0x1000, 0x3, 0x10, 0x0, 0x71ad, 0x6, 0x6, 0x100, 0xf3, 0x1, 0xa92, 0x0, 0x6, 0x7, 0x10001, 0x8, 0xb, 0x10000, 0x3, 0x3, 0x3, 0x5, 0x5, 0x1, 0xee7e, 0x800, 0x81, 0x7fff, 0x1, 0x4, 0x5, 0x4, 0xffffff89, 0x7, 0xfffffff3, 0x2, 0xffffffff, 0x9, 0x5, 0x2, 0x101, 0x7fffffff, 0xfffff001, 0x6, 0x4, 0xffffffff, 0x5, 0x9, 0x1, 0x0, 0xb3e, 0x8, 0xf3, 0x401, 0x401, 0x9, 0x8, 0x2, 0xb, 0x0, 0x0, 0x9, 0xffffffff, 0x25c, 0x7, 0x100005, 0x0, 0x5, 0xfffffff9, 0x3, 0xe2, 0x8, 0x1, 0x8, 0x9, 0x0, 0x9, 0x2, 0x1, 0x9, 0x80, 0x5, 0xd3c3, 0x5, 0x2, 0x1, 0x472a8800, 0xc, 0xfffffff0, 0xfffffff8, 0x9, 0x8, 0xfffffffc, 0x9, 0x5, 0x9, 0x5, 0x6, 0x6, 0x7, 0x87f, 0x59, 0x4eedcacd, 0x1, 0x4, 0x9df4, 0x2, 0x7, 0x5, 0xdff8, 0x3828, 0x0, 0x1, 0x7, 0xcf6, 0x7f, 0x4, 0x7, 0x2120, 0xfffffffa, 0x80, 0x3, 0xdbff, 0x52b6, 0xfffffffa, 0x49, 0x70, 0x0, 0xe1, 0x1401, 0xa, 0x101, 0x3ff, 0x101, 0x10001, 0x7ffe, 0x80000000, 0x81, 0xfffffff7, 0x3, 0x1, 0x7514, 0x7, 0x3, 0xf, 0x4, 0x2, 0x9, 0x4, 0x10000, 0x3ff, 0x0, 0x100, 0x7ef2, 0x300000, 0x1, 0xe, 0xd, 0x4, 0x6, 0x8, 0x4, 0x10001, 0xc01, 0x400, 0x436, 0x3, 0x205, 0x0, 0x0, 0xffffffff, 0xbc, 0xa8, 0x0, 0x6, 0x7, 0x800001, 0x81, 0x3, 0x2, 0x7, 0x4, 0x4, 0x2445c87b, 0x6, 0xd, 0x9, 0x2, 0x10, 0x2, 0x7, 0x57, 0x5, 0xd, 0x1000, 0x3]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xff, 0x7, 0x2, 0x7ff, 0x6, {0x9, 0x1, 0x8, 0xef3, 0x9, 0x1}, {0x2, 0x1, 0x2, 0x827, 0x29a, 0x100}, 0x3, 0x9, 0x7}}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x5}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x898}}, 0x0)
kexec_load(0x5, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x8, 0x7f}], 0x3e0000)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
sendfile(r5, r5, 0x0, 0x40000f63c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="18020000f9ff300000003d5342668b54d9d4e084683b54b6e734e62731d5d05063300b26a4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffc, @void, @value}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xffffffffffffffe9)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r6}, &(0x7f0000000040), &(0x7f0000000280)='%-010d \x00'}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000c6f000/0x1000)=nil, 0x1000, 0x3, &(0x7f0000000180)=0x6, 0x0, 0x3)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000ec0)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x100000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)

1.863580222s ago: executing program 1 (id=3084):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000340)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@data_err_abort}, {@dioread_lock}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
lsetxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0xfe37, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x41, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_pts(0xffffffffffffffff, 0x800)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
faccessat2(r0, &(0x7f0000000040)='\x00', 0x1, 0x1300)
r1 = socket(0x15, 0x5, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
getsockopt(r1, 0x200000000114, 0x271b, 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOVER(0xffffffffffffffff, 0x80049363, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000940)=""/3, 0x3, 0x3, 0x4, 0x0, 0x0, 0xc08}}, 0x120)
readv(r3, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}, {0x0, 0x4}], 0x2)
write$UHID_DESTROY(r3, &(0x7f0000000200), 0x4)

1.808600643s ago: executing program 2 (id=3085):
ioperm(0x0, 0xd, 0x4000000000000020)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x4, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000001300)=ANY=[@ANYRES16=r0, @ANYRESOCT=r3, @ANYBLOB="e45281e450648cde60792606f78d70cf68b61efcbbefb214b4964c08c246709b4ed1b1357e0d2ec5bae6857351bcb9ccc0d0cfb797c72ea65e9381ca28e35f78d88e15cf4a7d103a24e92bcdcdc89a7e61d07e4920fa237f7655bf36244542ee1e786558c28fed127274ffa7fdcca0af4aff686897c99806136481aac9b18c38b44ade39e3725242f29bf6984c444ff716d7054599361117214897e53b5c877032a25f8ace5f6c7b949ea4d8e7f02573df70faaffac5a790926d7489c4a191735a2c076964a837f75ede062e680a98443608", @ANYRES8=r1], 0x69)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000001140)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b7040000000000008500000001"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r5, 0x0, 0x5}, 0x18)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x80000072)
r6 = socket$netlink(0x10, 0x3, 0x14)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000840)=@bpf_tracing={0x1a, 0x7, &(0x7f0000000a00)=ANY=[@ANYRESHEX, @ANYRES32, @ANYBLOB="00000000000000009500000000000000"], &(0x7f0000000540)='GPL\x00', 0x9, 0xb4, &(0x7f0000000640)=""/180, 0x41000, 0x0, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000580)={0x3, 0xc, 0x80000000, 0x10}, 0x10, 0x2c226, 0xffffffffffffffff, 0x0, &(0x7f0000000700)=[r4, r4, 0xffffffffffffffff], 0x0, 0x10, 0x9, @void, @value}, 0x94)
process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00'}, 0x10)
process_vm_writev(0x0, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0xc, 0x0, 0x0, &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = perf_event_open(&(0x7f0000000fc0)={0x2, 0x80, 0x82, 0x1, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x40}, 0x0, 0x0, 0x3, 0x4, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x40082406, &(0x7f0000000180)='cpu>=0||!')
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000740)=ANY=[@ANYBLOB="38000000031401002dbd7000020000000900020073797a320000000008004100736977001400330064756d6d793000000000000000000000d4cbb521a6b4fd39b9d42f7145f268ab8a36fdb0541b8ebe22ae0614de39697406e5a79d406f07ae08c22c384be0956bac838170ddafcc1e661c59572641925391a3ccc741a35f93231f9ac1966f529306a48b57de78d0443cb20d35ee4a"], 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
ioperm(0x4, 0x2, 0x9)

1.731227464s ago: executing program 2 (id=3089):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000001340)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0400000000000000000000000000000000000000d3e1202139f5fbe004ba9f18dc0bfce6caef5af30f8c550810019483b1fc13e94a127620544b664b237d310069350c386685f33a31e606bc33341fb27bc67de49d912225000b31e2a61ab37fc8418a7b62a6155b0635a0e9000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000358c3b90670468ad00000018110300", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001540)=@newtaction={0x898, 0x30, 0x12f, 0x4000, 0x0, {}, [{0x884, 0x1, [@m_police={0x880, 0x1, 0x0, 0x0, {{0xb}, {0x854, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x7c3, 0x2, 0x3, 0xffffff81, 0x10, 0xc, 0x2, 0x3, 0x40, 0x200, 0x8, 0x9, 0x0, 0x5, 0x0, 0x8, 0xa, 0x6, 0x200, 0x1, 0x3, 0xcc37, 0x5, 0xb5, 0x8, 0x4, 0x0, 0x6, 0xfb1, 0x72a4, 0xd, 0x7fff, 0x5, 0x3, 0x0, 0x2, 0x7, 0xc3a0, 0x4, 0xc, 0x0, 0xaf, 0x1, 0x6, 0x5, 0x6, 0x5, 0x80, 0xe, 0x2, 0x7, 0x6, 0x7, 0x1991, 0x8, 0xfffffe29, 0x5, 0x3, 0x101, 0xfff, 0x4, 0x5, 0x8000, 0x4, 0x7, 0x0, 0x0, 0xfffffff3, 0x1, 0x9, 0x80020003, 0x2, 0x3, 0x5, 0x101, 0x1, 0xfffffffc, 0x6, 0x7fffffff, 0x200, 0x1, 0x7309, 0x6, 0x3, 0x100, 0x2, 0x7, 0x6d0, 0x226, 0x7ff, 0x0, 0x6, 0x7, 0xfffff001, 0x6, 0x7ed8, 0x203, 0xffff, 0x0, 0x0, 0x249, 0x5, 0x2fbf, 0x2, 0x8000, 0x7, 0x25fe9fd5, 0x1, 0x9, 0x1, 0xe, 0x9, 0x0, 0x10000003, 0x4e, 0xa158, 0x8, 0x1, 0x119203c5, 0xd0, 0x7, 0x80000001, 0x3226, 0x8, 0x3, 0x4, 0xc64f, 0xffffff6e, 0x5, 0x6, 0x6, 0xfffffff7, 0x6, 0x7, 0x1, 0xc, 0x6, 0x7, 0x200, 0x60459141, 0x1, 0x5, 0x101, 0x84, 0x0, 0x1, 0x5, 0x2, 0x29dc, 0x0, 0x2d5, 0x7, 0xfffffffa, 0x1000, 0x6, 0x94, 0x15a, 0x4, 0x6, 0x2, 0x4002, 0x2, 0x4, 0xfff, 0x5, 0x1, 0x3, 0x4003, 0x80, 0x7a5b054a, 0x8, 0xffffff80, 0x1, 0xfff, 0x3, 0xb, 0x8, 0x3, 0x4, 0x2, 0x6, 0xf, 0x2, 0x7, 0x1, 0x77, 0x20009, 0x274d, 0x6, 0x40, 0xfffffffe, 0xb, 0x7, 0x1, 0x9ab, 0x7, 0xffffffc0, 0xa95, 0x2000007, 0x3c, 0x2c7, 0x7, 0x8, 0x4, 0x0, 0x99f, 0x5, 0x7ff, 0x0, 0x6, 0x4, 0x4, 0xb, 0x7ff, 0x1e, 0x3, 0xe49, 0x56, 0x9, 0x1, 0x6, 0x2, 0x6a1c, 0x9, 0x8, 0x4dbda2da, 0x7fff, 0x5, 0x5, 0x0, 0x7, 0x8, 0x7fff, 0xed, 0x7fff, 0x1000, 0xcbe, 0x7ff, 0x6, 0x8, 0xb, 0xff, 0x5, 0x1, 0x377a0eb2, 0x9, 0x5, 0x8, 0x5, 0x4, 0xfffffffd, 0x2, 0xeffe, 0xe74, 0x8]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x6, 0x3a40da20, 0x9, 0x7, 0x4, 0x8000, 0x7fffffff, 0x2, 0x1, 0x7fff, 0x86, 0x10000, 0x2, 0x40, 0x2, 0x99d, 0x6, 0xffffff92, 0xe9c, 0x3ff, 0xfffffffe, 0x10001, 0xa, 0xfffff000, 0x7f, 0x4, 0x0, 0x81, 0x6f0, 0x18e, 0x8, 0x4, 0x3, 0x4, 0x2, 0xffffffff, 0x0, 0x80000000, 0x3, 0x9, 0xfffc, 0x2, 0xd, 0x3, 0x5, 0x1, 0x80000001, 0x8, 0x7, 0x2, 0xd92e, 0x7fffffff, 0x3, 0x90, 0xc0, 0x5b, 0x1, 0xe6, 0x1, 0x5, 0x1000, 0x3, 0x10, 0x0, 0x71ad, 0x6, 0x6, 0x100, 0xf3, 0x1, 0xa92, 0x0, 0x6, 0x7, 0x10001, 0x8, 0xb, 0x10000, 0x3, 0x3, 0x3, 0x5, 0x5, 0x1, 0xee7e, 0x800, 0x81, 0x7fff, 0x1, 0x4, 0x5, 0x4, 0xffffff89, 0x7, 0xfffffff3, 0x2, 0xffffffff, 0x9, 0x5, 0x2, 0x101, 0x7fffffff, 0xfffff001, 0x6, 0x4, 0xffffffff, 0x5, 0x9, 0x1, 0x0, 0xb3e, 0x8, 0xf3, 0x401, 0x401, 0x9, 0x8, 0x2, 0xb, 0x0, 0x0, 0x9, 0xffffffff, 0x25c, 0x7, 0x100005, 0x0, 0x5, 0xfffffff9, 0x3, 0xe2, 0x8, 0x1, 0x8, 0x9, 0x0, 0x9, 0x2, 0x1, 0x9, 0x80, 0x5, 0xd3c3, 0x5, 0x2, 0x1, 0x472a8800, 0xc, 0xfffffff0, 0xfffffff8, 0x9, 0x8, 0xfffffffc, 0x9, 0x5, 0x9, 0x5, 0x6, 0x6, 0x7, 0x87f, 0x59, 0x4eedcacd, 0x1, 0x4, 0x9df4, 0x2, 0x7, 0x5, 0xdff8, 0x3828, 0x0, 0x1, 0x7, 0xcf6, 0x7f, 0x4, 0x7, 0x2120, 0xfffffffa, 0x80, 0x3, 0xdbff, 0x52b6, 0xfffffffa, 0x49, 0x70, 0x0, 0xe1, 0x1401, 0xa, 0x101, 0x3ff, 0x101, 0x10001, 0x7ffe, 0x80000000, 0x81, 0xfffffff7, 0x3, 0x1, 0x7514, 0x7, 0x3, 0xf, 0x4, 0x2, 0x9, 0x4, 0x10000, 0x3ff, 0x0, 0x100, 0x7ef2, 0x300000, 0x1, 0xe, 0xd, 0x4, 0x6, 0x8, 0x4, 0x10001, 0xc01, 0x400, 0x436, 0x3, 0x205, 0x0, 0x0, 0xffffffff, 0xbc, 0xa8, 0x0, 0x6, 0x7, 0x800001, 0x81, 0x3, 0x2, 0x7, 0x4, 0x4, 0x2445c87b, 0x6, 0xd, 0x9, 0x2, 0x10, 0x2, 0x7, 0x57, 0x5, 0xd, 0x1000, 0x3]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xff, 0x7, 0x2, 0x7ff, 0x6, {0x9, 0x1, 0x8, 0xef3, 0x9, 0x1}, {0x2, 0x1, 0x2, 0x827, 0x29a, 0x100}, 0x3, 0x9, 0x7}}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x5}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x898}}, 0x0)
kexec_load(0x5, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x8, 0x7f}], 0x3e0000)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
sendfile(r5, r5, 0x0, 0x40000f63c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="18020000f9ff300000003d5342668b54d9d4e084683b54b6e734e62731d5d05063300b26a4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffc, @void, @value}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xffffffffffffffe9)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r6}, &(0x7f0000000040), &(0x7f0000000280)='%-010d \x00'}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000c6f000/0x1000)=nil, 0x1000, 0x3, &(0x7f0000000180)=0x6, 0x0, 0x3)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000ec0)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x100000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

784.139758ms ago: executing program 3 (id=3101):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f00000006c0)={'gretap0\x00', <r1=>0x0, 0x700, 0x7800, 0x8, 0x494f, {{0x41, 0x4, 0x0, 0x13, 0x104, 0x68, 0x0, 0x3, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x27}, @loopback, {[@noop, @timestamp_prespec={0x44, 0x4, 0x6, 0x3, 0xb}, @cipso={0x86, 0x65, 0x2, [{0x1, 0xa, "a6945722a0c580eb"}, {0x1, 0xc, "7d040b1a78907d860613"}, {0x7, 0xf, "d5703cbfe2d299fcd2f5abcd40"}, {0x6, 0x6, "ee283ecc"}, {0x7, 0x11, "d580bd63d22e0511401bb6f84f235f"}, {0x6, 0x12, "21faba299b90938e58f8fac71e64a82c"}, {0x0, 0x11, "45e528b9291311580fcaea25f677a0"}]}, @ssrr={0x89, 0xb, 0xf3, [@loopback, @private=0xa010102]}, @timestamp_addr={0x44, 0x4c, 0x26, 0x1, 0x3, [{@rand_addr=0x64010101, 0x3}, {@local, 0x6a8}, {@private=0xa010102, 0x7}, {@multicast1, 0x2}, {@multicast1, 0x9}, {@multicast2, 0x1}, {@local, 0x6}, {@private=0xa010100, 0x3}, {@rand_addr=0x64010102, 0x10}]}, @rr={0x7, 0xb, 0x25, [@multicast1, @local]}, @timestamp={0x44, 0xc, 0x92, 0x0, 0xb, [0x6, 0x1]}, @generic={0x82, 0xc, "26408adf1babb25676b8"}, @ssrr={0x89, 0xb, 0x40, [@local, @broadcast]}, @noop]}}}}})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', r1, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$packet(0x11, 0x2, 0x300)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x7fff]}, 0x8, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000200007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6fc0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed4040, &(0x7f00000002c0)={[{@noblock_validity}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}, {@journal_dev={'journal_dev', 0x3d, 0x803}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000}}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x2}}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@init_itable_val={'init_itable', 0x3d, 0x5}}]}, 0xf5, 0x47a, &(0x7f0000000ac0)="$eJzs3M9vFFUcAPDvTLel5YdFxB8gaBWMxB8tLT/kYGI0mnjQaKIHjKd1WwhSwEBNhBBFDxjjwZB4Nx5N/As86cWoJxOveDckxHABPa2ZnRnaLrulpQu7uJ9PMux7M7O89903b/fNe7sNoG+NZf8kEesj4mJEjEZEpfmEsfzh2pWztX+unK0lUa+/9XeSPS2uXjlbK/6LxpZZl++o14v8mhblnn83ojo7O3OyyE/MHftg4tTpM88eOVY9PHN45vjUgQN792wf2j+1ryNxZnFd3frxiW1bXn3nwuu1gxfe+/X7rL7ri+NlHJ00lr+6LT3R6cK6bMOCdFLpYkVYkazdBovtYozGQIxcPzYar3zW1coBt1ul1edz4Vwd+B/LBupAPyo/6LP733K7Q+OOnnD5xXzCI4v7WrHlRyqRFucMNt3fdtJwRBw89+832Ra3aR4CAGChH7PxzzOtxn9pPLDgvHuKNZSNEXFvRGyKiPsiYnNE3B/ROPfBiHhoheU3r5DcOP5JLy3K1gdWWMLSsvHf88Xa1uLxXzn6i40DRW5DI/7B5NCR2ZndxWuyKwbXZPnJRU9Z7KeX//iqed+XxTT72ILxX7Zl5S+OML3UPEE3XZ2rrj7y3OVPI7ZWWsWfXF8HTCJiS0RsvcUyjjz13bZ2x1rFX46Fb6oD60z1byOezNv/XDTFX0rark9OPrd/at/EcMzO7J4or4ob/fb7+Tfblb+q+Dsga/+1La//PP7sHjEZjjh1+szRxnrtqVso5M/Pa0mbQ5tvGv+N139tZ8RQ8nYjPVSeVTwOJa9lDyPl/o+qc3Mnp+afW+Ybj5N5/Lt2zMdfjfn+vym/PWu8Eg9HRHYRb4+IRyLi0aLtHouIxyNixxLh//LSzvfbHWvf/kvMyndQFv/0Eu2fveVlqfn2X3li4OjPP7Qrv76s9t/bSO0q9izn/W+5FVzNawcAAAB3i7TxHfgkHb+eTtPx8fw7/JtjbVqJiKcPnfjw+HT+XfmNMZiWM12jC+ZDJ4u54TI/1ZTfU8wbfz0w0siP107MTnc7eOhz69r0/8xfnV1qAXqR32tB/9L/oX/p/9C/9H/oXy90uwJAdwy13v3Jna4H0BUrH/8P35Z6AHee+3/oX/o/9C/9H/pS29/Gp6v6yf/dmqj0RjVaJkZ6oxplItKeqEbnEm98kXeJXqlPmags+49Z3GJiTctD3X5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6Iz/AgAA///NIdoS")
setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
close(r3)

757.257369ms ago: executing program 0 (id=3102):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000e80)=@nat={'nat\x00', 0x8, 0x5, 0x600, 0x0, 0x208, 0xffffffff, 0x2f8, 0x0, 0x558, 0x558, 0xffffffff, 0x558, 0x558, 0x5, 0x0, {[{{@uncond, 0xb7030000, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x1d, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @ipv6=@private0, @port, @gre_key}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, [0x80000000, 0xffffffff, 0x0, 0xff000000], [0xff, 0x0, 0xffffff00, 0xffffffff], 'veth0_to_hsr\x00', 'nr0\x00', {}, {0xff}, 0x33, 0x4, 0x4, 0x42}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv4=@loopback, @ipv6=@dev, @icmp_id, @icmp_id}}}, {{@ipv6={@mcast1, @local, [], [], 'wg1\x00', 'virt_wifi0\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @ipv4, @icmp_id, @icmp_id}}}, {{@ipv6={@rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @empty}, [], [], 'dummy0\x00', 'syzkaller0\x00', {}, {}, 0x0, 0x0, 0x7}, 0x0, 0x218, 0x260, 0x0, {}, [@common=@inet=@sctp={{0x148}}, @common=@mh={{0x28}, {"0c06"}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv4=@multicast1, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id, @icmp_id}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x660)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0xb76e}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000400396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kfree\x00', r2, 0x0, 0x8000000000}, 0x18)
perf_event_open(&(0x7f0000000100)={0x4, 0x80, 0x44, 0x0, 0x0, 0x0, 0x0, 0x100, 0xab20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="4800000010000104000000020400000000000000", @ANYRES32=r4, @ANYBLOB="000000070000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=r4], 0x48}}, 0x0)

749.032199ms ago: executing program 3 (id=3103):
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)={'#! ', '', [{0x20, 'memory.events\x00'}]}, 0x13)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)={0x14, r3, 0x28543634fae43ad, 0x0, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x20000054}, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x8404, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={&(0x7f0000000080)}, 0x400, 0x0, 0x0, 0x0, 0x0, 0x1fffffff, 0x0, 0x0, 0x40, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x74}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}]}}}]}, @NFT_MSG_NEWSETELEM={0x50, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0xfffc}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x24, 0x3, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPR={0x14, 0x7, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x100}, 0x1, 0x0, 0x0, 0x4040854}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r5}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
r9 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000880)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0902000000000000000001"], 0x38}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f00000003c0)=@ringbuf={{}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

651.80667ms ago: executing program 4 (id=3104):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r3, 0x0, r5, 0x0, 0xf3a, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='sched_switch\x00', r6}, 0x18)
write(r1, &(0x7f0000000240)="94", 0x1)
tee(r0, r5, 0x8f5, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000340)={0x0, <r7=>0x0})
fcntl$lock(r3, 0x5, &(0x7f00000002c0)={0x1, 0x1, 0xccf3, 0xa, r7})
write(r2, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000003c0)={[{@jqfmt_vfsv1}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@orlov}, {@abort}, {@abort}, {@stripe={'stripe', 0x3d, 0x10}}]}, 0x64, 0x51b, &(0x7f0000000f80)="$eJzs3UFrJFkdAPB/ddIzyUxmk1UPuuC6uiuZQac72bi7wcO6guhpQV3vY0w6IaSTDunO7iQsmsEPIIio4EkvXoT9AIIsePEowoCeFRVFdEYPHnRKqruSyWSqkx6nJ51J/35QqVev6vX/vQ5VXa/qURXA0HohIt6IiHtpml6LiMk8v5RPsdeZsu3u3nl3MZuSSNO3/p5Ekuftf1aSzy/nxcYi4qtfivhG8nDc5s7u2kK9XtvKl6ut9c1qc2f3+ur6wkptpbYxNzf76vxr86/Mz/SlnVci4vUv/Pn73/npF1//xaff+cONv179ZlatiXz94XZ0dbEwd/S4Ip2ml9vfxeECW49S+TNutN3C3HjRFiMP5dx6wnUCAKBYdo7/gYj4RERci8kYOf50FgAAAHgKpZ+biP8kEWmxC13yAQAAgKdIqT0GNilV8rEAE1EqVSqdMbwfikuleqPZ+tRyY3tjqTNWdirKpeXVem0mHys8FeUkW55tp+8vv3xkeS4ino2I702Ot5cri4360qAvfgAAAMCQuHyk//+vyU7/HwAAADhnpgZdAQAAAOCJ0/8HAACA869r/9+7AAAAAOA8+PKbb2ZTuv/+66W3d7bXGm9fX6o11yrr24uVxcbWZmWl0VhpP7Nv/aTPqzcam5+Jje2b1Vat2ao2d3ZvrDe2N1o3Vh94BTYAAABwip792Pu/SyJi77Pj7SlzobeiPW4GnFX3R/gk+bxgt/79M535n06pUsCpGBl0BYCBMcIXhld50BUABi45YX3XwTu/zucf7299AACA/pv+SPf7/6VjS+4dvxo48+zEMLzc/4fh1b7/3+tIXicLcK6UnQHA0Hvs+/8nStNHqhAAANB3E+0pKVXyy3sTUSpVKhFX2q8FKCfLq/XaTEQ8ExG/nSxfzJZn2yWTE/sMAAAAAAAAAAAAAAAAAAAAAAAAAEBHmiaRAgAAAOdaROkvyS87z/Kfnnxp4uj1gQvJvycjf0XoOz966wc3F1qtrdks/x8H+a0f5vkvD+IKBgAAAAyFR3qB/34/fb8fDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD9dPfOu4v702nG/dvnI2KqKP5ojLXnY1GOiEv/TGL0ULkkIkb6EH88+/PhovhJVq2DkEXxx/sQf+/WsfFjKv8WiuJf7kN8GGbvZ8efN4r2v1K80J4X73+jEQ8s/7+6H//i4Pg30mX/v9JjjOduv1ftGv9WxHOjxcef/fhJl/gv9hj/61/b3e22Lv1xxHTh70/yQKxqa32z2tzZvb66vrBSW6ltzM3Nvjr/2vwr8zPV5dV6Lfv73sWZwhjf/ejP7x3X/ktd4k+d0P6Xemz/f2/fvPPBTrJcFP/qiwXxf/WTfIuH45fy375P5uls/fR+eq+TPuz5n/3m+ePav9Sl/Sf9/6/22P5rX/n2H3vcFAA4Bc2d3bWFer22dW4TWS/9DFRD4gwmvtXXD0zTNM32qcf4nCTOwtfSTgz6yAQAAPTb/ZP+QdcEAAAAAAAAAAAAAAAAAAAAhtcJjwEbi4jHfpzY0Zh7B6mkH4/QBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoi/8FAAD//8im168=")
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))

558.951721ms ago: executing program 0 (id=3105):
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)
creat(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setresgid(0xee00, 0xee01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r1 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
r2 = dup2(r1, r1)
write$tun(r2, 0x0, 0x46)

557.981632ms ago: executing program 3 (id=3106):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000200)=0x9, 0x8, 0x0)
mmap(&(0x7f0000543000/0x1000)=nil, 0x1000, 0x0, 0x2031, 0xffffffffffffffff, 0xcc4c6000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x2000, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x27fa7000)

510.685112ms ago: executing program 4 (id=3107):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000001340)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0400000000000000000000000000000000000000d3e1202139f5fbe004ba9f18dc0bfce6caef5af30f8c550810019483b1fc13e94a127620544b664b237d310069350c386685f33a31e606bc33341fb27bc67de49d912225000b31e2a61ab37fc8418a7b62a6155b0635a0e9000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000358c3b90670468ad00000018110300", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001540)=@newtaction={0x898, 0x30, 0x12f, 0x4000, 0x0, {}, [{0x884, 0x1, [@m_police={0x880, 0x1, 0x0, 0x0, {{0xb}, {0x854, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x7c3, 0x2, 0x3, 0xffffff81, 0x10, 0xc, 0x2, 0x3, 0x40, 0x200, 0x8, 0x9, 0x0, 0x5, 0x0, 0x8, 0xa, 0x6, 0x200, 0x1, 0x3, 0xcc37, 0x5, 0xb5, 0x8, 0x4, 0x0, 0x6, 0xfb1, 0x72a4, 0xd, 0x7fff, 0x5, 0x3, 0x0, 0x2, 0x7, 0xc3a0, 0x4, 0xc, 0x0, 0xaf, 0x1, 0x6, 0x5, 0x6, 0x5, 0x80, 0xe, 0x2, 0x7, 0x6, 0x7, 0x1991, 0x8, 0xfffffe29, 0x5, 0x3, 0x101, 0xfff, 0x4, 0x5, 0x8000, 0x4, 0x7, 0x0, 0x0, 0xfffffff3, 0x1, 0x9, 0x80020003, 0x2, 0x3, 0x5, 0x101, 0x1, 0xfffffffc, 0x6, 0x7fffffff, 0x200, 0x1, 0x7309, 0x6, 0x3, 0x100, 0x2, 0x7, 0x6d0, 0x226, 0x7ff, 0x0, 0x6, 0x7, 0xfffff001, 0x6, 0x7ed8, 0x203, 0xffff, 0x0, 0x0, 0x249, 0x5, 0x2fbf, 0x2, 0x8000, 0x7, 0x25fe9fd5, 0x1, 0x9, 0x1, 0xe, 0x9, 0x0, 0x10000003, 0x4e, 0xa158, 0x8, 0x1, 0x119203c5, 0xd0, 0x7, 0x80000001, 0x3226, 0x8, 0x3, 0x4, 0xc64f, 0xffffff6e, 0x5, 0x6, 0x6, 0xfffffff7, 0x6, 0x7, 0x1, 0xc, 0x6, 0x7, 0x200, 0x60459141, 0x1, 0x5, 0x101, 0x84, 0x0, 0x1, 0x5, 0x2, 0x29dc, 0x0, 0x2d5, 0x7, 0xfffffffa, 0x1000, 0x6, 0x94, 0x15a, 0x4, 0x6, 0x2, 0x4002, 0x2, 0x4, 0xfff, 0x5, 0x1, 0x3, 0x4003, 0x80, 0x7a5b054a, 0x8, 0xffffff80, 0x1, 0xfff, 0x3, 0xb, 0x8, 0x3, 0x4, 0x2, 0x6, 0xf, 0x2, 0x7, 0x1, 0x77, 0x20009, 0x274d, 0x6, 0x40, 0xfffffffe, 0xb, 0x7, 0x1, 0x9ab, 0x7, 0xffffffc0, 0xa95, 0x2000007, 0x3c, 0x2c7, 0x7, 0x8, 0x4, 0x0, 0x99f, 0x5, 0x7ff, 0x0, 0x6, 0x4, 0x4, 0xb, 0x7ff, 0x1e, 0x3, 0xe49, 0x56, 0x9, 0x1, 0x6, 0x2, 0x6a1c, 0x9, 0x8, 0x4dbda2da, 0x7fff, 0x5, 0x5, 0x0, 0x7, 0x8, 0x7fff, 0xed, 0x7fff, 0x1000, 0xcbe, 0x7ff, 0x6, 0x8, 0xb, 0xff, 0x5, 0x1, 0x377a0eb2, 0x9, 0x5, 0x8, 0x5, 0x4, 0xfffffffd, 0x2, 0xeffe, 0xe74, 0x8]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x6, 0x3a40da20, 0x9, 0x7, 0x4, 0x8000, 0x7fffffff, 0x2, 0x1, 0x7fff, 0x86, 0x10000, 0x2, 0x40, 0x2, 0x99d, 0x6, 0xffffff92, 0xe9c, 0x3ff, 0xfffffffe, 0x10001, 0xa, 0xfffff000, 0x7f, 0x4, 0x0, 0x81, 0x6f0, 0x18e, 0x8, 0x4, 0x3, 0x4, 0x2, 0xffffffff, 0x0, 0x80000000, 0x3, 0x9, 0xfffc, 0x2, 0xd, 0x3, 0x5, 0x1, 0x80000001, 0x8, 0x7, 0x2, 0xd92e, 0x7fffffff, 0x3, 0x90, 0xc0, 0x5b, 0x1, 0xe6, 0x1, 0x5, 0x1000, 0x3, 0x10, 0x0, 0x71ad, 0x6, 0x6, 0x100, 0xf3, 0x1, 0xa92, 0x0, 0x6, 0x7, 0x10001, 0x8, 0xb, 0x10000, 0x3, 0x3, 0x3, 0x5, 0x5, 0x1, 0xee7e, 0x800, 0x81, 0x7fff, 0x1, 0x4, 0x5, 0x4, 0xffffff89, 0x7, 0xfffffff3, 0x2, 0xffffffff, 0x9, 0x5, 0x2, 0x101, 0x7fffffff, 0xfffff001, 0x6, 0x4, 0xffffffff, 0x5, 0x9, 0x1, 0x0, 0xb3e, 0x8, 0xf3, 0x401, 0x401, 0x9, 0x8, 0x2, 0xb, 0x0, 0x0, 0x9, 0xffffffff, 0x25c, 0x7, 0x100005, 0x0, 0x5, 0xfffffff9, 0x3, 0xe2, 0x8, 0x1, 0x8, 0x9, 0x0, 0x9, 0x2, 0x1, 0x9, 0x80, 0x5, 0xd3c3, 0x5, 0x2, 0x1, 0x472a8800, 0xc, 0xfffffff0, 0xfffffff8, 0x9, 0x8, 0xfffffffc, 0x9, 0x5, 0x9, 0x5, 0x6, 0x6, 0x7, 0x87f, 0x59, 0x4eedcacd, 0x1, 0x4, 0x9df4, 0x2, 0x7, 0x5, 0xdff8, 0x3828, 0x0, 0x1, 0x7, 0xcf6, 0x7f, 0x4, 0x7, 0x2120, 0xfffffffa, 0x80, 0x3, 0xdbff, 0x52b6, 0xfffffffa, 0x49, 0x70, 0x0, 0xe1, 0x1401, 0xa, 0x101, 0x3ff, 0x101, 0x10001, 0x7ffe, 0x80000000, 0x81, 0xfffffff7, 0x3, 0x1, 0x7514, 0x7, 0x3, 0xf, 0x4, 0x2, 0x9, 0x4, 0x10000, 0x3ff, 0x0, 0x100, 0x7ef2, 0x300000, 0x1, 0xe, 0xd, 0x4, 0x6, 0x8, 0x4, 0x10001, 0xc01, 0x400, 0x436, 0x3, 0x205, 0x0, 0x0, 0xffffffff, 0xbc, 0xa8, 0x0, 0x6, 0x7, 0x800001, 0x81, 0x3, 0x2, 0x7, 0x4, 0x4, 0x2445c87b, 0x6, 0xd, 0x9, 0x2, 0x10, 0x2, 0x7, 0x57, 0x5, 0xd, 0x1000, 0x3]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xff, 0x7, 0x2, 0x7ff, 0x6, {0x9, 0x1, 0x8, 0xef3, 0x9, 0x1}, {0x2, 0x1, 0x2, 0x827, 0x29a, 0x100}, 0x3, 0x9, 0x7}}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x5}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x898}}, 0x0)
kexec_load(0x5, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x8, 0x7f}], 0x3e0000)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
sendfile(r5, r5, 0x0, 0x40000f63c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="18020000f9ff300000003d5342668b54d9d4e084683b54b6e734e62731d5d05063300b26a4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffc, @void, @value}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xffffffffffffffe9)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r6}, &(0x7f0000000040), &(0x7f0000000280)='%-010d \x00'}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000c6f000/0x1000)=nil, 0x1000, 0x3, &(0x7f0000000180)=0x6, 0x0, 0x3)

494.980873ms ago: executing program 0 (id=3108):
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x8b6}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000300)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r0, 0x0, &(0x7f0000000040)='./file0\x00', 0x64, 0x183000, 0x23456})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
io_uring_enter(r0, 0x47f6, 0x0, 0x2, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f0000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4, 0x0, 0xffffffffffffffff}, 0x18)

479.714593ms ago: executing program 2 (id=3109):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @multicast2}, 0x2}}, 0x2e)
r2 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x4, 0x0, 0x0, 0x5, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x67a, 0x1, 0xfffffffe, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000240)=ANY=[@ANYRES64=r0, @ANYRES32=r3, @ANYRESDEC=r2, @ANYRESOCT=r0, @ANYRESHEX=r0, @ANYBLOB="bd59fd72ee6b7763c7684e11bd21f01d44c988d38bf564c0443a27c89e4f894393e10a79479b4caf1f55f71f85a94f98eb7b3cb28136f6380e7d0d96cd2af03b8635379589b1f9acd94e0a64776202b28e2e63f376d90c74394792948d9476eec5afe22504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r4 = syz_open_procfs(0x0, &(0x7f0000000440)='attr\x00')
getdents64(r4, &(0x7f0000000300)=""/55, 0x37)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b000000000084eee2b845e14a2ca34667abc0c42cc01d7cbed6e5af26da98ce9d9e9f5ca852bee8406800d5ee2c4a2c87464e1e67cfe9e5fdb6f24eb125367a24d3820725e3328a4369e0ce9d0fab53740fc0ba1847f484a89268db6086f7d35931d6dfe9e1a5cef946b4cf8a1040ff2c2158f0988de7c695aae91acca55d63750baccb7f00f73f4c720ce5eb3c0aa646d5c7b6ac724516370fb846bb934b846a85a1e9569e475393bfffca4a7657c772de5b94813fa3b7f72df765477540419f35eb7f10122edb8cc42243c22f3d2b3ac2f5d7e2bfba2f663811bfdfb6b10d0e30a793333099e742bc09a0a2912e6e6b69f7c0a1ce5896e0f079384b8657019b89aa55b2d19ca4aaf87c", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000100000006000000000050dfcbc2e992c5d7df1267927b70572ac301aae9ed798728b21a91d7a645a4d61cc81c22fd86101ee11e19472f23cfeb", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r7}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r5, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'})
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000001c0)='mm_page_free\x00', r8, 0x0, 0x6}, 0x18)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r9, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1)
r10 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
sendfile(r10, r10, 0x0, 0x800000009)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r11}, 0x10)
r12 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r12, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x2, 0x2}}, 0x26)
close_range(r1, 0xffffffffffffffff, 0x0)

473.967343ms ago: executing program 3 (id=3110):
ioperm(0x0, 0xd, 0x4000000000000020)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x4, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000001300)=ANY=[@ANYRES16=r0, @ANYRESOCT=r3, @ANYBLOB="e45281e450648cde60792606f78d70cf68b61efcbbefb214b4964c08c246709b4ed1b1357e0d2ec5bae6857351bcb9ccc0d0cfb797c72ea65e9381ca28e35f78d88e15cf4a7d103a24e92bcdcdc89a7e61d07e4920fa237f7655bf36244542ee1e786558c28fed127274ffa7fdcca0af4aff686897c99806136481aac9b18c38b44ade39e3725242f29bf6984c444ff716d7054599361117214897e53b5c877032a25f8ace5f6c7b949ea4d8e7f02573df70faaffac5a790926d7489c4a191735a2c076964a837f75ede062e680a98443608", @ANYRES8=r1], 0x69)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000001140)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b7040000000000008500000001"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r5, 0x0, 0x5}, 0x18)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x80000072)
r6 = socket$netlink(0x10, 0x3, 0x14)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb, 0xc, &(0x7f0000000f40)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000840)=@bpf_tracing={0x1a, 0x7, &(0x7f0000000a00)=ANY=[@ANYRESHEX, @ANYRES32, @ANYBLOB="00000000000000009500000000000000"], &(0x7f0000000540)='GPL\x00', 0x9, 0xb4, &(0x7f0000000640)=""/180, 0x41000, 0x0, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000580)={0x3, 0xc, 0x80000000, 0x10}, 0x10, 0x2c226, 0xffffffffffffffff, 0x0, &(0x7f0000000700)=[r4, r4, 0xffffffffffffffff], 0x0, 0x10, 0x9, @void, @value}, 0x94)
process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00'}, 0x10)
process_vm_writev(0x0, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0xc, 0x0, 0x0, &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = perf_event_open(&(0x7f0000000fc0)={0x2, 0x80, 0x82, 0x1, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x40}, 0x0, 0x0, 0x3, 0x4, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x40082406, &(0x7f0000000180)='cpu>=0||!')
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000740)=ANY=[@ANYBLOB="38000000031401002dbd7000020000000900020073797a320000000008004100736977001400330064756d6d793000000000000000000000d4cbb521a6b4fd39b9d42f7145f268ab8a36fdb0541b8ebe22ae0614de39697406e5a79d406f07ae08c22c384be0956bac838170ddafcc1e661c59572641925391a3ccc741a35f93231f9ac1966f529306a48b57de78d0443cb20d35ee4a"], 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
ioperm(0x4, 0x2, 0x9)

447.906733ms ago: executing program 2 (id=3111):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000200)=0x9, 0x8, 0x0)
mmap(&(0x7f0000543000/0x1000)=nil, 0x1000, 0x0, 0x2031, 0xffffffffffffffff, 0xcc4c6000)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x2000, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x27fa7000)

380.747434ms ago: executing program 3 (id=3112):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000340)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@data_err_abort}, {@dioread_lock}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
lsetxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0xfe37, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x41, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_pts(0xffffffffffffffff, 0x800)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
faccessat2(r0, &(0x7f0000000040)='\x00', 0x1, 0x1300)
r1 = socket(0x15, 0x5, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
getsockopt(r1, 0x200000000114, 0x271b, 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOVER(0xffffffffffffffff, 0x80049363, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000940)=""/3, 0x3, 0x3, 0x4, 0x0, 0x0, 0xc08}}, 0x120)
readv(r3, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}, {0x0, 0x4}], 0x2)
write$UHID_DESTROY(r3, &(0x7f0000000200), 0x4)

276.807686ms ago: executing program 0 (id=3113):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f00000006c0)={'gretap0\x00', <r1=>0x0, 0x700, 0x7800, 0x8, 0x494f, {{0x41, 0x4, 0x0, 0x13, 0x104, 0x68, 0x0, 0x3, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x27}, @loopback, {[@noop, @timestamp_prespec={0x44, 0x4, 0x6, 0x3, 0xb}, @cipso={0x86, 0x65, 0x2, [{0x1, 0xa, "a6945722a0c580eb"}, {0x1, 0xc, "7d040b1a78907d860613"}, {0x7, 0xf, "d5703cbfe2d299fcd2f5abcd40"}, {0x6, 0x6, "ee283ecc"}, {0x7, 0x11, "d580bd63d22e0511401bb6f84f235f"}, {0x6, 0x12, "21faba299b90938e58f8fac71e64a82c"}, {0x0, 0x11, "45e528b9291311580fcaea25f677a0"}]}, @ssrr={0x89, 0xb, 0xf3, [@loopback, @private=0xa010102]}, @timestamp_addr={0x44, 0x4c, 0x26, 0x1, 0x3, [{@rand_addr=0x64010101, 0x3}, {@local, 0x6a8}, {@private=0xa010102, 0x7}, {@multicast1, 0x2}, {@multicast1, 0x9}, {@multicast2, 0x1}, {@local, 0x6}, {@private=0xa010100, 0x3}, {@rand_addr=0x64010102, 0x10}]}, @rr={0x7, 0xb, 0x25, [@multicast1, @local]}, @timestamp={0x44, 0xc, 0x92, 0x0, 0xb, [0x6, 0x1]}, @generic={0x82, 0xc, "26408adf1babb25676b8"}, @ssrr={0x89, 0xb, 0x40, [@local, @broadcast]}, @noop]}}}}})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', r1, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$packet(0x11, 0x2, 0x300)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x7fff]}, 0x8, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000200007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6fc0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
close(r3)

275.977886ms ago: executing program 2 (id=3114):
socket$inet6(0x10, 0x3, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fc2000000800410073697700140033006c6f00"/56], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x11d000, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000480)='net_dev_xmit\x00', r0, 0x0, 0xfffffffffffffffc}, 0x18)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000100)='kmem_cache_free\x00', r5, 0x0, 0xfffffffffffffff8}, 0x18)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f0000000140))
pwritev(r6, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd", 0x2}], 0x1, 0x0, 0x9)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
close(r7)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r9}, 0x18)
perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x56, 0x8}, 0x200, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
ioctl$SIOCSIFHWADDR(r7, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, 0x0, 0x0}, 0x20)

196.202147ms ago: executing program 3 (id=3115):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
rseq(&(0x7f0000002d80), 0x20, 0x0, 0x0)
unshare(0x28000600)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast})
write$tun(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="00000000ffffffffffffaaaaaaaaaabb0800450045ac00006000002f9078ac1e0001e00000010008655800189078040000000000001386dd"], 0xfdef)
bind$unix(r0, &(0x7f0000000040)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
r5 = syz_open_procfs(0x0, &(0x7f0000000180)='net/udp\x00')
preadv(r5, &(0x7f00000021c0)=[{&(0x7f00000001c0)=""/4075, 0xfeb}], 0x1, 0x96, 0x5)
pread64(r5, &(0x7f00000011c0)=""/145, 0x91, 0x2)
set_mempolicy(0x3, &(0x7f00000000c0)=0x9, 0x10001)
mbind(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x8e0aca6f74c4305b, 0x0, 0x8, 0x2)

154.680808ms ago: executing program 0 (id=3116):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r3, 0x0, r5, 0x0, 0xf3a, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='sched_switch\x00', r6}, 0x18)
write(r1, &(0x7f0000000240)="94", 0x1)
tee(r0, r5, 0x8f5, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000340)={0x0, <r7=>0x0})
fcntl$lock(r3, 0x5, &(0x7f00000002c0)={0x1, 0x1, 0xccf3, 0xa, r7})
write(r2, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000003c0)={[{@jqfmt_vfsv1}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@orlov}, {@abort}, {@abort}, {@stripe={'stripe', 0x3d, 0x10}}]}, 0x64, 0x51b, &(0x7f0000000f80)="$eJzs3UFrJFkdAPB/ddIzyUxmk1UPuuC6uiuZQac72bi7wcO6guhpQV3vY0w6IaSTDunO7iQsmsEPIIio4EkvXoT9AIIsePEowoCeFRVFdEYPHnRKqruSyWSqkx6nJ51J/35QqVev6vX/vQ5VXa/qURXA0HohIt6IiHtpml6LiMk8v5RPsdeZsu3u3nl3MZuSSNO3/p5Ekuftf1aSzy/nxcYi4qtfivhG8nDc5s7u2kK9XtvKl6ut9c1qc2f3+ur6wkptpbYxNzf76vxr86/Mz/SlnVci4vUv/Pn73/npF1//xaff+cONv179ZlatiXz94XZ0dbEwd/S4Ip2ml9vfxeECW49S+TNutN3C3HjRFiMP5dx6wnUCAKBYdo7/gYj4RERci8kYOf50FgAAAHgKpZ+biP8kEWmxC13yAQAAgKdIqT0GNilV8rEAE1EqVSqdMbwfikuleqPZ+tRyY3tjqTNWdirKpeXVem0mHys8FeUkW55tp+8vv3xkeS4ino2I702Ot5cri4360qAvfgAAAMCQuHyk//+vyU7/HwAAADhnpgZdAQAAAOCJ0/8HAACA869r/9+7AAAAAOA8+PKbb2ZTuv/+66W3d7bXGm9fX6o11yrr24uVxcbWZmWl0VhpP7Nv/aTPqzcam5+Jje2b1Vat2ao2d3ZvrDe2N1o3Vh94BTYAAABwip792Pu/SyJi77Pj7SlzobeiPW4GnFX3R/gk+bxgt/79M535n06pUsCpGBl0BYCBMcIXhld50BUABi45YX3XwTu/zucf7299AACA/pv+SPf7/6VjS+4dvxo48+zEMLzc/4fh1b7/3+tIXicLcK6UnQHA0Hvs+/8nStNHqhAAANB3E+0pKVXyy3sTUSpVKhFX2q8FKCfLq/XaTEQ8ExG/nSxfzJZn2yWTE/sMAAAAAAAAAAAAAAAAAAAAAAAAAEBHmiaRAgAAAOdaROkvyS87z/Kfnnxp4uj1gQvJvycjf0XoOz966wc3F1qtrdks/x8H+a0f5vkvD+IKBgAAAAyFR3qB/34/fb8fDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD9dPfOu4v702nG/dvnI2KqKP5ojLXnY1GOiEv/TGL0ULkkIkb6EH88+/PhovhJVq2DkEXxx/sQf+/WsfFjKv8WiuJf7kN8GGbvZ8efN4r2v1K80J4X73+jEQ8s/7+6H//i4Pg30mX/v9JjjOduv1ftGv9WxHOjxcef/fhJl/gv9hj/61/b3e22Lv1xxHTh70/yQKxqa32z2tzZvb66vrBSW6ltzM3Nvjr/2vwr8zPV5dV6Lfv73sWZwhjf/ejP7x3X/ktd4k+d0P6Xemz/f2/fvPPBTrJcFP/qiwXxf/WTfIuH45fy375P5uls/fR+eq+TPuz5n/3m+ePav9Sl/Sf9/6/22P5rX/n2H3vcFAA4Bc2d3bWFer22dW4TWS/9DFRD4gwmvtXXD0zTNM32qcf4nCTOwtfSTgz6yAQAAPTb/ZP+QdcEAAAAAAAAAAAAAAAAAAAAhtcJjwEbi4jHfpzY0Zh7B6mkH4/QBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoi/8FAAD//8im168=")
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))

0s ago: executing program 0 (id=3117):
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)={'#! ', '', [{0x20, 'memory.events\x00'}]}, 0x13)
perf_event_open(&(0x7f0000000140)={0x8, 0x80, 0x7, 0x0, 0x0, 0x3, 0x82, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0xf}, 0x8080, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x10000000000007}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x2)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)={0x14, r3, 0x28543634fae43ad, 0x0, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x20000054}, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x8404, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={&(0x7f0000000080)}, 0x400, 0x0, 0x0, 0x0, 0x0, 0x1fffffff, 0x0, 0x0, 0x40, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x74}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}]}}}]}, @NFT_MSG_NEWSETELEM={0x50, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0xfffc}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x24, 0x3, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPR={0x14, 0x7, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x100}, 0x1, 0x0, 0x0, 0x4040854}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r6}, 0x10)
syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r8 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000880)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0902000000000000000001"], 0x38}}, 0x0)

kernel console output (not intermixed with test programs):

4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9899 comm="syz.2.2228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  175.024812][   T29] audit: type=1326 audit(174.928:8861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9899 comm="syz.2.2228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  175.047837][   T29] audit: type=1326 audit(174.958:8862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9899 comm="syz.2.2228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  175.059855][ T9897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  175.070900][   T29] audit: type=1326 audit(174.958:8863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9899 comm="syz.2.2228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  175.102132][   T29] audit: type=1326 audit(174.958:8864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9899 comm="syz.2.2228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  175.102308][ T9906] loop3: detected capacity change from 0 to 512
[  175.125003][   T29] audit: type=1326 audit(174.958:8865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9899 comm="syz.2.2228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  175.136830][ T9897] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  175.154098][   T29] audit: type=1326 audit(174.958:8866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9899 comm="syz.2.2228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  175.201992][ T9906] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  175.215460][ T9912] loop2: detected capacity change from 0 to 512
[  175.219896][ T9898] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.2225: corrupted inode contents
[  175.225735][ T9912] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  175.235736][ T9898] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.2225: mark_inode_dirty error
[  175.244861][ T9912] EXT4-fs (loop2): can't mount with data_err=abort, fs mounted w/o journal
[  175.258375][ T9898] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.2225: corrupted inode contents
[  175.276810][ T9898] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.2225: mark_inode_dirty error
[  175.347943][ T3393] hid-generic 0003:0004:0000.0018: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  175.461074][ T9918] loop2: detected capacity change from 0 to 2048
[  175.468844][ T9918] EXT4-fs: Ignoring removed mblk_io_submit option
[  175.512718][ T9918] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  175.529774][ T9918] FAULT_INJECTION: forcing a failure.
[  175.529774][ T9918] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  175.547041][ T9918] CPU: 0 UID: 0 PID: 9918 Comm: syz.2.2233 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  175.547070][ T9918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  175.547085][ T9918] Call Trace:
[  175.547094][ T9918]  <TASK>
[  175.547105][ T9918]  __dump_stack+0x1d/0x30
[  175.547127][ T9918]  dump_stack_lvl+0xe8/0x140
[  175.547146][ T9918]  dump_stack+0x15/0x1b
[  175.547184][ T9918]  should_fail_ex+0x265/0x280
[  175.547222][ T9918]  should_fail_alloc_page+0xf2/0x100
[  175.547349][ T9918]  __alloc_frozen_pages_noprof+0xff/0x360
[  175.547400][ T9918]  alloc_pages_mpol+0xb3/0x250
[  175.547438][ T9918]  folio_alloc_noprof+0x97/0x150
[  175.547555][ T9918]  filemap_alloc_folio_noprof+0x66/0x210
[  175.547598][ T9918]  __filemap_get_folio+0x28f/0x6b0
[  175.547643][ T9918]  ext4_generic_write_inline_data+0x1bd/0x720
[  175.547720][ T9918]  ext4_da_write_begin+0x284/0x670
[  175.547753][ T9918]  ? balance_dirty_pages_ratelimited_flags+0x40b/0x5e0
[  175.547788][ T9918]  generic_perform_write+0x181/0x490
[  175.547815][ T9918]  ext4_buffered_write_iter+0x1ee/0x3c0
[  175.547878][ T9918]  ? ext4_file_write_iter+0xfe/0xf00
[  175.547901][ T9918]  ext4_file_write_iter+0x383/0xf00
[  175.547970][ T9918]  ? kstrtouint_from_user+0x9f/0xf0
[  175.548004][ T9918]  ? avc_policy_seqno+0x15/0x30
[  175.548029][ T9918]  ? selinux_file_permission+0x1e4/0x320
[  175.548085][ T9918]  ? __pfx_ext4_file_write_iter+0x10/0x10
[  175.548116][ T9918]  vfs_write+0x49d/0x8e0
[  175.548167][ T9918]  ksys_write+0xda/0x1a0
[  175.548222][ T9918]  __x64_sys_write+0x40/0x50
[  175.548245][ T9918]  x64_sys_call+0x2cdd/0x2fb0
[  175.548270][ T9918]  do_syscall_64+0xd2/0x200
[  175.548335][ T9918]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  175.548369][ T9918]  ? clear_bhb_loop+0x40/0x90
[  175.548396][ T9918]  ? clear_bhb_loop+0x40/0x90
[  175.548424][ T9918]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.548452][ T9918] RIP: 0033:0x7f61a767e929
[  175.548470][ T9918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.548532][ T9918] RSP: 002b:00007f61a5ce7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  175.548552][ T9918] RAX: ffffffffffffffda RBX: 00007f61a78a5fa0 RCX: 00007f61a767e929
[  175.548628][ T9918] RDX: 000000000208e24b RSI: 0000200000000040 RDI: 000000000000000c
[  175.548644][ T9918] RBP: 00007f61a5ce7090 R08: 0000000000000000 R09: 0000000000000000
[  175.548656][ T9918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.548667][ T9918] R13: 0000000000000000 R14: 00007f61a78a5fa0 R15: 00007fff54e80da8
[  175.548692][ T9918]  </TASK>
[  175.551033][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.796293][ T9922] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2236'.
[  175.844164][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.860789][ T9927] netlink: 'syz.4.2238': attribute type 4 has an invalid length.
[  175.884823][ T9927] netlink: 'syz.4.2238': attribute type 4 has an invalid length.
[  175.935822][ T9930] loop2: detected capacity change from 0 to 1024
[  175.956234][ T9930] EXT4-fs: Ignoring removed orlov option
[  175.974766][ T9930] EXT4-fs (loop2): stripe (1570) is not aligned with cluster size (16), stripe is disabled
[  176.022425][ T9930] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  176.045670][ T9944] loop4: detected capacity change from 0 to 512
[  176.089184][ T9941] loop3: detected capacity change from 0 to 512
[  176.097761][ T9944] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  176.114780][ T9941] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  176.125688][ T9941] EXT4-fs (loop3): can't mount with data_err=abort, fs mounted w/o journal
[  176.136217][ T9944] EXT4-fs (loop4): can't mount with data_err=abort, fs mounted w/o journal
[  176.339899][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.718333][ T3393] hid-generic 0003:0004:0000.0019: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  176.792539][ T3393] hid-generic 0003:0004:0000.001A: hidraw1: USB HID v0.00 Device [syz0] on syz1
[  176.901918][ T9963] loop3: detected capacity change from 0 to 512
[  176.903715][ T9951] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  176.925499][ T9963] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  176.931512][ T9951] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  176.936593][ T9963] EXT4-fs (loop3): can't mount with data_err=abort, fs mounted w/o journal
[  177.013805][ T3393] hid-generic 0003:0004:0000.001B: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  177.151570][ T9972] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2253'.
[  177.176930][ T9975] netlink: 'syz.0.2254': attribute type 4 has an invalid length.
[  177.186063][ T9975] netlink: 'syz.0.2254': attribute type 4 has an invalid length.
[  177.196512][ T3584] lo speed is unknown, defaulting to 1000
[  177.203019][ T3584] syz0: Port: 1 Link ACTIVE
[  177.286583][ T9983] 9pnet_virtio: no channels available for device €
[  178.055462][T10003] netlink: 'syz.2.2265': attribute type 4 has an invalid length.
[  178.087010][T10006] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2266'.
[  178.097313][T10003] netlink: 'syz.2.2265': attribute type 4 has an invalid length.
[  178.112851][ T9995] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2262'.
[  178.114364][T10000] dummy0 speed is unknown, defaulting to 1000
[  178.217128][T10000] lo speed is unknown, defaulting to 1000
[  178.504389][   T23] hid-generic 0003:0004:0000.001C: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  178.536686][T10040] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2275'.
[  178.566728][T10040] 1ªX¹¦À: renamed from 
60ªX¹¦À
[  178.574024][T10043] loop3: detected capacity change from 0 to 512
[  178.595316][T10043] EXT4-fs: Ignoring removed orlov option
[  178.602211][T10043] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  178.629272][T10040] A link change request failed with some changes committed already. Interface 
61ªX¹¦À may have been left with an inconsistent configuration, please check.
[  178.631143][T10047] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2276'.
[  178.659555][T10043] EXT4-fs (loop3): orphan cleanup on readonly fs
[  178.682799][T10043] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2274: bg 0: block 248: padding at end of block bitmap is not set
[  178.712164][T10053] dummy0 speed is unknown, defaulting to 1000
[  178.728756][T10056] 9pnet_virtio: no channels available for device €
[  178.819574][T10043] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.2274: Failed to acquire dquot type 1
[  178.873214][T10043] EXT4-fs (loop3): 1 truncate cleaned up
[  178.884173][T10043] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  178.973030][T10053] lo speed is unknown, defaulting to 1000
[  179.072891][T10033] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  179.162841][T10033] EXT4-fs error (device loop3): __ext4_remount:6736: comm syz.3.2274: Abort forced by user
[  179.251010][T10033] EXT4-fs (loop3): Remounting filesystem read-only
[  179.257814][T10033] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  179.362769][T10073] netlink: 'syz.4.2279': attribute type 4 has an invalid length.
[  179.471211][T10073] netlink: 'syz.4.2279': attribute type 4 has an invalid length.
[  179.539827][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  179.693731][T10090] siw: device registration error -23
[  179.702560][T10091] FAULT_INJECTION: forcing a failure.
[  179.702560][T10091] name failslab, interval 1, probability 0, space 0, times 0
[  179.715870][T10091] CPU: 1 UID: 0 PID: 10091 Comm: syz.2.2284 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  179.715969][T10091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  179.715981][T10091] Call Trace:
[  179.715987][T10091]  <TASK>
[  179.715993][T10091]  __dump_stack+0x1d/0x30
[  179.716069][T10091]  dump_stack_lvl+0xe8/0x140
[  179.716094][T10091]  dump_stack+0x15/0x1b
[  179.716163][T10091]  should_fail_ex+0x265/0x280
[  179.716203][T10091]  should_failslab+0x8c/0xb0
[  179.716233][T10091]  kmem_cache_alloc_noprof+0x50/0x310
[  179.716373][T10091]  ? getname_flags+0x80/0x3b0
[  179.716403][T10091]  getname_flags+0x80/0x3b0
[  179.716429][T10091]  user_path_at+0x28/0x130
[  179.716516][T10091]  __se_sys_mount+0x25b/0x2e0
[  179.716536][T10091]  ? fput+0x8f/0xc0
[  179.716564][T10091]  __x64_sys_mount+0x67/0x80
[  179.716583][T10091]  x64_sys_call+0xd36/0x2fb0
[  179.716676][T10091]  do_syscall_64+0xd2/0x200
[  179.716694][T10091]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  179.716721][T10091]  ? clear_bhb_loop+0x40/0x90
[  179.716796][T10091]  ? clear_bhb_loop+0x40/0x90
[  179.716818][T10091]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.716875][T10091] RIP: 0033:0x7f61a767e929
[  179.716891][T10091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.716916][T10091] RSP: 002b:00007f61a5ce7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  179.716935][T10091] RAX: ffffffffffffffda RBX: 00007f61a78a5fa0 RCX: 00007f61a767e929
[  179.716947][T10091] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000000000
[  179.716962][T10091] RBP: 00007f61a5ce7090 R08: 0000200000000140 R09: 0000000000000000
[  179.716974][T10091] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001
[  179.716986][T10091] R13: 0000000000000000 R14: 00007f61a78a5fa0 R15: 00007fff54e80da8
[  179.717008][T10091]  </TASK>
[  179.717336][T10095] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2287'.
[  179.940894][T10095] 0ªX¹¦À: renamed from caif0
[  179.948352][   T23] hid-generic 0003:0004:0000.001D: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  179.963542][T10095] 0ªX¹¦À: entered allmulticast mode
[  179.968849][T10095] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  180.012551][T10107] fido_id[10107]: Failed to read report descriptor at '/sys/devices/virtual/misc/uhid/0003:0004:0000.001D/report_descriptor': No such device
[  180.151681][T10118] netlink: 'syz.3.2291': attribute type 6 has an invalid length.
[  180.165438][T10120] 9pnet_virtio: no channels available for device €
[  180.834831][T10125] dummy0 speed is unknown, defaulting to 1000
[  180.918287][T10128] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2294'.
[  181.010839][T10130] netlink: 'syz.1.2296': attribute type 4 has an invalid length.
[  181.036945][T10130] netlink: 'syz.1.2296': attribute type 4 has an invalid length.
[  181.068852][   T29] kauditd_printk_skb: 169 callbacks suppressed
[  181.068947][   T29] audit: type=1326 audit(181.048:9034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  181.099773][T10125] lo speed is unknown, defaulting to 1000
[  181.152838][T10132] dummy0 speed is unknown, defaulting to 1000
[  181.196330][   T29] audit: type=1326 audit(181.088:9035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  181.219342][   T29] audit: type=1326 audit(181.088:9036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  181.242373][   T29] audit: type=1326 audit(181.088:9037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  181.265381][   T29] audit: type=1326 audit(181.088:9038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  181.288574][   T29] audit: type=1326 audit(181.088:9039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  181.312275][   T29] audit: type=1326 audit(181.098:9040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  181.331598][T10132] lo speed is unknown, defaulting to 1000
[  181.335226][   T29] audit: type=1326 audit(181.098:9041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  181.364101][   T29] audit: type=1326 audit(181.098:9042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  181.374206][T10137] siw: device registration error -23
[  181.387015][   T29] audit: type=1326 audit(181.098:9043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.2.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f61a767e929 code=0x7ffc0000
[  181.462175][T10147] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2303'.
[  181.584595][T10147] 0ªX¹¦À: renamed from caif0
[  181.604886][T10147] 0ªX¹¦À: entered allmulticast mode
[  181.610166][T10147] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  181.715440][T10155] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2306'.
[  181.810282][T10163] netlink: 'syz.0.2310': attribute type 4 has an invalid length.
[  181.865891][T10167] netlink: 'syz.0.2310': attribute type 4 has an invalid length.
[  181.908416][   T23] lo speed is unknown, defaulting to 1000
[  181.912943][ T3413] lo speed is unknown, defaulting to 1000
[  182.109446][T10169] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  182.132037][T10169] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  182.227222][   T23] hid-generic 0003:0004:0000.001E: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  182.322300][T10185] netlink: 'syz.1.2317': attribute type 6 has an invalid length.
[  182.399455][T10189] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2319'.
[  182.513132][T10193] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2321'.
[  182.523834][T10193] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  182.532888][T10193] batman_adv: batadv0: Removing interface: batadv_slave_0
[  182.541472][T10193] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  182.551193][T10193] batman_adv: batadv0: Removing interface: batadv_slave_1
[  182.751925][T10200] loop4: detected capacity change from 0 to 512
[  182.772142][T10200] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  182.795627][T10200] EXT4-fs (loop4): can't mount with data_err=abort, fs mounted w/o journal
[  182.965043][ T3393] hid-generic 0003:0004:0000.001F: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  183.002192][ T3393] hid-generic 0003:0004:0000.0020: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  183.033823][T10213] fido_id[10213]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  183.057929][T10216] netlink: 'syz.1.2329': attribute type 6 has an invalid length.
[  183.142775][T10224] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2331'.
[  183.172980][T10221] fido_id[10221]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  183.204512][T10219] dummy0 speed is unknown, defaulting to 1000
[  183.212125][T10227] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2333'.
[  183.252413][T10227] 0ªX¹¦À: renamed from caif0
[  183.276671][T10227] 0ªX¹¦À: entered allmulticast mode
[  183.284186][T10227] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  183.324777][T10230] loop4: detected capacity change from 0 to 512
[  183.343559][T10230] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  183.365098][T10230] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[  183.381892][T10230] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.2334: corrupted in-inode xattr: e_value size too large
[  183.404064][T10219] lo speed is unknown, defaulting to 1000
[  183.415708][T10230] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.2334: couldn't read orphan inode 15 (err -117)
[  183.443329][T10230] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  183.474839][T10240] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2337'.
[  183.495999][T10240] 1ªX¹¦À: renamed from 
60ªX¹¦À
[  183.503770][T10240] A link change request failed with some changes committed already. Interface 
61ªX¹¦À may have been left with an inconsistent configuration, please check.
[  183.608753][T10254] siw: device registration error -23
[  183.637646][T10256] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2344'.
[  183.676287][ T3393] hid-generic 0003:0004:0000.0021: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  183.695130][T10259] dummy0 speed is unknown, defaulting to 1000
[  183.749279][T10259] lo speed is unknown, defaulting to 1000
[  183.818625][ T3393] hid-generic 0003:0004:0000.0022: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  183.863991][T10264] fido_id[10264]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  184.176099][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.273693][   T23] hid-generic 0003:0004:0000.0023: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  184.294296][T10283] loop4: detected capacity change from 0 to 512
[  184.323018][T10283] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  184.376251][T10283] EXT4-fs (loop4): can't mount with data_err=abort, fs mounted w/o journal
[  184.407194][T10286] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2355'.
[  184.418017][T10285] fido_id[10285]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  184.643529][ T3393] hid-generic 0003:0004:0000.0024: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  184.670244][T10307] siw: device registration error -23
[  184.693759][T10305] fido_id[10305]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  184.794618][ T3413] hid-generic 0003:0004:0000.0025: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  185.222399][T10368] netlink: 'syz.4.2374': attribute type 6 has an invalid length.
[  185.259535][T10368] loop4: detected capacity change from 0 to 512
[  185.288357][T10368] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  185.328996][T10368] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.2374: corrupted in-inode xattr: e_value out of bounds
[  185.354589][T10368] EXT4-fs (loop4): Remounting filesystem read-only
[  185.361762][T10368] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  185.450153][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.544239][ T3413] hid-generic 0003:0004:0000.0026: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  185.603896][T10386] fido_id[10386]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  185.645121][   T23] hid-generic 0003:0004:0000.0027: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  185.708229][T10392] fido_id[10392]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  186.053285][T10409] netlink: 'syz.0.2388': attribute type 6 has an invalid length.
[  186.293722][   T23] hid-generic 0003:0004:0000.0028: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  186.368691][T10426] fido_id[10426]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  186.413702][T10439] __nla_validate_parse: 1 callbacks suppressed
[  186.413735][T10439] netlink: 20 bytes leftover after parsing attributes in process `'.
[  186.431951][T10439] netlink: 48 bytes leftover after parsing attributes in process `'.
[  186.492586][T10429] netlink: 20 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  186.501294][T10429] netlink: 20 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  186.580735][T10450] dummy0 speed is unknown, defaulting to 1000
[  186.582076][   T29] kauditd_printk_skb: 26 callbacks suppressed
[  186.582095][   T29] audit: type=1326 audit(186.558:9070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10451 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f568385e929 code=0x7ffc0000
[  186.616311][   T29] audit: type=1326 audit(186.558:9071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10451 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f568385e929 code=0x7ffc0000
[  186.620715][T10450] lo speed is unknown, defaulting to 1000
[  186.639766][   T29] audit: type=1326 audit(186.558:9072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10451 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f568385e929 code=0x7ffc0000
[  186.668580][   T29] audit: type=1326 audit(186.558:9073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10451 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f568385e929 code=0x7ffc0000
[  186.691585][   T29] audit: type=1326 audit(186.558:9074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10451 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f568385e929 code=0x7ffc0000
[  186.714529][   T29] audit: type=1326 audit(186.558:9075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10451 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f568385e929 code=0x7ffc0000
[  186.737490][   T29] audit: type=1326 audit(186.558:9076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10451 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f568385e929 code=0x7ffc0000
[  186.760416][   T29] audit: type=1326 audit(186.558:9077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10451 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f568385e929 code=0x7ffc0000
[  186.786169][   T29] audit: type=1326 audit(186.558:9078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10451 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f568385e929 code=0x7ffc0000
[  186.809132][   T29] audit: type=1326 audit(186.648:9079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10451 comm="syz.3.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f568385e929 code=0x7ffc0000
[  186.880137][T10454] dummy0 speed is unknown, defaulting to 1000
[  186.998073][   T23] hid-generic 0003:0004:0000.0029: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  187.082002][T10493] fido_id[10493]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  187.186804][T10505] netlink: 'syz.0.2412': attribute type 6 has an invalid length.
[  187.406510][T10454] lo speed is unknown, defaulting to 1000
[  187.497542][T10517] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2415'.
[  187.516872][T10517] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2415'.
[  187.529238][T10518] dummy0 speed is unknown, defaulting to 1000
[  187.593809][T10518] lo speed is unknown, defaulting to 1000
[  187.679107][T10523] dummy0 speed is unknown, defaulting to 1000
[  187.724110][T10529] No such timeout policy "syz1"
[  187.800010][T10523] lo speed is unknown, defaulting to 1000
[  187.817385][T10540] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  187.834857][T10540] SELinux:  Context system_u:object is not valid (left unmapped).
[  187.839192][T10541] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2421'.
[  188.072542][T10553] netlink: 'syz.3.2429': attribute type 4 has an invalid length.
[  188.113320][T10553] netlink: 'syz.3.2429': attribute type 4 has an invalid length.
[  188.182093][T10562] netlink: 'syz.2.2430': attribute type 6 has an invalid length.
[  188.196046][T10568] siw: device registration error -23
[  188.205062][T10566] FAULT_INJECTION: forcing a failure.
[  188.205062][T10566] name failslab, interval 1, probability 0, space 0, times 0
[  188.217948][T10566] CPU: 0 UID: 0 PID: 10566 Comm: syz.4.2432 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  188.217978][T10566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  188.217994][T10566] Call Trace:
[  188.218001][T10566]  <TASK>
[  188.218011][T10566]  __dump_stack+0x1d/0x30
[  188.218109][T10566]  dump_stack_lvl+0xe8/0x140
[  188.218131][T10566]  dump_stack+0x15/0x1b
[  188.218151][T10566]  should_fail_ex+0x265/0x280
[  188.218186][T10566]  should_failslab+0x8c/0xb0
[  188.218208][T10566]  __kmalloc_cache_node_noprof+0x54/0x320
[  188.218325][T10566]  ? __get_vm_area_node+0x106/0x1d0
[  188.218359][T10566]  __get_vm_area_node+0x106/0x1d0
[  188.218398][T10566]  __vmalloc_node_range_noprof+0x273/0xe00
[  188.218465][T10566]  ? bpf_prog_alloc_no_stats+0x47/0x390
[  188.218499][T10566]  ? mntput_no_expire+0x6f/0x3c0
[  188.218527][T10566]  ? __rcu_read_unlock+0x4f/0x70
[  188.218555][T10566]  ? selinux_capable+0x1f9/0x270
[  188.218640][T10566]  ? bpf_prog_alloc_no_stats+0x47/0x390
[  188.218716][T10566]  __vmalloc_noprof+0x83/0xc0
[  188.218746][T10566]  ? bpf_prog_alloc_no_stats+0x47/0x390
[  188.218779][T10566]  bpf_prog_alloc_no_stats+0x47/0x390
[  188.218868][T10566]  ? bpf_prog_alloc+0x2a/0x150
[  188.218918][T10566]  bpf_prog_alloc+0x3c/0x150
[  188.218956][T10566]  bpf_prog_load+0x514/0x1070
[  188.219009][T10566]  ? security_bpf+0x2b/0x90
[  188.219090][T10566]  __sys_bpf+0x51d/0x790
[  188.219128][T10566]  __x64_sys_bpf+0x41/0x50
[  188.219157][T10566]  x64_sys_call+0x2478/0x2fb0
[  188.219264][T10566]  do_syscall_64+0xd2/0x200
[  188.219288][T10566]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  188.219320][T10566]  ? clear_bhb_loop+0x40/0x90
[  188.219390][T10566]  ? clear_bhb_loop+0x40/0x90
[  188.219411][T10566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.219435][T10566] RIP: 0033:0x7f9b74bfe929
[  188.219460][T10566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.219500][T10566] RSP: 002b:00007f9b73267038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  188.219529][T10566] RAX: ffffffffffffffda RBX: 00007f9b74e25fa0 RCX: 00007f9b74bfe929
[  188.219545][T10566] RDX: 0000000000000080 RSI: 0000200000000500 RDI: 0000000000000005
[  188.219561][T10566] RBP: 00007f9b73267090 R08: 0000000000000000 R09: 0000000000000000
[  188.219575][T10566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.219586][T10566] R13: 0000000000000000 R14: 00007f9b74e25fa0 R15: 00007ffe882b93b8
[  188.219606][T10566]  </TASK>
[  188.219614][T10566] syz.4.2432: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0
[  188.486694][T10566] CPU: 0 UID: 0 PID: 10566 Comm: syz.4.2432 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  188.486736][T10566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  188.486752][T10566] Call Trace:
[  188.486760][T10566]  <TASK>
[  188.486770][T10566]  __dump_stack+0x1d/0x30
[  188.486807][T10566]  dump_stack_lvl+0xe8/0x140
[  188.486903][T10566]  dump_stack+0x15/0x1b
[  188.486933][T10566]  warn_alloc+0x12b/0x1a0
[  188.486975][T10566]  __vmalloc_node_range_noprof+0x297/0xe00
[  188.487067][T10566]  ? mntput_no_expire+0x6f/0x3c0
[  188.487150][T10566]  ? __rcu_read_unlock+0x4f/0x70
[  188.487197][T10566]  ? selinux_capable+0x1f9/0x270
[  188.487244][T10566]  ? bpf_prog_alloc_no_stats+0x47/0x390
[  188.487312][T10566]  __vmalloc_noprof+0x83/0xc0
[  188.487350][T10566]  ? bpf_prog_alloc_no_stats+0x47/0x390
[  188.487414][T10566]  bpf_prog_alloc_no_stats+0x47/0x390
[  188.487450][T10566]  ? bpf_prog_alloc+0x2a/0x150
[  188.487541][T10566]  bpf_prog_alloc+0x3c/0x150
[  188.487581][T10566]  bpf_prog_load+0x514/0x1070
[  188.487675][T10566]  ? security_bpf+0x2b/0x90
[  188.487781][T10566]  __sys_bpf+0x51d/0x790
[  188.487832][T10566]  __x64_sys_bpf+0x41/0x50
[  188.487867][T10566]  x64_sys_call+0x2478/0x2fb0
[  188.487895][T10566]  do_syscall_64+0xd2/0x200
[  188.487980][T10566]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  188.488038][T10566]  ? clear_bhb_loop+0x40/0x90
[  188.488141][T10566]  ? clear_bhb_loop+0x40/0x90
[  188.488167][T10566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.488217][T10566] RIP: 0033:0x7f9b74bfe929
[  188.488311][T10566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.488333][T10566] RSP: 002b:00007f9b73267038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  188.488356][T10566] RAX: ffffffffffffffda RBX: 00007f9b74e25fa0 RCX: 00007f9b74bfe929
[  188.488383][T10566] RDX: 0000000000000080 RSI: 0000200000000500 RDI: 0000000000000005
[  188.488454][T10566] RBP: 00007f9b73267090 R08: 0000000000000000 R09: 0000000000000000
[  188.488470][T10566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.488485][T10566] R13: 0000000000000000 R14: 00007f9b74e25fa0 R15: 00007ffe882b93b8
[  188.488512][T10566]  </TASK>
[  188.488531][T10566] Mem-Info:
[  188.560332][T10589] block device autoloading is deprecated and will be removed.
[  188.561322][T10566] active_anon:74058 inactive_anon:13643 isolated_anon:0
[  188.561322][T10566]  active_file:5763 inactive_file:2491 isolated_file:0
[  188.561322][T10566]  unevictable:0 dirty:177 writeback:0
[  188.561322][T10566]  slab_reclaimable:3496 slab_unreclaimable:42320
[  188.561322][T10566]  mapped:29404 shmem:63051 pagetables:2134
[  188.561322][T10566]  sec_pagetables:0 bounce:0
[  188.561322][T10566]  kernel_misc_reclaimable:0
[  188.561322][T10566]  free:1723228 free_pcp:74301 free_cma:0
[  188.767587][T10566] Node 0 active_anon:295916kB inactive_anon:54572kB active_file:23052kB inactive_file:9964kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:117644kB dirty:784kB writeback:0kB shmem:252204kB writeback_tmp:0kB kernel_stack:4960kB pagetables:8740kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  188.797125][T10566] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  188.826064][T10566] lowmem_reserve[]: 0 2882 7860 7860
[  188.831443][T10566] Node 0 DMA32 free:2947832kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2951360kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:3528kB free_cma:0kB
[  188.861955][T10566] lowmem_reserve[]: 0 0 4978 4978
[  188.867045][T10566] Node 0 Normal free:3933136kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:295916kB inactive_anon:54572kB active_file:23052kB inactive_file:9964kB unevictable:0kB writepending:784kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:278248kB local_pcp:154664kB free_cma:0kB
[  188.900069][T10566] lowmem_reserve[]: 0 0 0 0
[  188.904725][T10566] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  188.922985][T10566] Node 0 DMA32: 4*4kB (M) 3*8kB (M) 5*16kB (M) 2*32kB (M) 5*64kB (M) 4*128kB (M) 3*256kB (M) 4*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2947832kB
[  188.942505][T10566] Node 0 Normal: 6*4kB (UE) 3*8kB (UME) 590*16kB (UM) 1551*32kB (UME) 928*64kB (UME) 317*128kB (UME) 240*256kB (UME) 189*512kB (UM) 127*1024kB (UM) 58*2048kB (UM) 822*4096kB (UM) = 3933040kB
[  188.961997][T10566] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  188.971351][T10566] 71818 total pagecache pages
[  188.976046][T10566] 517 pages in swap cache
[  188.980401][T10566] Free swap  = 0kB
[  188.984177][T10566] Total swap = 124996kB
[  188.988368][T10566] 2097051 pages RAM
[  188.992219][T10566] 0 pages HighMem/MovableOnly
[  188.996989][T10566] 80811 pages reserved
[  189.095787][T10605] syzkaller1: entered promiscuous mode
[  189.101871][T10605] syzkaller1: entered allmulticast mode
[  189.238094][   T23] hid-generic 0003:0004:0000.002A: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  189.329413][T10621] fido_id[10621]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  189.402683][T10614] loop0: detected capacity change from 0 to 2048
[  189.432847][T10614] EXT4-fs: Ignoring removed bh option
[  189.453040][T10614] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  189.498647][T10630] siw: device registration error -23
[  189.567025][T10631] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  189.653008][T10598] syz.2.2437 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  189.667316][T10598] CPU: 0 UID: 0 PID: 10598 Comm: syz.2.2437 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  189.667355][T10598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  189.667369][T10598] Call Trace:
[  189.667375][T10598]  <TASK>
[  189.667383][T10598]  __dump_stack+0x1d/0x30
[  189.667426][T10598]  dump_stack_lvl+0xe8/0x140
[  189.667452][T10598]  dump_stack+0x15/0x1b
[  189.667471][T10598]  dump_header+0x81/0x220
[  189.667511][T10598]  oom_kill_process+0x334/0x3f0
[  189.667589][T10598]  out_of_memory+0x979/0xb80
[  189.667630][T10598]  try_charge_memcg+0x5e6/0x9e0
[  189.667713][T10598]  obj_cgroup_charge_pages+0xa6/0x150
[  189.667756][T10598]  __memcg_kmem_charge_page+0x9f/0x170
[  189.667788][T10598]  __alloc_frozen_pages_noprof+0x188/0x360
[  189.667909][T10598]  alloc_pages_mpol+0xb3/0x250
[  189.667948][T10598]  alloc_pages_noprof+0x90/0x130
[  189.667987][T10598]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  189.668086][T10598]  __kvmalloc_node_noprof+0x30f/0x4e0
[  189.668179][T10598]  ? ip_set_alloc+0x1f/0x30
[  189.668234][T10598]  ? ip_set_alloc+0x1f/0x30
[  189.668318][T10598]  ? __kmalloc_cache_noprof+0x189/0x320
[  189.668403][T10598]  ip_set_alloc+0x1f/0x30
[  189.668450][T10598]  hash_netiface_create+0x282/0x740
[  189.668494][T10598]  ? __pfx_hash_netiface_create+0x10/0x10
[  189.668557][T10598]  ip_set_create+0x3c9/0x960
[  189.668614][T10598]  ? __nla_parse+0x40/0x60
[  189.668709][T10598]  nfnetlink_rcv_msg+0x4c3/0x590
[  189.668771][T10598]  ? selinux_capable+0x1f9/0x270
[  189.668872][T10598]  netlink_rcv_skb+0x120/0x220
[  189.668915][T10598]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  189.668961][T10598]  nfnetlink_rcv+0x16b/0x1690
[  189.668989][T10598]  ? __folio_put+0x11e/0x150
[  189.669082][T10598]  ? bpf_check+0xbe55/0xced0
[  189.669119][T10598]  ? __rcu_read_unlock+0x4f/0x70
[  189.669147][T10598]  ? obj_cgroup_charge_pages+0xf7/0x150
[  189.669243][T10598]  ? __rcu_read_unlock+0x4f/0x70
[  189.669283][T10598]  ? alloc_pages_bulk_noprof+0x4b8/0x540
[  189.669319][T10598]  ? __vmap_pages_range_noflush+0xbb3/0xbd0
[  189.669418][T10598]  ? should_fail_ex+0x30/0x280
[  189.669454][T10598]  ? selinux_nlmsg_lookup+0x99/0x890
[  189.669586][T10598]  ? selinux_netlink_send+0x59f/0x5f0
[  189.669730][T10598]  ? __rcu_read_unlock+0x34/0x70
[  189.669754][T10598]  ? __netlink_lookup+0x266/0x2a0
[  189.669777][T10598]  netlink_unicast+0x59e/0x670
[  189.669812][T10598]  netlink_sendmsg+0x58b/0x6b0
[  189.669841][T10598]  ? __pfx_netlink_sendmsg+0x10/0x10
[  189.669951][T10598]  __sock_sendmsg+0x142/0x180
[  189.669979][T10598]  ____sys_sendmsg+0x31e/0x4e0
[  189.670102][T10598]  ___sys_sendmsg+0x17b/0x1d0
[  189.670133][T10598]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[  189.670188][T10598]  __x64_sys_sendmsg+0xd4/0x160
[  189.670279][T10598]  x64_sys_call+0x2999/0x2fb0
[  189.670348][T10598]  do_syscall_64+0xd2/0x200
[  189.670371][T10598]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  189.670431][T10598]  ? clear_bhb_loop+0x40/0x90
[  189.670454][T10598]  ? clear_bhb_loop+0x40/0x90
[  189.670476][T10598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.670496][T10598] RIP: 0033:0x7f61a767e929
[  189.670511][T10598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  189.670529][T10598] RSP: 002b:00007f61a5ce7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  189.670611][T10598] RAX: ffffffffffffffda RBX: 00007f61a78a5fa0 RCX: 00007f61a767e929
[  189.670626][T10598] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000006
[  189.670638][T10598] RBP: 00007f61a7700b39 R08: 0000000000000000 R09: 0000000000000000
[  189.670649][T10598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  189.670663][T10598] R13: 0000000000000000 R14: 00007f61a78a5fa0 R15: 00007fff54e80da8
[  189.670683][T10598]  </TASK>
[  189.670690][T10598] memory: usage 307200kB, limit 307200kB, failcnt 213
[  189.772626][T10638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.773979][T10598] memory+swap: usage 380440kB, limit 9007199254740988kB, failcnt 0
[  189.800120][T10638] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  189.804697][T10598] kmem: usage 303060kB, limit 9007199254740988kB, failcnt 0
[  189.804711][T10598] Memory cgroup stats for /syz2:
[  190.080331][T10598] cache 1863680
[  190.088860][T10598] rss 364544
[  190.092140][T10598] shmem 1863680
[  190.095615][T10598] mapped_file 0
[  190.099098][T10598] dirty 0
[  190.102087][T10598] writeback 0
[  190.105632][T10598] workingset_refault_anon 1091
[  190.110562][T10598] workingset_refault_file 648
[  190.115291][T10598] swap 74997760
[  190.118816][T10598] swapcached 2011136
[  190.122754][T10598] pgpgin 176333
[  190.126312][T10598] pgpgout 175298
[  190.129917][T10598] pgfault 170022
[  190.133530][T10598] pgmajfault 177
[  190.137138][T10598] inactive_anon 1589248
[  190.141363][T10598] active_anon 2650112
[  190.145367][T10598] inactive_file 0
[  190.149010][T10598] active_file 0
[  190.152530][T10598] unevictable 0
[  190.155996][T10598] hierarchical_memory_limit 314572800
[  190.161484][T10598] hierarchical_memsw_limit 9223372036854771712
[  190.167658][T10598] total_cache 1863680
[  190.171846][T10598] total_rss 364544
[  190.175616][T10598] total_shmem 1863680
[  190.179617][T10598] total_mapped_file 0
[  190.183674][T10598] total_dirty 0
[  190.187841][T10598] total_writeback 0
[  190.191724][T10598] total_workingset_refault_anon 1091
[  190.197084][T10598] total_workingset_refault_file 648
[  190.202344][T10598] total_swap 74997760
[  190.206409][T10598] total_swapcached 2011136
[  190.210868][T10598] total_pgpgin 176333
[  190.214900][T10598] total_pgpgout 175298
[  190.218989][T10598] total_pgfault 170022
[  190.223110][T10598] total_pgmajfault 177
[  190.227203][T10598] total_inactive_anon 1589248
[  190.231993][T10598] total_active_anon 2650112
[  190.236566][T10598] total_inactive_file 0
[  190.240733][T10598] total_active_file 0
[  190.244772][T10598] total_unevictable 0
[  190.248835][T10598] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2437,pid=10597,uid=0
[  190.263699][T10598] Memory cgroup out of memory: Killed process 10597 (syz.2.2437) total-vm:93752kB, anon-rss:936kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  190.319898][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.386623][ T3393] hid-generic 0003:0004:0000.002B: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  191.603289][T10684] fido_id[10684]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  191.736562][   T23] hid-generic 0003:0004:0000.002C: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  191.800157][T10696] fido_id[10696]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  191.906445][T10703] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2472'.
[  192.066802][ T3393] hid-generic 0003:0004:0000.002D: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  192.693148][ T4645] hid-generic 0003:0004:0000.002E: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  192.834073][T10732] fido_id[10732]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  193.084102][T10747] loop0: detected capacity change from 0 to 512
[  193.084817][T10748] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2487'.
[  193.106726][T10747] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  193.130505][T10747] EXT4-fs (loop0): can't mount with data_err=abort, fs mounted w/o journal
[  193.224940][ T3393] hid-generic 0003:0004:0000.002F: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  193.274351][   T29] kauditd_printk_skb: 110 callbacks suppressed
[  193.274366][   T29] audit: type=1326 audit(193.258:9190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10765 comm="syz.4.2494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b74bfe929 code=0x7ffc0000
[  193.352528][   T29] audit: type=1326 audit(193.288:9191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10765 comm="syz.4.2494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=243 compat=0 ip=0x7f9b74bfe929 code=0x7ffc0000
[  193.375697][   T29] audit: type=1326 audit(193.288:9192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10765 comm="syz.4.2494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b74bfe929 code=0x7ffc0000
[  193.398733][   T29] audit: type=1326 audit(193.288:9193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10765 comm="syz.4.2494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b74bfe929 code=0x7ffc0000
[  193.421698][   T29] audit: type=1326 audit(193.288:9194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10765 comm="syz.4.2494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9b74bfe929 code=0x7ffc0000
[  193.421735][   T29] audit: type=1326 audit(193.288:9195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10765 comm="syz.4.2494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b74bfe929 code=0x7ffc0000
[  193.421842][   T29] audit: type=1326 audit(193.288:9196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10765 comm="syz.4.2494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b74bfe929 code=0x7ffc0000
[  193.421871][   T29] audit: type=1326 audit(193.288:9197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10765 comm="syz.4.2494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9b74bfe929 code=0x7ffc0000
[  193.422011][   T29] audit: type=1326 audit(193.288:9198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10765 comm="syz.4.2494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b74bfe929 code=0x7ffc0000
[  193.422039][   T29] audit: type=1326 audit(193.288:9199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10765 comm="syz.4.2494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9b74bfe929 code=0x7ffc0000
[  193.508617][T10777] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2496'.
[  193.508646][T10777] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2496'.
[  193.508720][T10777] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2496'.
[  193.563429][T10783] syzkaller1: entered promiscuous mode
[  193.563447][T10783] syzkaller1: entered allmulticast mode
[  193.787198][ T3393] hid-generic 0003:0004:0000.0030: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  193.799351][ T3393] hid-generic 0003:0004:0000.0031: hidraw1: USB HID v0.00 Device [syz0] on syz1
[  193.873307][T10806] FAULT_INJECTION: forcing a failure.
[  193.873307][T10806] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  193.879576][T10801] fido_id[10801]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  193.886519][T10806] CPU: 0 UID: 0 PID: 10806 Comm: syz.0.2505 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  193.886559][T10806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  193.886605][T10806] Call Trace:
[  193.886614][T10806]  <TASK>
[  193.886625][T10806]  __dump_stack+0x1d/0x30
[  193.886652][T10806]  dump_stack_lvl+0xe8/0x140
[  193.886680][T10806]  dump_stack+0x15/0x1b
[  193.886768][T10806]  should_fail_ex+0x265/0x280
[  193.886813][T10806]  should_fail+0xb/0x20
[  193.886851][T10806]  should_fail_usercopy+0x1a/0x20
[  193.886918][T10806]  _copy_to_user+0x20/0xa0
[  193.886949][T10806]  simple_read_from_buffer+0xb5/0x130
[  193.887044][T10806]  proc_fail_nth_read+0x100/0x140
[  193.887093][T10806]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  193.887208][T10806]  vfs_read+0x19d/0x6f0
[  193.887276][T10806]  ? __rcu_read_unlock+0x4f/0x70
[  193.887306][T10806]  ? __fget_files+0x184/0x1c0
[  193.887355][T10806]  ksys_read+0xda/0x1a0
[  193.887471][T10806]  __x64_sys_read+0x40/0x50
[  193.887515][T10806]  x64_sys_call+0x2d77/0x2fb0
[  193.887546][T10806]  do_syscall_64+0xd2/0x200
[  193.887570][T10806]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  193.887635][T10806]  ? clear_bhb_loop+0x40/0x90
[  193.887664][T10806]  ? clear_bhb_loop+0x40/0x90
[  193.887697][T10806]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.887726][T10806] RIP: 0033:0x7fb94075d33c
[  193.887820][T10806] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  193.887846][T10806] RSP: 002b:00007fb93edc7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  193.887872][T10806] RAX: ffffffffffffffda RBX: 00007fb940985fa0 RCX: 00007fb94075d33c
[  193.887890][T10806] RDX: 000000000000000f RSI: 00007fb93edc70a0 RDI: 0000000000000007
[  193.887908][T10806] RBP: 00007fb93edc7090 R08: 0000000000000000 R09: 0000000000000000
[  193.887927][T10806] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001
[  193.887944][T10806] R13: 0000000000000000 R14: 00007fb940985fa0 R15: 00007ffd34f581f8
[  193.888004][T10806]  </TASK>
[  193.908859][T10800] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  193.908859][T10800]    program syz.3.2504 not setting count and/or reply_len properly
[  194.135087][T10798] fido_id[10798]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  194.395223][ T3393] hid-generic 0003:0004:0000.0032: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  194.604005][T10817] fido_id[10817]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  194.788622][T10824] IPv4: Oversized IP packet from 127.202.26.0
[  194.969303][T10826] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2512'.
[  195.033595][T10830] dummy0 speed is unknown, defaulting to 1000
[  195.142595][T10830] lo speed is unknown, defaulting to 1000
[  195.206907][T10836] dummy0 speed is unknown, defaulting to 1000
[  195.246487][T10837] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2515'.
[  195.298236][T10836] lo speed is unknown, defaulting to 1000
[  195.456730][T10842] syzkaller1: entered promiscuous mode
[  195.462524][T10842] syzkaller1: entered allmulticast mode
[  195.592719][T10848] syzkaller1: entered promiscuous mode
[  195.598270][T10848] syzkaller1: entered allmulticast mode
[  195.712041][T10856] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2519'.
[  195.747920][   T23] hid-generic 0003:0004:0000.0033: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  196.188920][T10853] dummy0 speed is unknown, defaulting to 1000
[  196.225292][T10853] lo speed is unknown, defaulting to 1000
[  196.376417][T10883] siw: device registration error -23
[  196.394154][T10885] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2531'.
[  196.478292][T10896] syzkaller1: entered promiscuous mode
[  196.484006][T10896] syzkaller1: entered allmulticast mode
[  196.570497][ T3393] hid-generic 0003:0004:0000.0034: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  196.572544][ T4645] hid-generic 0003:0004:0000.0035: hidraw1: USB HID v0.00 Device [syz0] on syz1
[  196.631587][T10907] fido_id[10907]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  196.776099][T10925] FAULT_INJECTION: forcing a failure.
[  196.776099][T10925] name failslab, interval 1, probability 0, space 0, times 0
[  196.777413][T10922] 8021q: adding VLAN 0 to HW filter on device bond2
[  196.788882][T10925] CPU: 0 UID: 0 PID: 10925 Comm: syz.0.2547 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  196.788924][T10925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  196.788992][T10925] Call Trace:
[  196.789001][T10925]  <TASK>
[  196.789012][T10925]  __dump_stack+0x1d/0x30
[  196.789042][T10925]  dump_stack_lvl+0xe8/0x140
[  196.789071][T10925]  dump_stack+0x15/0x1b
[  196.789095][T10925]  should_fail_ex+0x265/0x280
[  196.789209][T10925]  should_failslab+0x8c/0xb0
[  196.789238][T10925]  kmem_cache_alloc_noprof+0x50/0x310
[  196.789276][T10925]  ? audit_log_start+0x365/0x6c0
[  196.789383][T10925]  audit_log_start+0x365/0x6c0
[  196.789433][T10925]  audit_seccomp+0x48/0x100
[  196.789472][T10925]  ? __seccomp_filter+0x68c/0x10d0
[  196.789576][T10925]  __seccomp_filter+0x69d/0x10d0
[  196.789678][T10925]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  196.789726][T10925]  ? vfs_write+0x75e/0x8e0
[  196.789769][T10925]  ? __rcu_read_unlock+0x4f/0x70
[  196.789866][T10925]  ? __fget_files+0x184/0x1c0
[  196.789907][T10925]  __secure_computing+0x82/0x150
[  196.789939][T10925]  syscall_trace_enter+0xcf/0x1e0
[  196.789974][T10925]  do_syscall_64+0xac/0x200
[  196.789999][T10925]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  196.790076][T10925]  ? clear_bhb_loop+0x40/0x90
[  196.790183][T10925]  ? clear_bhb_loop+0x40/0x90
[  196.790214][T10925]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.790243][T10925] RIP: 0033:0x7fb94075e929
[  196.790266][T10925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  196.790345][T10925] RSP: 002b:00007fb93edc7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000121
[  196.790372][T10925] RAX: ffffffffffffffda RBX: 00007fb940985fa0 RCX: 00007fb94075e929
[  196.790389][T10925] RDX: 0000000000000008 RSI: 0000200000000ec0 RDI: ffffffffffffffff
[  196.790407][T10925] RBP: 00007fb93edc7090 R08: 0000000000000000 R09: 0000000000000000
[  196.790426][T10925] R10: 0000000000080800 R11: 0000000000000246 R12: 0000000000000001
[  196.790444][T10925] R13: 0000000000000000 R14: 00007fb940985fa0 R15: 00007ffd34f581f8
[  196.790475][T10925]  </TASK>
[  197.022698][T10928] veth0_to_bond: left allmulticast mode
[  197.063846][T10937] program syz.1.2541 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  197.073341][T10937] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  197.122957][T10928] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  197.236388][T10930] netlink: 'syz.3.2546': attribute type 13 has an invalid length.
[  197.296900][T10937] dummy0 speed is unknown, defaulting to 1000
[  197.373222][T10937] lo speed is unknown, defaulting to 1000
[  197.651015][T10950] xt_cluster: node mask cannot exceed total number of nodes
[  197.682887][ T3384] hid-generic 0003:0004:0000.0036: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  197.718040][T10955] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2555'.
[  197.727165][T10955] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2555'.
[  197.739827][T10952] fido_id[10952]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  197.776146][T10957] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2557'.
[  197.840017][T10963] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2560'.
[  197.977298][T10970] 9pnet_fd: Insufficient options for proto=fd
[  198.016753][   T23] hid-generic 0003:0004:0000.0037: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  198.144912][T10983] dummy0 speed is unknown, defaulting to 1000
[  198.171934][T10978] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2564'.
[  198.199682][T10983] lo speed is unknown, defaulting to 1000
[  198.297917][T10991] siw: device registration error -23
[  198.369179][ T3384] hid-generic 0003:0004:0000.0038: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  198.460689][   T23] hid-generic 0003:0004:0000.0039: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  198.559700][T11009] dummy0 speed is unknown, defaulting to 1000
[  198.602746][T11025] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2574'.
[  198.616130][T11009] lo speed is unknown, defaulting to 1000
[  198.632852][T11023] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2578'.
[  198.746972][T11021] dummy0 speed is unknown, defaulting to 1000
[  198.792232][T11021] lo speed is unknown, defaulting to 1000
[  198.829367][T11039] dummy0 speed is unknown, defaulting to 1000
[  198.922130][T11039] lo speed is unknown, defaulting to 1000
[  199.091408][   T23] hid-generic 0003:0004:0000.003A: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  199.139125][T11056] fido_id[11056]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/0003:0004:0000.003A/report_descriptor': No such file or directory
[  199.177918][ T3393] hid-generic 0003:0004:0000.003B: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  199.289121][T11064] dummy0 speed is unknown, defaulting to 1000
[  199.334312][T11063] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2591'.
[  199.426945][T11064] lo speed is unknown, defaulting to 1000
[  199.459086][   T23] hid-generic 0003:0004:0000.003C: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  199.481029][T11085] siw: device registration error -23
[  199.548980][T11091] Cannot find add_set index 0 as target
[  199.555660][T11089] fido_id[11089]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  199.656538][ T3393] hid-generic 0003:0004:0000.003D: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  199.725323][T11101] netlink: 'syz.3.2602': attribute type 6 has an invalid length.
[  199.741584][T11102] fido_id[11102]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  199.759814][T11101] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2602'.
[  199.793157][ T3393] hid-generic 0003:0004:0000.003E: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  200.079440][T11110] fido_id[11110]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  200.180805][T11098] syz.1.2603 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  200.194982][T11098] CPU: 1 UID: 0 PID: 11098 Comm: syz.1.2603 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  200.195023][T11098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  200.195092][T11098] Call Trace:
[  200.195101][T11098]  <TASK>
[  200.195112][T11098]  __dump_stack+0x1d/0x30
[  200.195142][T11098]  dump_stack_lvl+0xe8/0x140
[  200.195179][T11098]  dump_stack+0x15/0x1b
[  200.195198][T11098]  dump_header+0x81/0x220
[  200.195282][T11098]  oom_kill_process+0x334/0x3f0
[  200.195330][T11098]  out_of_memory+0x979/0xb80
[  200.195421][T11098]  try_charge_memcg+0x5e6/0x9e0
[  200.195467][T11098]  obj_cgroup_charge_pages+0xa6/0x150
[  200.195514][T11098]  __memcg_kmem_charge_page+0x9f/0x170
[  200.195558][T11098]  __alloc_frozen_pages_noprof+0x188/0x360
[  200.195628][T11098]  alloc_pages_mpol+0xb3/0x250
[  200.195675][T11098]  alloc_pages_noprof+0x90/0x130
[  200.195757][T11098]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  200.195826][T11098]  __kvmalloc_node_noprof+0x30f/0x4e0
[  200.195869][T11098]  ? ip_set_alloc+0x1f/0x30
[  200.195921][T11098]  ? ip_set_alloc+0x1f/0x30
[  200.195961][T11098]  ? hash_netiface_create+0x21b/0x740
[  200.196007][T11098]  ? __kmalloc_cache_noprof+0x189/0x320
[  200.196078][T11098]  ip_set_alloc+0x1f/0x30
[  200.196121][T11098]  hash_netiface_create+0x282/0x740
[  200.196208][T11098]  ? __pfx_hash_netiface_create+0x10/0x10
[  200.196252][T11098]  ip_set_create+0x3c9/0x960
[  200.196349][T11098]  ? __nla_parse+0x40/0x60
[  200.196381][T11098]  nfnetlink_rcv_msg+0x4c3/0x590
[  200.196451][T11098]  ? selinux_capable+0x1f9/0x270
[  200.196501][T11098]  netlink_rcv_skb+0x120/0x220
[  200.196545][T11098]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  200.196601][T11098]  nfnetlink_rcv+0x16b/0x1690
[  200.196667][T11098]  ? __kfree_skb+0x109/0x150
[  200.196712][T11098]  ? nlmon_xmit+0x4f/0x60
[  200.196804][T11098]  ? consume_skb+0x49/0x150
[  200.196885][T11098]  ? nlmon_xmit+0x4f/0x60
[  200.196914][T11098]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  200.196989][T11098]  ? __dev_queue_xmit+0x11c0/0x1fb0
[  200.197021][T11098]  ? __dev_queue_xmit+0x182/0x1fb0
[  200.197066][T11098]  ? ref_tracker_free+0x37d/0x3e0
[  200.197121][T11098]  ? __netlink_deliver_tap+0x4dc/0x500
[  200.197233][T11098]  netlink_unicast+0x59e/0x670
[  200.197281][T11098]  netlink_sendmsg+0x58b/0x6b0
[  200.197314][T11098]  ? __pfx_netlink_sendmsg+0x10/0x10
[  200.197373][T11098]  __sock_sendmsg+0x142/0x180
[  200.197411][T11098]  ____sys_sendmsg+0x31e/0x4e0
[  200.197465][T11098]  ___sys_sendmsg+0x17b/0x1d0
[  200.197538][T11098]  __x64_sys_sendmsg+0xd4/0x160
[  200.197614][T11098]  x64_sys_call+0x2999/0x2fb0
[  200.197689][T11098]  do_syscall_64+0xd2/0x200
[  200.197715][T11098]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  200.197769][T11098]  ? clear_bhb_loop+0x40/0x90
[  200.197807][T11098]  ? clear_bhb_loop+0x40/0x90
[  200.197839][T11098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.197869][T11098] RIP: 0033:0x7f89840de929
[  200.197902][T11098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.197929][T11098] RSP: 002b:00007f8982747038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  200.198042][T11098] RAX: ffffffffffffffda RBX: 00007f8984305fa0 RCX: 00007f89840de929
[  200.198064][T11098] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000005
[  200.198082][T11098] RBP: 00007f8984160b39 R08: 0000000000000000 R09: 0000000000000000
[  200.198101][T11098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  200.198117][T11098] R13: 0000000000000000 R14: 00007f8984305fa0 R15: 00007ffcfcb847b8
[  200.198193][T11098]  </TASK>
[  200.198201][T11098] memory: usage 307200kB, limit 307200kB, failcnt 137
[  200.400346][T11120] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2609'.
[  200.400888][T11098] memory+swap: usage 307556kB, limit 9007199254740988kB, failcnt 0
[  200.561536][ T3393] hid-generic 0003:0004:0000.003F: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  200.569395][T11098] kmem: usage 230148kB, limit 9007199254740988kB, failcnt 0
[  200.593808][T11098] Memory cgroup stats for /syz1:
[  200.603721][ T3384] hid-generic 0003:0004:0000.0040: hidraw1: USB HID v0.00 Device [syz0] on syz1
[  200.641073][T11098] cache 78688256
[  200.644740][T11098] rss 204800
[  200.648027][T11098] shmem 78688256
[  200.651668][T11098] mapped_file 0
[  200.655147][T11098] dirty 0
[  200.658184][T11098] writeback 0
[  200.661584][T11098] workingset_refault_anon 14
[  200.666192][T11098] workingset_refault_file 2205
[  200.670975][T11098] swap 364544
[  200.674417][T11098] swapcached 8192
[  200.678288][T11098] pgpgin 267868
[  200.682239][T11098] pgpgout 248605
[  200.685874][T11098] pgfault 190830
[  200.689527][T11098] pgmajfault 28
[  200.693048][T11098] inactive_anon 167936
[  200.697177][T11098] active_anon 78733312
[  200.701302][T11098] inactive_file 0
[  200.705130][T11098] active_file 0
[  200.708614][T11098] unevictable 0
[  200.712146][T11098] hierarchical_memory_limit 314572800
[  200.717813][T11098] hierarchical_memsw_limit 9223372036854771712
[  200.724157][T11098] total_cache 78688256
[  200.728257][T11098] total_rss 204800
[  200.732037][T11098] total_shmem 78688256
[  200.736127][T11098] total_mapped_file 0
[  200.740105][T11098] total_dirty 0
[  200.743601][T11098] total_writeback 0
[  200.747537][T11098] total_workingset_refault_anon 14
[  200.752674][T11098] total_workingset_refault_file 2205
[  200.757981][T11098] total_swap 364544
[  200.761054][T11128] fido_id[11128]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  200.761826][T11098] total_swapcached 8192
[  200.761838][T11098] total_pgpgin 267868
[  200.761849][T11098] total_pgpgout 248605
[  200.761857][T11098] total_pgfault 190830
[  200.761864][T11098] total_pgmajfault 28
[  200.761871][T11098] total_inactive_anon 167936
[  200.761879][T11098] total_active_anon 78733312
[  200.761897][T11098] total_inactive_file 0
[  200.761905][T11098] total_active_file 0
[  200.761911][T11098] total_unevictable 0
[  200.793797][T11134] 9pnet_fd: Insufficient options for proto=fd
[  200.795899][T11098] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.2603,pid=11097,uid=0
[  200.838331][T11098] Memory cgroup out of memory: Killed process 11097 (syz.1.2603) total-vm:95800kB, anon-rss:1064kB, file-rss:22316kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  200.916047][T11139] 8021q: adding VLAN 0 to HW filter on device bond1
[  200.925507][T11141] siw: device registration error -23
[  200.936926][T11139] veth0_to_bond: left allmulticast mode
[  200.946151][T11139] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  201.028493][ T3393] hid-generic 0003:0004:0000.0041: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  201.043562][T11148] netlink: 'syz.0.2614': attribute type 13 has an invalid length.
[  201.060792][   T29] kauditd_printk_skb: 112 callbacks suppressed
[  201.060809][   T29] audit: type=1326 audit(201.038:9310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11138 comm="syz.0.2614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb94075e929 code=0x7ffc0000
[  201.103132][   T29] audit: type=1326 audit(201.038:9311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11138 comm="syz.0.2614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb94075e929 code=0x7ffc0000
[  201.126220][   T29] audit: type=1326 audit(201.038:9312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11138 comm="syz.0.2614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb94075e929 code=0x7ffc0000
[  201.150171][   T29] audit: type=1326 audit(201.038:9313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11138 comm="syz.0.2614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb94075e929 code=0x7ffc0000
[  201.173257][   T29] audit: type=1326 audit(201.038:9314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11138 comm="syz.0.2614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb94075e929 code=0x7ffc0000
[  201.196854][   T29] audit: type=1326 audit(201.038:9315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11138 comm="syz.0.2614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb94075e929 code=0x7ffc0000
[  201.203997][T11159] netlink: 'syz.4.2620': attribute type 6 has an invalid length.
[  201.219798][   T29] audit: type=1326 audit(201.038:9316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11138 comm="syz.0.2614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb94075e929 code=0x7ffc0000
[  201.250855][   T29] audit: type=1326 audit(201.038:9317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11138 comm="syz.0.2614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb94075e929 code=0x7ffc0000
[  201.274250][   T29] audit: type=1326 audit(201.038:9318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11138 comm="syz.0.2614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb94075e929 code=0x7ffc0000
[  201.297435][   T29] audit: type=1326 audit(201.038:9319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11138 comm="syz.0.2614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb94075e929 code=0x7ffc0000
[  201.987823][   T23] hid-generic 0003:0004:0000.0042: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  202.007297][   T23] hid-generic 0003:0004:0000.0043: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  202.019785][T11192] fido_id[11192]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  202.192768][T11200] fido_id[11200]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  202.264654][T11208] FAULT_INJECTION: forcing a failure.
[  202.264654][T11208] name failslab, interval 1, probability 0, space 0, times 0
[  202.277626][T11208] CPU: 1 UID: 0 PID: 11208 Comm: syz.2.2637 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  202.277660][T11208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  202.277675][T11208] Call Trace:
[  202.277786][T11208]  <TASK>
[  202.277796][T11208]  __dump_stack+0x1d/0x30
[  202.277816][T11208]  dump_stack_lvl+0xe8/0x140
[  202.277840][T11208]  dump_stack+0x15/0x1b
[  202.277862][T11208]  should_fail_ex+0x265/0x280
[  202.277975][T11208]  should_failslab+0x8c/0xb0
[  202.277997][T11208]  kmem_cache_alloc_noprof+0x50/0x310
[  202.278083][T11208]  ? getname_flags+0x80/0x3b0
[  202.278134][T11208]  getname_flags+0x80/0x3b0
[  202.278164][T11208]  getname_uflags+0x21/0x30
[  202.278190][T11208]  __x64_sys_execveat+0x5d/0x90
[  202.278227][T11208]  x64_sys_call+0x2dae/0x2fb0
[  202.278288][T11208]  do_syscall_64+0xd2/0x200
[  202.278311][T11208]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  202.278343][T11208]  ? clear_bhb_loop+0x40/0x90
[  202.278388][T11208]  ? clear_bhb_loop+0x40/0x90
[  202.278409][T11208]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.278467][T11208] RIP: 0033:0x7f61a767e929
[  202.278493][T11208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.278530][T11208] RSP: 002b:00007f61a5ce7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  202.278553][T11208] RAX: ffffffffffffffda RBX: 00007f61a78a5fa0 RCX: 00007f61a767e929
[  202.278567][T11208] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  202.278582][T11208] RBP: 00007f61a5ce7090 R08: 0000000000001000 R09: 0000000000000000
[  202.278597][T11208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.278611][T11208] R13: 0000000000000000 R14: 00007f61a78a5fa0 R15: 00007fff54e80da8
[  202.278700][T11208]  </TASK>
[  202.648222][   T23] hid-generic 0003:0004:0000.0044: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  202.673148][T11237] siw: device registration error -23
[  202.728963][T11243] __nla_validate_parse: 2 callbacks suppressed
[  202.728979][T11243] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2651'.
[  203.094173][T11265] siw: device registration error -23
[  203.170538][   T23] hid-generic 0003:0004:0000.0045: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  203.310340][   T23] hid-generic 0003:0004:0000.0046: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  203.559315][T11305] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2672'.
[  203.626188][T11312] netlink: 'syz.0.2673': attribute type 6 has an invalid length.
[  203.637843][T11312] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2673'.
[  204.394034][T11353] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2690'.
[  204.405998][T11353] 1ªX¹¦À: renamed from 
60ªX¹¦À
[  204.413737][T11353] A link change request failed with some changes committed already. Interface 
61ªX¹¦À may have been left with an inconsistent configuration, please check.
[  204.433826][T11355] netlink: 'syz.4.2688': attribute type 6 has an invalid length.
[  204.472874][T11356] dummy0 speed is unknown, defaulting to 1000
[  204.528530][T11356] lo speed is unknown, defaulting to 1000
[  204.534769][T11354] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2689'.
[  204.563082][T11365] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2694'.
[  205.259104][   T23] hid-generic 0003:0004:0000.0047: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  205.298838][T11402] fido_id[11402]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  205.319709][ T3393] hid-generic 0003:0004:0000.0048: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  205.441998][T11412] dummy0 speed is unknown, defaulting to 1000
[  205.485522][T11412] lo speed is unknown, defaulting to 1000
[  205.501066][T11410] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2710'.
[  205.715508][T11434] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2715'.
[  206.291093][   T23] hid-generic 0003:0004:0000.0049: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  206.294866][T11442] dummy0 speed is unknown, defaulting to 1000
[  206.375638][T11442] lo speed is unknown, defaulting to 1000
[  206.441994][T11438] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  206.459950][T11438] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  206.574159][T11480] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2733'.
[  207.060064][   T23] hid-generic 0003:0004:0000.004A: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  207.101342][T11489] fido_id[11489]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  207.266019][   T29] kauditd_printk_skb: 19 callbacks suppressed
[  207.266038][   T29] audit: type=1326 audit(207.248:9339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11511 comm="syz.1.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  207.275100][T11510] dummy0 speed is unknown, defaulting to 1000
[  207.315360][   T29] audit: type=1326 audit(207.278:9340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11511 comm="syz.1.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  207.338364][   T29] audit: type=1326 audit(207.278:9341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11511 comm="syz.1.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  207.361398][   T29] audit: type=1326 audit(207.278:9342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11511 comm="syz.1.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  207.384443][   T29] audit: type=1326 audit(207.278:9343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11511 comm="syz.1.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  207.416937][   T29] audit: type=1326 audit(207.318:9344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11511 comm="syz.1.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  207.440001][   T29] audit: type=1326 audit(207.348:9345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11511 comm="syz.1.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  207.463171][   T29] audit: type=1326 audit(207.348:9346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11511 comm="syz.1.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  207.463219][   T29] audit: type=1326 audit(207.348:9347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11511 comm="syz.1.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  207.463244][   T29] audit: type=1326 audit(207.348:9348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11511 comm="syz.1.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  207.637920][T11510] lo speed is unknown, defaulting to 1000
[  207.650911][T11530] netlink: 20 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  207.699173][ T3384] hid-generic 0003:0004:0000.004B: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  207.757818][T11543] fido_id[11543]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  207.905400][T11562] netlink: 'syz.0.2764': attribute type 6 has an invalid length.
[  207.916086][T11562] __nla_validate_parse: 1 callbacks suppressed
[  207.916106][T11562] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2764'.
[  207.993378][T11565] ALSA: seq fatal error: cannot create timer (-19)
[  208.077588][   T23] hid-generic 0003:0004:0000.004C: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  208.105627][T11576] dummy0 speed is unknown, defaulting to 1000
[  208.119730][T11577] fido_id[11577]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  208.203952][T11576] lo speed is unknown, defaulting to 1000
[  208.241351][T11584] netlink: 20 bytes leftover after parsing attributes in process `'.
[  208.258789][T11584] netlink: 48 bytes leftover after parsing attributes in process `'.
[  208.547511][T11613] netlink: 'syz.1.2787': attribute type 6 has an invalid length.
[  208.572526][T11613] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2787'.
[  208.583444][T11615] syzkaller1: entered promiscuous mode
[  208.589074][T11615] syzkaller1: entered allmulticast mode
[  208.889686][T11621] dummy0 speed is unknown, defaulting to 1000
[  209.114302][T11621] lo speed is unknown, defaulting to 1000
[  209.360192][T11643] syzkaller1: entered promiscuous mode
[  209.365937][T11643] syzkaller1: entered allmulticast mode
[  209.396223][ T4645] hid-generic 0003:0004:0000.004D: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  209.526405][T11662] ALSA: seq fatal error: cannot create timer (-22)
[  209.537238][T11663] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2804'.
[  210.050703][T11682] siw: device registration error -23
[  210.116078][T11686] dummy0 speed is unknown, defaulting to 1000
[  210.158287][ T4645] hid-generic 0003:0004:0000.004E: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  210.239280][T11692] fido_id[11692]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  210.307697][T11686] lo speed is unknown, defaulting to 1000
[  210.652879][T11727] dummy0 speed is unknown, defaulting to 1000
[  210.764383][T11727] lo speed is unknown, defaulting to 1000
[  211.024724][T11730] syzkaller1: entered promiscuous mode
[  211.030292][T11730] syzkaller1: entered allmulticast mode
[  211.316560][T11742] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2834'.
[  211.427999][ T3384] hid-generic 0003:0004:0000.004F: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  211.442211][T11752] dummy0 speed is unknown, defaulting to 1000
[  211.502423][T11760] netlink: 'syz.4.2841': attribute type 6 has an invalid length.
[  211.556325][ T3384] hid-generic 0003:0004:0000.0050: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  211.567192][T11759] fido_id[11759]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  211.648229][T11772] fido_id[11772]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  211.652830][T11752] lo speed is unknown, defaulting to 1000
[  211.738995][T11784] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2847'.
[  211.874669][T11795] syzkaller1: entered promiscuous mode
[  211.880220][T11795] syzkaller1: entered allmulticast mode
[  211.971976][T11803] SELinux:  Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped).
[  211.996519][T11809] dummy0 speed is unknown, defaulting to 1000
[  212.103466][T11809] lo speed is unknown, defaulting to 1000
[  212.244788][   T23] hid-generic 0003:0004:0000.0051: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  212.282157][T11835] syzkaller1: entered promiscuous mode
[  212.287838][T11835] syzkaller1: entered allmulticast mode
[  212.301107][   T23] hid-generic 0003:0004:0000.0052: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  212.304301][T11837] fido_id[11837]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  212.370834][T11841] fido_id[11841]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  212.417166][   T29] kauditd_printk_skb: 185 callbacks suppressed
[  212.417183][   T29] audit: type=1400 audit(212.398:9534): avc:  denied  { write } for  pid=11848 comm="syz.4.2874" name="001" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  212.453214][   T29] audit: type=1400 audit(212.398:9535): avc:  denied  { execmem } for  pid=11848 comm="syz.4.2874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  212.485481][T11850] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2867'.
[  212.499664][ T4645] hid-generic 0003:0004:0000.0053: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  212.525869][   T29] audit: type=1400 audit(212.508:9536): avc:  denied  { create } for  pid=11848 comm="syz.4.2874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  212.588139][T11856] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2876'.
[  212.591830][   T29] audit: type=1400 audit(212.528:9537): avc:  denied  { write } for  pid=11848 comm="syz.4.2874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  212.597427][T11856] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2876'.
[  212.690797][   T29] audit: type=1400 audit(212.608:9538): avc:  denied  { create } for  pid=11848 comm="syz.4.2874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  212.728772][   T29] audit: type=1400 audit(212.708:9539): avc:  denied  { mounton } for  pid=11860 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  212.818440][T11860] dummy0 speed is unknown, defaulting to 1000
[  212.859274][T11860] lo speed is unknown, defaulting to 1000
[  212.948386][T11860] chnl_net:caif_netlink_parms(): no params data found
[  213.015095][T11860] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.022464][T11860] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.032983][T11875] __nla_validate_parse: 1 callbacks suppressed
[  213.033003][T11875] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2878'.
[  213.050106][T11860] bridge_slave_0: entered allmulticast mode
[  213.058289][T11860] bridge_slave_0: entered promiscuous mode
[  213.066422][T11860] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.073642][T11860] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.081106][T11860] bridge_slave_1: entered allmulticast mode
[  213.088292][T11860] bridge_slave_1: entered promiscuous mode
[  213.117894][T11860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  213.137537][T11860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  213.183853][   T23] hid-generic 0003:0004:0000.0054: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  213.214307][T11860] team0: Port device team_slave_0 added
[  213.232535][T11860] team0: Port device team_slave_1 added
[  213.245124][T11892] netlink: 'syz.1.2883': attribute type 6 has an invalid length.
[  213.264391][T11860] batman_adv: batadv0: Adding interface: batadv_slave_0
[  213.271462][T11860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  213.297585][T11860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  213.315176][T11860] batman_adv: batadv0: Adding interface: batadv_slave_1
[  213.322231][T11860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  213.348224][T11860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  213.383785][T11893] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2883'.
[  213.443338][   T29] audit: type=1400 audit(213.428:9540): avc:  denied  { read } for  pid=3035 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  213.489834][T11860] hsr_slave_0: entered promiscuous mode
[  213.495888][   T29] audit: type=1400 audit(213.458:9541): avc:  denied  { search } for  pid=3035 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  213.516802][   T29] audit: type=1400 audit(213.458:9542): avc:  denied  { search } for  pid=3035 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  213.537865][   T29] audit: type=1400 audit(213.458:9543): avc:  denied  { search } for  pid=3035 comm="dhcpcd" name="data" dev="tmpfs" ino=13 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  213.564331][T11860] hsr_slave_1: entered promiscuous mode
[  213.572724][ T6514] bridge_slave_1: left allmulticast mode
[  213.578441][ T6514] bridge_slave_1: left promiscuous mode
[  213.584377][ T6514] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.594295][ T6514] bridge_slave_0: left allmulticast mode
[  213.599972][ T6514] bridge_slave_0: left promiscuous mode
[  213.605743][ T6514] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.655814][ T6514] $Hÿ (unregistering): (slave bond_slave_0): Releasing backup interface
[  213.665338][ T6514] $Hÿ (unregistering): (slave bond_slave_1): Releasing backup interface
[  213.675827][ T6514] $Hÿ (unregistering): (slave dummy0): Releasing backup interface
[  213.692521][ T6514] $Hÿ (unregistering): Released all slaves
[  213.700960][T11910] FAULT_INJECTION: forcing a failure.
[  213.700960][T11910] name failslab, interval 1, probability 0, space 0, times 0
[  213.713793][T11910] CPU: 0 UID: 0 PID: 11910 Comm: syz.1.2888 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  213.713829][T11910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  213.713845][T11910] Call Trace:
[  213.713852][T11910]  <TASK>
[  213.713860][T11910]  __dump_stack+0x1d/0x30
[  213.713895][T11910]  dump_stack_lvl+0xe8/0x140
[  213.713920][T11910]  dump_stack+0x15/0x1b
[  213.713941][T11910]  should_fail_ex+0x265/0x280
[  213.713980][T11910]  should_failslab+0x8c/0xb0
[  213.714006][T11910]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  213.714089][T11910]  ? __d_alloc+0x3d/0x350
[  213.714121][T11910]  __d_alloc+0x3d/0x350
[  213.714202][T11910]  ? mpol_shared_policy_init+0xbd/0x4c0
[  213.714246][T11910]  d_alloc_pseudo+0x1e/0x80
[  213.714271][T11910]  alloc_file_pseudo+0x71/0x160
[  213.714334][T11910]  __shmem_file_setup+0x1de/0x210
[  213.714419][T11910]  shmem_file_setup+0x3b/0x50
[  213.714456][T11910]  __se_sys_memfd_create+0x2c3/0x590
[  213.714493][T11910]  __x64_sys_memfd_create+0x31/0x40
[  213.714586][T11910]  x64_sys_call+0x122f/0x2fb0
[  213.714673][T11910]  do_syscall_64+0xd2/0x200
[  213.714730][T11910]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  213.714763][T11910]  ? clear_bhb_loop+0x40/0x90
[  213.714784][T11910]  ? clear_bhb_loop+0x40/0x90
[  213.714806][T11910]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.714843][T11910] RIP: 0033:0x7f89840de929
[  213.714858][T11910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.714929][T11910] RSP: 002b:00007f8982746e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  213.714953][T11910] RAX: ffffffffffffffda RBX: 00000000000004f2 RCX: 00007f89840de929
[  213.714969][T11910] RDX: 00007f8982746ef0 RSI: 0000000000000000 RDI: 00007f89841614cc
[  213.714985][T11910] RBP: 0000200000000600 R08: 00007f8982746bb7 R09: 00007f8982746e40
[  213.714998][T11910] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  213.715067][T11910] R13: 00007f8982746ef0 R14: 00007f8982746eb0 R15: 00002000000002c0
[  213.715094][T11910]  </TASK>
[  213.720374][T11903] syzkaller1: entered promiscuous mode
[  213.933849][T11903] syzkaller1: entered allmulticast mode
[  214.010456][T11928] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2890'.
[  214.098323][ T6514] hsr_slave_0: left promiscuous mode
[  214.107866][ T6514] hsr_slave_1: left promiscuous mode
[  214.121483][ T6514] batman_adv: batadv0: Removing interface: batadv_slave_0
[  214.144396][ T6514] batman_adv: batadv0: Removing interface: batadv_slave_1
[  214.152142][ T3384] hid-generic 0003:0004:0000.0055: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  214.232030][ T6514] team0 (unregistering): Port device team_slave_1 removed
[  214.243326][ T6514] team0 (unregistering): Port device team_slave_0 removed
[  214.472059][T11970] syzkaller1: entered promiscuous mode
[  214.477619][T11970] syzkaller1: entered allmulticast mode
[  214.557438][ T3384] hid-generic 0003:0004:0000.0056: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  214.591982][T11987] netlink: 'syz.3.2903': attribute type 6 has an invalid length.
[  214.638291][T11988] fido_id[11988]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  214.662459][T11987] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2903'.
[  214.844617][T11860] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  214.916406][T11860] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  214.979450][T11860] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  215.062183][T11860] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  215.345952][T11860] 8021q: adding VLAN 0 to HW filter on device bond0
[  215.404129][ T3384] hid-generic 0003:0004:0000.0057: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  215.411547][T11860] 8021q: adding VLAN 0 to HW filter on device team0
[  215.429139][T12012] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.436392][T12012] bridge0: port 1(bridge_slave_0) entered forwarding state
[  215.543845][ T3437] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.550974][ T3437] bridge0: port 2(bridge_slave_1) entered forwarding state
[  215.750974][T11860] 8021q: adding VLAN 0 to HW filter on device batadv0
[  215.810210][T12073] syzkaller1: entered promiscuous mode
[  215.815862][T12073] syzkaller1: entered allmulticast mode
[  215.887209][T12089] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2922'.
[  216.025968][T11860] veth0_vlan: entered promiscuous mode
[  216.035173][T11860] veth1_vlan: entered promiscuous mode
[  216.050878][T11860] veth0_macvtap: entered promiscuous mode
[  216.058760][T11860] veth1_macvtap: entered promiscuous mode
[  216.110935][T11860] batman_adv: batadv0: Interface activated: batadv_slave_0
[  216.229352][T12096] dummy0 speed is unknown, defaulting to 1000
[  216.244721][T11860] batman_adv: batadv0: Interface activated: batadv_slave_1
[  216.307455][T11860] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  216.316418][T11860] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  216.325213][T11860] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  216.334067][T11860] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  216.646897][T12096] lo speed is unknown, defaulting to 1000
[  217.246704][ T3413] Process accounting resumed
[  217.273353][T12115] dummy0 speed is unknown, defaulting to 1000
[  217.376087][T12143] syzkaller1: entered promiscuous mode
[  217.382191][T12143] syzkaller1: entered allmulticast mode
[  217.397195][T12115] lo speed is unknown, defaulting to 1000
[  217.405630][T12141] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2939'.
[  217.416588][T12144] dummy0 speed is unknown, defaulting to 1000
[  217.543856][T12144] lo speed is unknown, defaulting to 1000
[  217.575871][T12115] chnl_net:caif_netlink_parms(): no params data found
[  217.671182][T12012] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.765124][T12012] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.805084][T12115] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.812373][T12115] bridge0: port 1(bridge_slave_0) entered disabled state
[  217.831818][T12115] bridge_slave_0: entered allmulticast mode
[  217.844502][T12115] bridge_slave_0: entered promiscuous mode
[  217.867886][T12012] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.907376][T12115] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.914743][T12115] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.926631][T12115] bridge_slave_1: entered allmulticast mode
[  217.933779][T12115] bridge_slave_1: entered promiscuous mode
[  217.970044][T12012] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.009619][T12115] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  218.018889][T12174] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2945'.
[  218.033592][T12162] dummy0 speed is unknown, defaulting to 1000
[  218.047395][T12115] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  218.071149][T12178] FAULT_INJECTION: forcing a failure.
[  218.071149][T12178] name failslab, interval 1, probability 0, space 0, times 0
[  218.085454][T12178] CPU: 1 UID: 0 PID: 12178 Comm: syz.2.2952 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  218.085486][T12178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  218.085634][T12178] Call Trace:
[  218.085641][T12178]  <TASK>
[  218.085651][T12178]  __dump_stack+0x1d/0x30
[  218.085675][T12178]  dump_stack_lvl+0xe8/0x140
[  218.085697][T12178]  dump_stack+0x15/0x1b
[  218.085715][T12178]  should_fail_ex+0x265/0x280
[  218.085749][T12178]  should_failslab+0x8c/0xb0
[  218.085793][T12178]  kmem_cache_alloc_node_noprof+0x57/0x320
[  218.085823][T12178]  ? __alloc_skb+0x101/0x320
[  218.085856][T12178]  __alloc_skb+0x101/0x320
[  218.085887][T12178]  netlink_alloc_large_skb+0xba/0xf0
[  218.085993][T12178]  netlink_sendmsg+0x3cf/0x6b0
[  218.086015][T12178]  ? __pfx_netlink_sendmsg+0x10/0x10
[  218.086126][T12178]  __sock_sendmsg+0x142/0x180
[  218.086222][T12178]  ____sys_sendmsg+0x31e/0x4e0
[  218.086321][T12178]  ___sys_sendmsg+0x17b/0x1d0
[  218.086373][T12178]  __x64_sys_sendmsg+0xd4/0x160
[  218.086447][T12178]  x64_sys_call+0x2999/0x2fb0
[  218.086470][T12178]  do_syscall_64+0xd2/0x200
[  218.086489][T12178]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  218.086524][T12178]  ? clear_bhb_loop+0x40/0x90
[  218.086546][T12178]  ? clear_bhb_loop+0x40/0x90
[  218.086646][T12178]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  218.086668][T12178] RIP: 0033:0x7f54dfb8e929
[  218.086685][T12178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  218.086704][T12178] RSP: 002b:00007f54de1f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  218.086726][T12178] RAX: ffffffffffffffda RBX: 00007f54dfdb5fa0 RCX: 00007f54dfb8e929
[  218.086740][T12178] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  218.086804][T12178] RBP: 00007f54de1f7090 R08: 0000000000000000 R09: 0000000000000000
[  218.086817][T12178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  218.086830][T12178] R13: 0000000000000000 R14: 00007f54dfdb5fa0 R15: 00007ffe468e36f8
[  218.086852][T12178]  </TASK>
[  218.305983][T12176] syzkaller1: entered promiscuous mode
[  218.311566][T12176] syzkaller1: entered allmulticast mode
[  218.429568][ T3393] hid-generic 0003:0004:0000.0058: unknown main item tag 0x0
[  218.437293][ T3393] hid-generic 0003:0004:0000.0058: unknown main item tag 0x0
[  218.444829][ T3393] hid-generic 0003:0004:0000.0058: unknown main item tag 0x0
[  218.473737][ T3393] hid-generic 0003:0004:0000.0058: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  218.713561][T12012] bond0 (unregistering): Released all slaves
[  218.726431][T12012] bond1 (unregistering): (slave veth0_to_bond): Releasing backup interface
[  218.738768][T12012] bond1 (unregistering): Released all slaves
[  218.755100][T12162] lo speed is unknown, defaulting to 1000
[  218.794663][T12115] team0: Port device team_slave_0 added
[  218.823914][T12189] dummy0 speed is unknown, defaulting to 1000
[  218.830270][T12012] tipc: Left network mode
[  218.835467][T12115] team0: Port device team_slave_1 added
[  218.843324][ T3413] hid-generic 0003:0004:0000.0059: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  218.890745][T12115] batman_adv: batadv0: Adding interface: batadv_slave_0
[  218.897878][T12115] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.904957][T12223] fido_id[12223]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  218.928710][T12115] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  218.974159][T12115] batman_adv: batadv0: Adding interface: batadv_slave_1
[  218.981369][T12115] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.007338][T12115] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  219.025247][T12189] lo speed is unknown, defaulting to 1000
[  219.094611][T12012] veth1_macvtap: left promiscuous mode
[  219.100215][T12012] veth0_macvtap: left promiscuous mode
[  219.106559][T12012] veth1_vlan: left promiscuous mode
[  219.115108][T12012] veth0_vlan: left promiscuous mode
[  219.219745][T12243] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2967'.
[  219.293348][ T3413] dummy0 speed is unknown, defaulting to 1000
[  219.299810][ T3413] infiniband syz2: ib_query_port failed (-19)
[  219.319157][ T3393] lo speed is unknown, defaulting to 1000
[  219.325163][ T3393] syz0: Port: 1 Link DOWN
[  219.370852][T12115] hsr_slave_0: entered promiscuous mode
[  219.377060][T12115] hsr_slave_1: entered promiscuous mode
[  219.383250][T12115] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  219.390831][T12115] Cannot create hsr debugfs directory
[  219.558258][T12162] uprobe: syz.3.2945:12162 failed to unregister, leaking uprobe
[  219.695745][T12279] netlink: 'syz.1.2973': attribute type 6 has an invalid length.
[  219.716414][T12281] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2976'.
[  219.738607][T12279] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2973'.
[  219.852588][T12302] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2978'.
[  219.900758][T12115] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  219.926656][T12115] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  219.943362][T12115] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  219.954576][T12115] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  220.016247][T12115] 8021q: adding VLAN 0 to HW filter on device bond0
[  220.067043][T12115] 8021q: adding VLAN 0 to HW filter on device team0
[  220.104532][  T273] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.104603][T12321] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2985'.
[  220.111643][  T273] bridge0: port 1(bridge_slave_0) entered forwarding state
[  220.130167][  T273] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.137278][  T273] bridge0: port 2(bridge_slave_1) entered forwarding state
[  220.177561][T12339] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2990'.
[  220.212120][T12338] Process accounting resumed
[  220.246806][T12344] dummy0 speed is unknown, defaulting to 1000
[  220.278656][T12344] dummy0 speed is unknown, defaulting to 1000
[  220.296979][T12344] dummy0 speed is unknown, defaulting to 1000
[  220.306405][T12115] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.317574][   T29] kauditd_printk_skb: 34 callbacks suppressed
[  220.317644][   T29] audit: type=1326 audit(220.298:9578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12352 comm="syz.1.2995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  220.348456][T12344] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  220.378321][T12344] dummy0 speed is unknown, defaulting to 1000
[  220.411359][ T3413] hid-generic 0003:0004:0000.005A: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  220.424170][T12344] dummy0 speed is unknown, defaulting to 1000
[  220.437822][T12344] dummy0 speed is unknown, defaulting to 1000
[  220.449204][   T29] audit: type=1326 audit(220.348:9579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12352 comm="syz.1.2995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  220.472510][   T29] audit: type=1326 audit(220.348:9580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12352 comm="syz.1.2995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  220.474684][T12012] IPVS: stop unused estimator thread 0...
[  220.495490][   T29] audit: type=1326 audit(220.348:9581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12352 comm="syz.1.2995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  220.524550][   T29] audit: type=1326 audit(220.348:9582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12352 comm="syz.1.2995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  220.547699][   T29] audit: type=1326 audit(220.348:9583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12352 comm="syz.1.2995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  220.570877][   T29] audit: type=1326 audit(220.348:9584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12352 comm="syz.1.2995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  220.576292][T12344] dummy0 speed is unknown, defaulting to 1000
[  220.593833][   T29] audit: type=1326 audit(220.348:9585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12352 comm="syz.1.2995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  220.623007][   T29] audit: type=1326 audit(220.348:9586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12352 comm="syz.1.2995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  220.624108][T12115] veth0_vlan: entered promiscuous mode
[  220.646013][   T29] audit: type=1326 audit(220.348:9587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12352 comm="syz.1.2995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89840de929 code=0x7ffc0000
[  220.675904][T12344] dummy0 speed is unknown, defaulting to 1000
[  220.703824][T12115] veth1_vlan: entered promiscuous mode
[  220.718750][T12344] dummy0 speed is unknown, defaulting to 1000
[  220.768266][   T23] hid-generic 0003:0004:0000.005B: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  220.810421][T12344] dummy0 speed is unknown, defaulting to 1000
[  220.822637][T12115] veth0_macvtap: entered promiscuous mode
[  220.851032][T12115] veth1_macvtap: entered promiscuous mode
[  220.905064][T12115] batman_adv: batadv0: Interface activated: batadv_slave_0
[  220.919385][T12384] fido_id[12384]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  220.936297][T12115] batman_adv: batadv0: Interface activated: batadv_slave_1
[  220.947175][T12115] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  220.956074][T12115] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  220.965008][T12115] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  220.974351][T12115] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  221.030856][T12389] netlink: 'syz.2.2999': attribute type 6 has an invalid length.
[  221.084511][T12396] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2999'.
[  221.136570][T12394] netlink: 'syz.3.3002': attribute type 27 has an invalid length.
[  221.209647][T12394] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  221.409640][T12418] Process accounting resumed
[  221.446477][T12413] dummy0 speed is unknown, defaulting to 1000
[  221.519284][ T3393] hid-generic 0003:0004:0000.005C: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  221.563300][ T3393] hid-generic 0003:0004:0000.005D: hidraw1: USB HID v0.00 Device [syz0] on syz1
[  221.665095][T12440] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3010'.
[  221.879644][   T36] IPVS: starting estimator thread 0...
[  221.961375][T12466] IPVS: using max 2352 ests per chain, 117600 per kthread
[  221.974543][T12474] netlink: 'syz.2.3015': attribute type 6 has an invalid length.
[  222.004330][T12474] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3015'.
[  222.044344][   T36] hid-generic 0003:0004:0000.005E: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  222.170785][T12447] dummy0 speed is unknown, defaulting to 1000
[  222.369976][ T3437] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.435058][T12447] chnl_net:caif_netlink_parms(): no params data found
[  222.475638][ T3393] hid-generic 0003:0004:0000.005F: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  222.504697][ T3437] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.580217][ T3437] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.597154][T12531] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3025'.
[  222.626547][T12529] netlink: 'syz.1.3026': attribute type 27 has an invalid length.
[  222.654392][T12529] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  222.669467][ T3437] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.741641][T12447] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.748842][T12447] bridge0: port 1(bridge_slave_0) entered disabled state
[  222.775984][T12447] bridge_slave_0: entered allmulticast mode
[  222.782886][T12447] bridge_slave_0: entered promiscuous mode
[  222.791164][T12447] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.798515][T12447] bridge0: port 2(bridge_slave_1) entered disabled state
[  222.806095][T12447] bridge_slave_1: entered allmulticast mode
[  222.815378][T12447] bridge_slave_1: entered promiscuous mode
[  222.852182][T12447] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  222.865060][T12447] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  222.887379][T12447] team0: Port device team_slave_0 added
[  222.894918][T12447] team0: Port device team_slave_1 added
[  222.945337][T12447] batman_adv: batadv0: Adding interface: batadv_slave_0
[  222.952440][T12447] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  222.978705][T12447] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  223.028367][T12559] FAULT_INJECTION: forcing a failure.
[  223.028367][T12559] name failslab, interval 1, probability 0, space 0, times 0
[  223.041159][T12559] CPU: 1 UID: 0 PID: 12559 Comm: syz.4.3035 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  223.041202][T12559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  223.041223][T12559] Call Trace:
[  223.041230][T12559]  <TASK>
[  223.041282][T12559]  __dump_stack+0x1d/0x30
[  223.041308][T12559]  dump_stack_lvl+0xe8/0x140
[  223.041327][T12559]  dump_stack+0x15/0x1b
[  223.041371][T12559]  should_fail_ex+0x265/0x280
[  223.041412][T12559]  should_failslab+0x8c/0xb0
[  223.041442][T12559]  kmem_cache_alloc_noprof+0x50/0x310
[  223.041472][T12559]  ? sk_prot_alloc+0x3f/0x190
[  223.041584][T12559]  sk_prot_alloc+0x3f/0x190
[  223.041624][T12559]  sk_alloc+0x34/0x360
[  223.041662][T12559]  unix_create1+0xa5/0x430
[  223.041684][T12559]  ? inode_init_always_gfp+0x4cd/0x500
[  223.041793][T12559]  unix_create+0xff/0x130
[  223.041815][T12559]  __sock_create+0x2e9/0x5b0
[  223.041849][T12559]  __sys_socketpair+0x1bc/0x430
[  223.041914][T12559]  __x64_sys_socketpair+0x52/0x60
[  223.041948][T12559]  x64_sys_call+0x23f2/0x2fb0
[  223.041976][T12559]  do_syscall_64+0xd2/0x200
[  223.041999][T12559]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  223.042062][T12559]  ? clear_bhb_loop+0x40/0x90
[  223.042086][T12559]  ? clear_bhb_loop+0x40/0x90
[  223.042111][T12559]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.042131][T12559] RIP: 0033:0x7f9b74c0087a
[  223.042145][T12559] Code: 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 35 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  223.042257][T12559] RSP: 002b:00007f9b73266f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  223.042275][T12559] RAX: ffffffffffffffda RBX: 00007f9b74e25f01 RCX: 00007f9b74c0087a
[  223.042287][T12559] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[  223.042312][T12559] RBP: 00007f9b73267090 R08: 0000000000000000 R09: 0000000000000000
[  223.042367][T12559] R10: 00007f9b73266f98 R11: 0000000000000246 R12: 0000000000000005
[  223.042380][T12559] R13: 0000000000000001 R14: 00007f9b74e25fa0 R15: 00007ffe882b93b8
[  223.042402][T12559]  </TASK>
[  223.280710][T12447] batman_adv: batadv0: Adding interface: batadv_slave_1
[  223.287745][T12447] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  223.313722][T12447] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  223.380033][T12447] hsr_slave_0: entered promiscuous mode
[  223.386606][T12447] hsr_slave_1: entered promiscuous mode
[  223.392800][T12447] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  223.400460][T12447] Cannot create hsr debugfs directory
[  223.406598][T12550] dummy0 speed is unknown, defaulting to 1000
[  223.470475][ T3437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  223.481506][ T3437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  223.491864][ T3437] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  223.504079][ T3437] bond0 (unregistering): Released all slaves
[  223.516294][ T3437] bond1 (unregistering): Released all slaves
[  223.525654][ T3437] bond2 (unregistering): (slave veth0_to_bond): Releasing backup interface
[  223.535786][ T3437] bond2 (unregistering): Released all slaves
[  223.550830][ T3393] dummy0 speed is unknown, defaulting to 1000
[  223.557187][ T3393] syz2: Port: 1 Link DOWN
[  223.561645][ T3413] dummy0 speed is unknown, defaulting to 1000
[  223.630023][ T3437] tipc: Left network mode
[  223.718574][ T3437] hsr_slave_0: left promiscuous mode
[  223.732345][ T3437] hsr_slave_1: left promiscuous mode
[  223.738313][ T3437] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  223.745865][ T3437] batman_adv: batadv0: Removing interface: batadv_slave_0
[  223.786065][ T3437] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  223.793638][ T3437] batman_adv: batadv0: Removing interface: batadv_slave_1
[  223.915972][T12591] netlink: 'syz.0.3038': attribute type 6 has an invalid length.
[  223.955994][T12568] dummy0 speed is unknown, defaulting to 1000
[  223.974039][   T51] smc: removing ib device syz!
[  224.023467][T12597] dummy0 speed is unknown, defaulting to 1000
[  224.051211][T12597] dummy0 speed is unknown, defaulting to 1000
[  224.069038][T12597] dummy0 speed is unknown, defaulting to 1000
[  224.092283][T12597] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  224.149660][T12597] dummy0 speed is unknown, defaulting to 1000
[  224.160618][T12597] dummy0 speed is unknown, defaulting to 1000
[  224.190899][T12597] dummy0 speed is unknown, defaulting to 1000
[  224.253657][T12597] dummy0 speed is unknown, defaulting to 1000
[  224.272750][T12597] dummy0 speed is unknown, defaulting to 1000
[  224.280354][ T3413] hid-generic 0003:0004:0000.0060: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  224.303991][T12597] dummy0 speed is unknown, defaulting to 1000
[  224.350691][T12597] dummy0 speed is unknown, defaulting to 1000
[  224.367965][T12622] fido_id[12622]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  224.384287][T12447] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  224.434221][T12447] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  224.458196][T12447] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  224.484710][T12447] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  224.606919][T12447] 8021q: adding VLAN 0 to HW filter on device bond0
[  224.635338][T12447] 8021q: adding VLAN 0 to HW filter on device team0
[  224.666252][   T51] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.673382][   T51] bridge0: port 1(bridge_slave_0) entered forwarding state
[  224.715096][  T781] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.722240][  T781] bridge0: port 2(bridge_slave_1) entered forwarding state
[  224.846603][T12447] 8021q: adding VLAN 0 to HW filter on device batadv0
[  225.095731][ T3413] hid-generic 0003:0004:0000.0061: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  225.359489][T12718] __nla_validate_parse: 2 callbacks suppressed
[  225.359505][T12718] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3072'.
[  226.196737][T12447] veth0_vlan: entered promiscuous mode
[  226.240614][T12722] fido_id[12722]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  226.274986][T12447] veth1_vlan: entered promiscuous mode
[  226.285390][   T29] kauditd_printk_skb: 28 callbacks suppressed
[  226.285406][   T29] audit: type=1400 audit(226.268:9616): avc:  denied  { create } for  pid=12731 comm="syz.2.3076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  226.367601][T12447] veth0_macvtap: entered promiscuous mode
[  226.385645][T12447] veth1_macvtap: entered promiscuous mode
[  226.396396][   T29] audit: type=1400 audit(226.358:9617): avc:  denied  { mount } for  pid=12731 comm="syz.2.3076" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  226.434390][T12447] batman_adv: batadv0: Interface activated: batadv_slave_0
[  226.474312][T12447] batman_adv: batadv0: Interface activated: batadv_slave_1
[  226.492338][   T29] audit: type=1326 audit(226.468:9618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12745 comm="syz.2.3080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54dfb8e929 code=0x7ffc0000
[  226.515464][   T29] audit: type=1326 audit(226.468:9619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12745 comm="syz.2.3080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f54dfb8e929 code=0x7ffc0000
[  226.520703][T12447] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  226.538434][   T29] audit: type=1400 audit(226.468:9620): avc:  denied  { read } for  pid=12745 comm="syz.2.3080" name="qrtr-tun" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  226.547215][T12447] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  226.569365][   T29] audit: type=1400 audit(226.468:9621): avc:  denied  { open } for  pid=12745 comm="syz.2.3080" path="/dev/qrtr-tun" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  226.569461][   T29] audit: type=1326 audit(226.468:9622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12745 comm="syz.2.3080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54dfb8e929 code=0x7ffc0000
[  226.578168][T12447] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  226.600832][   T29] audit: type=1326 audit(226.468:9623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12745 comm="syz.2.3080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f54dfb8e929 code=0x7ffc0000
[  226.623894][T12447] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  226.632475][   T29] audit: type=1400 audit(226.468:9624): avc:  denied  { create } for  pid=12745 comm="syz.2.3080" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  226.632574][   T29] audit: type=1326 audit(226.468:9625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12745 comm="syz.2.3080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54dfb8e929 code=0x7ffc0000
[  226.778743][   T23] hid-generic 0003:0004:0000.0062: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  226.792021][T12760] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3082'.
[  226.939385][ T3413] hid-generic 0003:0004:0000.0063: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  227.136015][T12785] dummy0 speed is unknown, defaulting to 1000
[  227.183775][T12780] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3092'.
[  227.333651][T12779] dummy0 speed is unknown, defaulting to 1000
[  227.626940][  T273] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.675743][T12779] chnl_net:caif_netlink_parms(): no params data found
[  227.691543][T12811] siw: device registration error -23
[  227.714513][ T4645] hid-generic 0003:0004:0000.0064: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  227.749483][  T273] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.803030][T12814] fido_id[12814]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  227.877585][  T273] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.925954][T12779] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.933095][T12779] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.943160][T12779] bridge_slave_0: entered allmulticast mode
[  227.950304][T12779] bridge_slave_0: entered promiscuous mode
[  227.960567][T12779] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.967824][T12779] bridge0: port 2(bridge_slave_1) entered disabled state
[  227.976931][T12779] bridge_slave_1: entered allmulticast mode
[  227.986734][T12829] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3103'.
[  227.998642][T12779] bridge_slave_1: entered promiscuous mode
[  228.008394][  T273] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.060862][T12779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  228.076519][T12779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  228.109048][T12779] team0: Port device team_slave_0 added
[  228.142385][T12779] team0: Port device team_slave_1 added
[  228.158125][T12843] siw: device registration error -23
[  228.219455][  T273] bridge_slave_1: left allmulticast mode
[  228.225586][  T273] bridge_slave_1: left promiscuous mode
[  228.231520][  T273] bridge0: port 2(bridge_slave_1) entered disabled state
[  228.341665][  T273] bridge_slave_0: left allmulticast mode
[  228.347347][  T273] bridge_slave_0: left promiscuous mode
[  228.353261][  T273] bridge0: port 1(bridge_slave_0) entered disabled state
[  228.360989][ T1035] hid-generic 0003:0004:0000.0065: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  228.399774][T12853] fido_id[12853]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  228.469965][T12857] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3114'.
[  228.558313][  T273] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  228.568994][  T273] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  228.580652][  T273] bond0 (unregistering): Released all slaves
[  228.590776][  T273] bond1 (unregistering): Released all slaves
[  228.639971][T12779] batman_adv: batadv0: Adding interface: batadv_slave_0
[  228.647340][T12779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  228.673627][T12779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  228.693736][T12779] batman_adv: batadv0: Adding interface: batadv_slave_1
[  228.700741][T12779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  228.726822][T12779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  228.768125][T12861] syzkaller1: entered promiscuous mode
[  228.773886][T12861] syzkaller1: entered allmulticast mode
[  228.802314][T12873] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3117'.
[  228.832412][  T273] hsr_slave_0: left promiscuous mode
[  228.848249][  T273] hsr_slave_1: left promiscuous mode
[  228.864285][  T273] veth1_macvtap: left promiscuous mode
[  228.869953][  T273] veth0_macvtap: left promiscuous mode
[  228.875937][  T273] veth1_vlan: left promiscuous mode
[  228.881425][  T273] veth0_vlan: left promiscuous mode
[  228.994396][T12877] ==================================================================
[  229.002538][T12877] BUG: KCSAN: data-race in copy_mm / percpu_counter_destroy_many
[  229.010306][T12877] 
[  229.012639][T12877] write to 0xffff88810b2ab208 of 8 bytes by task 11860 on cpu 0:
[  229.020416][T12877]  percpu_counter_destroy_many+0xc7/0x2b0
[  229.026190][T12877]  __mmdrop+0x22e/0x350
[  229.030382][T12877]  finish_task_switch+0x187/0x2b0
[  229.035429][T12877]  __schedule+0x6a8/0xb30
[  229.039778][T12877]  schedule+0x5f/0xd0
[  229.043792][T12877]  do_nanosleep+0x96/0x330
[  229.048238][T12877]  hrtimer_nanosleep+0xdd/0x280
[  229.053116][T12877]  common_nsleep+0x62/0x80
[  229.057560][T12877]  __se_sys_clock_nanosleep+0x21a/0x250
[  229.063175][T12877]  __x64_sys_clock_nanosleep+0x55/0x70
[  229.068758][T12877]  x64_sys_call+0x1df0/0x2fb0
[  229.073458][T12877]  do_syscall_64+0xd2/0x200
[  229.077980][T12877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.083892][T12877] 
[  229.086251][T12877] read to 0xffff88810b2aae00 of 1408 bytes by task 12877 on cpu 1:
[  229.094174][T12877]  copy_mm+0xe2/0x370
[  229.098189][T12877]  copy_process+0xcf1/0x1fe0
[  229.102801][T12877]  kernel_clone+0x16c/0x5b0
[  229.107412][T12877]  __x64_sys_clone+0xe6/0x120
[  229.112119][T12877]  x64_sys_call+0x2c59/0x2fb0
[  229.116829][T12877]  do_syscall_64+0xd2/0x200
[  229.121535][T12877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.127455][T12877] 
[  229.129797][T12877] Reported by Kernel Concurrency Sanitizer on:
[  229.136080][T12877] CPU: 1 UID: 0 PID: 12877 Comm: dhcpcd-run-hook Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[  229.149239][T12877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  229.159324][T12877] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  229.186694][  T273] team0 (unregistering): Port device team_slave_1 removed
[  229.232318][  T273] team0 (unregistering): Port device team_slave_0 removed
[  229.419442][T12875] dummy0 speed is unknown, defaulting to 1000
[  230.171270][  T273] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.224196][  T273] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.297671][  T273] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.344437][  T273] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.426012][  T273] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.474179][  T273] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.525666][  T273] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.574125][  T273] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.649543][  T273] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.705439][  T273] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.765968][  T273] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.835118][  T273] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.912028][  T273] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.958221][  T273] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.003918][  T273] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.053956][  T273] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.114560][  T273] bridge_slave_1: left allmulticast mode
[  231.120226][  T273] bridge_slave_1: left promiscuous mode
[  231.125971][  T273] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.134028][  T273] bridge_slave_0: left allmulticast mode
[  231.139705][  T273] bridge_slave_0: left promiscuous mode
[  231.146421][  T273] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.155462][  T273] bridge_slave_1: left allmulticast mode
[  231.161367][  T273] bridge_slave_1: left promiscuous mode
[  231.167076][  T273] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.175084][  T273] bridge_slave_0: left allmulticast mode
[  231.180740][  T273] bridge_slave_0: left promiscuous mode
[  231.186565][  T273] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.195100][  T273] bridge_slave_1: left allmulticast mode
[  231.201500][  T273] bridge_slave_1: left promiscuous mode
[  231.207388][  T273] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.215388][  T273] bridge_slave_0: left allmulticast mode
[  231.221039][  T273] bridge_slave_0: left promiscuous mode
[  231.226771][  T273] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.235102][  T273] bridge_slave_1: left allmulticast mode
[  231.240785][  T273] bridge_slave_1: left promiscuous mode
[  231.246549][  T273] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.254185][  T273] bridge_slave_0: left allmulticast mode
[  231.259849][  T273] bridge_slave_0: left promiscuous mode
[  231.265689][  T273] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.402981][  T273] bond0 (unregistering): Released all slaves
[  231.411855][  T273] bond1 (unregistering): Released all slaves
[  231.420218][  T273] bond2 (unregistering): Released all slaves
[  231.429229][  T273] bond3 (unregistering): (slave veth5): Releasing active interface
[  231.438711][  T273] bond3 (unregistering): Released all slaves
[  231.523192][  T273] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  231.533339][  T273] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  231.542976][  T273] bond0 (unregistering): Released all slaves
[  231.603922][  T273] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  231.614036][  T273] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  231.623677][  T273] bond0 (unregistering): Released all slaves
[  231.693700][  T273] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  231.703456][  T273] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  231.712764][  T273] bond0 (unregistering): Released all slaves
[  231.793299][  T273] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  231.802944][  T273] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  231.812522][  T273] bond0 (unregistering): Released all slaves
[  231.898012][  T273] hsr_slave_0: left promiscuous mode
[  231.904186][  T273] hsr_slave_1: left promiscuous mode
[  231.914041][  T273] hsr_slave_0: left promiscuous mode
[  231.919700][  T273] hsr_slave_1: left promiscuous mode
[  231.926223][  T273] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  231.933782][  T273] batman_adv: batadv0: Removing interface: batadv_slave_0
[  231.942529][  T273] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  231.949932][  T273] batman_adv: batadv0: Removing interface: batadv_slave_1
[  231.959247][  T273] hsr_slave_0: left promiscuous mode
[  231.965159][  T273] hsr_slave_1: left promiscuous mode
[  231.970814][  T273] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  231.978248][  T273] batman_adv: batadv0: Removing interface: batadv_slave_0
[  231.985854][  T273] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  231.993349][  T273] batman_adv: batadv0: Removing interface: batadv_slave_1
[  232.002577][  T273] hsr_slave_0: left promiscuous mode
[  232.008253][  T273] hsr_slave_1: left promiscuous mode
[  232.013946][  T273] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  232.021395][  T273] batman_adv: batadv0: Removing interface: batadv_slave_0
[  232.028913][  T273] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  232.036439][  T273] batman_adv: batadv0: Removing interface: batadv_slave_1
[  232.044076][  T273] batman_adv: batadv0: Removing interface: batadv_slave_0
[  232.052073][  T273] batman_adv: batadv0: Removing interface: batadv_slave_1
[  232.070666][  T273] veth1_macvtap: left promiscuous mode
[  232.076290][  T273] veth0_macvtap: left promiscuous mode
[  232.081869][  T273] veth1_vlan: left promiscuous mode
[  232.087155][  T273] veth0_vlan: left promiscuous mode
[  232.092839][  T273] veth1_macvtap: left promiscuous mode
[  232.098458][  T273] veth0_macvtap: left promiscuous mode
[  232.104118][  T273] veth1_vlan: left promiscuous mode
[  232.109363][  T273] veth0_vlan: left promiscuous mode
[  232.115404][  T273] veth1_macvtap: left promiscuous mode
[  232.120918][  T273] veth0_macvtap: left promiscuous mode
[  232.126610][  T273] veth1_vlan: left promiscuous mode
[  232.132158][  T273] veth0_vlan: left promiscuous mode
[  232.138051][  T273] veth1_macvtap: left promiscuous mode
[  232.144021][  T273] veth0_macvtap: left promiscuous mode
[  232.149617][  T273] veth1_vlan: left promiscuous mode
[  232.155777][  T273] veth0_vlan: left promiscuous mode
[  232.353169][  T273] team0 (unregistering): Port device dummy0 removed
[  232.387451][  T273] team0 (unregistering): Port device team_slave_1 removed
[  232.397753][  T273] team0 (unregistering): Port device team_slave_0 removed
[  232.454415][  T273] team0 (unregistering): Port device team_slave_1 removed
[  232.464161][  T273] team0 (unregistering): Port device team_slave_0 removed
[  232.520303][  T273] team0 (unregistering): Port device team_slave_1 removed
[  232.531044][  T273] team0 (unregistering): Port device team_slave_0 removed
[  232.568717][  T273] team0 (unregistering): Port device team_slave_1 removed
[  232.579476][  T273] team0 (unregistering): Port device team_slave_0 removed
[  232.612649][ T3413] dummy0 speed is unknown, defaulting to 1000
[  232.618776][ T3413] infiniband syz2: ib_query_port failed (-19)
[  233.836419][  T273] IPVS: stop unused estimator thread 0...
[  233.842922][  T273] IPVS: stop unused estimator thread 0...