last executing test programs:

48.149846433s ago: executing program 4 (id=270):
r0 = open$dir(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x208102, 0x1)
execveat(r0, &(0x7f0000000800)='./file0\x00', &(0x7f00000008c0)={[&(0x7f0000000840)='\xb4%#}(\x00', &(0x7f0000000880)='\x9c\x00']}, &(0x7f0000000a40)={[&(0x7f0000000900)=',$\'\x00', &(0x7f0000000940)='$/\x00', &(0x7f0000000980)='[\x99\x00', &(0x7f00000009c0)='\x00', &(0x7f0000000a00)='\x00']}, 0x1c00)
r1 = openat(r0, &(0x7f0000000a80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xeb0dfdf8c840b393, 0x8)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000012c0)={'wlan1\x00', <r2=>0x0})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000001300)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f00000013c0)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001380)={&(0x7f0000001340)={0x34, 0x0, 0x100, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_STA_VLAN={0x8, 0x14, r3}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x24048040)
getsockopt$ARPT_SO_GET_INFO(r1, 0x0, 0x60, &(0x7f0000001400)={'filter\x00', 0x0, [0x6, 0x7, 0x7]}, &(0x7f0000001480)=0x44)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001500), r1)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f00000016c0)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001680)={&(0x7f0000001540)={0x118, r4, 0x302, 0x70bd29, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x1c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private=0xa010102}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x3c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @broadcast}}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7acd}, @MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x10}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x20, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010100}]}, @MPTCP_PM_ATTR_ADDR={0x40, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, @MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x404c014}, 0x800)
bpf$LINK_DETACH(0x22, &(0x7f0000001700), 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001780), r1)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r5, &(0x7f0000001840)={&(0x7f0000001740)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001800)={&(0x7f00000017c0)={0x2c, r6, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x6}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x1f}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x8004)
fremovexattr(r1, &(0x7f0000001880)=@known='trusted.overlay.upper\x00')
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f00000018c0)=0x97, 0x4)
setsockopt$packet_int(r5, 0x107, 0x3, &(0x7f0000001900)=0x10001, 0x4)
recvfrom(r1, &(0x7f0000001940)=""/169, 0xa9, 0x100e0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2, 0xffffffffffffffff, 0x3, &(0x7f0000001a00))
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000001a40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x90)
mknodat$loop(r7, &(0x7f0000002240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4, 0x0)
faccessat2(r0, &(0x7f0000002a40)='./file0\x00', 0x2, 0x1200)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002bc0)={&(0x7f0000002a80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xb4, 0xb4, 0xa, [@int={0x3, 0x0, 0x0, 0x1, 0x0, 0x7b, 0x0, 0x48, 0x944a46e7c49097de}, @struct={0xe, 0x1, 0x0, 0x4, 0x0, 0x2, [{0x4, 0x3, 0xfffffff9}]}, @var={0xc, 0x0, 0x0, 0xe, 0x3, 0x1}, @struct={0xf, 0x3, 0x0, 0x4, 0x1, 0x7, [{0x8, 0x2, 0x3}, {0x2, 0x0, 0xc}, {0xf, 0x4, 0xfffffff9}]}, @enum={0x6, 0x1, 0x0, 0x6, 0x4, [{0x5, 0x5}]}, @typedef={0xe, 0x0, 0x0, 0x8, 0x4}, @restrict={0x9, 0x0, 0x0, 0xb, 0x4}, @var={0x2, 0x0, 0x0, 0xe, 0x2}, @var={0x10, 0x0, 0x0, 0xe, 0x1}]}, {0x0, [0x2e, 0x51, 0x61, 0x0, 0x2e, 0x61, 0x0, 0x2e]}}, &(0x7f0000002b80)=""/43, 0xd6, 0x2b, 0x0, 0x1, 0x10000, @value=r1}, 0x28)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
r9 = socket$igmp6(0xa, 0x3, 0x2)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000002e80)={0x9a9, <r10=>0x0}, 0x8)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000002f40)={{r1, <r11=>0xffffffffffffffff}, &(0x7f0000002ec0), &(0x7f0000002f00)='%-5lx  \x00'}, 0x20)
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000002f80)={0x2, 0x4, 0x8, 0x1, 0x80, r1, 0x7, '\x00', 0x0, r8, 0x5, 0x0, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000003080)={0x5, 0x1c, &(0x7f0000002c00)=@raw=[@alu={0x4, 0x0, 0xd, 0x0, 0x2, 0x1, 0x4}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x8}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x80000000}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x9fb}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}], &(0x7f0000002d00)='syzkaller\x00', 0xce, 0xb8, &(0x7f0000002d40)=""/184, 0x41000, 0x1, '\x00', 0x0, @fallback=0x12, r1, 0x8, &(0x7f0000002e00)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000002e40)={0x4, 0x9, 0xfffffffb, 0x4}, 0x10, r10, r1, 0x4, &(0x7f0000003000)=[r11, r1, r12], &(0x7f0000003040)=[{0x5, 0x10, 0x6, 0x3}, {0x2, 0x1, 0x3, 0x2}, {0x4, 0x4, 0xd, 0xb}, {0x4, 0x2, 0x7, 0x4}], 0x10, 0x80000001}, 0x94)
setsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000003ac0), 0xc)

48.081503019s ago: executing program 4 (id=271):
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x6, 0x0)
ioctl$HDIO_GETGEO(r0, 0x301, &(0x7f0000000040))
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x6, 0x4, &(0x7f00000007c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xd93, 0x0, 0x0, 0x0, 0x1}, [@ldst={0x3, 0x3, 0x6, 0x0, 0xa, 0x30}]}, &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe3}, 0x94)
r2 = dup(r1)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000040}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000129bd7000fedbdf25060000000c00018008000300e00000fa070002000300000008000200080000000800020008000000"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x40800)

48.081351139s ago: executing program 4 (id=272):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={0x30, r1, 0x1, 0x70bd28, 0x0, {}, [@WGDEVICE_A_PEERS={0x8, 0x8, 0x0, 0x1, [{0x4}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) (fail_nth: 1)

47.815594845s ago: executing program 4 (id=274):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0x6}, 0x18)
r2 = socket$inet6(0xa, 0x1, 0x0)
socket$inet(0x2, 0x2, 0x1)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x2000044, &(0x7f0000000040)={[{@max_batch_time={'max_batch_time', 0x3d, 0x8}}, {@jqfmt_vfsold}, {@quota}]}, 0x2, 0x503, &(0x7f0000000500)="$eJzs3U1sI1cdAPD/TD7spmmTQg+AKrqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmwLkn7kgc4MalHJD4WIE2SByMPLY3zoc31m5s78a/nzSa92HP/70dzXvRs3ZeABPrRkQcRcRsRHwUEQud8qRzxHvto/W5hw/urR0/uLeWRLP54T+TrL5VFj3faXmxc818RPzw/YgfJ2eC/jGifnC4vVqplPc6RcVGdbdYPzi8vVVd3SxvlndKpZXllaV37rxdurK+vl79bbcln//h6Ns/bWXmOwW9/bhK7YAzj+K0TEfE94cRbAymOv2ZfZIvP9GXuEppRHwhIt7Inv+FmMru5mmnb9N3Rtg6AGAYms2FaC705gGA6y7N1sCStNBZC5iPNC0U2mt4r8ZcWqnVG7c2avs76+21ssWYSTe2KuWlzlrhYswkG1vT5eUs3c1XyqUz+TsR8UpE/Dz3QpYvrNUq6+P8wwcAJtiLZ+b//+Ta8z8AcM3lT5K5cbYDABid/LgbAACMnPkfACaP+R8AJo/5HwAmj/kfACaP+R8AJsoPPvigdTSPO++/Xv/4YH+79vHt9XJ9u1DdXyus1fZ2C5u12mb2zp7qZder1Gq7y2/F/ifFRrneKNYPDu9Wa/s7jbvZe73vlmdG0isA4HFeef2zPycRcfTuC9kRPe/7v3Sufm3YrQOGKR13A4CxmRp3A4CxOb/bFzAprMcDPVv03u8pzp9LnPXpQJdP7RsKz56bX36K9X/guWb9HybXk63/+1sergPr/zC5ms3Env8AMGGs8QPJJfW9v/8vNXsyg/3+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANfSfHYkaaGzF/h8pGmhEPFSRCzGTLKxVSkvRcTLEfGn3EyulV+OCPsGAcDzLP1b0tn/6+bCm/Nna2dz/81l54j4yS8//MUnq43G3nLEbPKvR+WNTzvlpXG0HwC4THee7s7jXQ8f3FvrHr2fv2xf0Kf19++2NxdtxT3uHO2a6ZjOzvlsrWHu30knf9KuqSuIf3Q/Ir50Uf+TbG1ksbPz6dn4rdgvjTR+eip+mtW1z61/iy9eQVtg0nzWGn/eu+j5S+NGdr74+c9nI9TT645/x+fGv/TR+DfVZ/y7MWiMt37/vXOFzYV23f2Ir0xHHHcv3jP+dOMnfeK/OWD8v7z21Tf61TV/FXEzLup/cipWsVHdLdYPDm9vVVc3y5vlnVJpZXll6Z07b5eK2Rp1sbtSfd4/3r31cr/4rf7P9Ymfv6T/3xiw/7/+30c/+tpj4n/r6xff/1cfE781J35zwPirc7/L96trxV/v0//L7v+tAeN//tfD9QE/CgCMQP3gcHu1UinvDTuRDj9ElkgijkbQnXYi95ufvT+qWENMxBVcJz/2Xpx0J56JZjzniXGPTMCwnTz0424JAAAAAAAAAAAAAADQzyj+O9G4+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD19f8AAAD//3uF0Lw=")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000b00), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f0000009440)=<r5=>0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r6)
sendmsg$NFC_CMD_SE_IO(r6, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c85713e8d446643d627e2374f39ead5cb3da8fa1fadccf718291131000000", @ANYRES16=r7, @ANYBLOB="010028bd7000fcdbdf251b000000050019002000000008001500c000000008000100", @ANYRES32=r5, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
recvfrom(r2, 0x0, 0x0, 0x40002143, &(0x7f00000001c0)=@nfc={0x27, r5, 0x1, 0x1}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r8)
ptrace$setregs(0xd, r8, 0xfffffffffffffffc, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
ptrace$getregset(0x4205, r8, 0x2, &(0x7f0000000080)={0x0})
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x7, 0x1, 0x0, 0x0, 0x0, 0x1000000009, 0x640b9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0xa00, 0x81, 0x3a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
pwrite64(r3, &(0x7f0000000140)='2', 0x1, 0x8080c61)
bpf$MAP_CREATE(0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB="1e00000000080000060000000700000002010000", @ANYRES32=r3, @ANYBLOB="0300"/20, @ANYRES32=0x0, @ANYRES32=r3, @ANYBLOB="0000000000000000020000000600"/28], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000bc0)=ANY=[@ANYRESHEX=0x0, @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000160000009566e2d672c3b0e320fa6b75c2894cf2ccdb14807c6237868d404bc238cbbcc28186a8659b3bb268202a39d5fc530cc2826cacdff2a312c399e351a82802d2e5c16c168fedbfdc1adca6c5ff58b72d61f3074fa460a4a59afa244faf66a70874f077145bd1748e11569739ea6377f441cea7591cc1260ddcc1d91634c7d2badac4cf96d6a526b8abf82981b60ecc6ef046aa1798b7672d1539759562ebd71a2012ee570dcbe22e14d0899643c63d175806aaacc73b5d75d050429ab2bc1782e44461cd8644c35b278380713d43cecc19"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a2100)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f00000001c0)={'wpan0\x00'})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r9, 0x0, 0x40000)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000380)={'wpan4\x00'})

46.907826874s ago: executing program 4 (id=287):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(r0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x1e8629867d7bdaee, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000000000e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000067ff000000"], 0x310)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES16=r6, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

46.381573786s ago: executing program 4 (id=290):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a400020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'vlan0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="680000001000030500000000fcdbdf25000000ff", @ANYRES32=0x0, @ANYBLOB="00000000008000004800128008000100687372003c000280060005000180000008000100", @ANYRES32=r2], 0x68}}, 0x0) (fail_nth: 1)

46.381412565s ago: executing program 32 (id=290):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a400020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'vlan0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="680000001000030500000000fcdbdf25000000ff", @ANYRES32=0x0, @ANYBLOB="00000000008000004800128008000100687372003c000280060005000180000008000100", @ANYRES32=r2], 0x68}}, 0x0) (fail_nth: 1)

2.646314241s ago: executing program 3 (id=777):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x40)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001000)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006080)=@delchain={0x24, 0x66, 0x1, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff2}, {}, {0xc, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004800)

2.55335154s ago: executing program 3 (id=778):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
dup(0xffffffffffffffff)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r6 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r7=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c000000100003041b00"/20, @ANYRES32=0x0, @ANYBLOB="46060900000000001c00128009000100766c616e000000000c000280060001000400000008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0) (fail_nth: 2)

2.34817352s ago: executing program 3 (id=779):
creat(0x0, 0xecf86c37d53048dc)
pipe2$9p(0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x800008, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7ffffe39}]})
lremovexattr(0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
syz_usb_disconnect(0xffffffffffffffff)
ioprio_set$pid(0x2, 0x0, 0x4007)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r2, 0x0, r3, 0x0, 0x400000008000f28, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="00010000031401"], 0x100}, 0x1, 0x0, 0x0, 0x4040024}, 0x0)

2.312146614s ago: executing program 1 (id=783):
timer_create(0x3, 0x0, &(0x7f00000001c0)=<r0=>0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, &(0x7f0000000040))
timer_settime(r0, 0x1, &(0x7f0000000340)={{}, {0x0, 0x9}}, 0x0)
timer_gettime(r0, &(0x7f0000000380))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_gettime(r0, 0x0)
socket$packet(0x11, 0x2, 0x300)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffa}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00220000ffffffffffffff000000000000"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200000000000085000000860000009500000000000000aa696e82f21d8736dac72808fff1b4608e73e4f0"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073794f310000000008000440080000000900010073797a3000000000080003400000000114000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f5"], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0)
perf_event_open(&(0x7f00000007c0)={0x2, 0x80, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x1003, 0x5, 0x0, 0x0, 0x1}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0d0000000800000003000000b4e000006ba6bde8fe089b65c02326123d925f7be0ab2af8721538b021f6c9f810f3a20395db759c89f6e3f26a29b11f98534ada89feaed32400ddd4cbf052b990adb37fb4d8b695d26cd26a2489c124b10c343e0c17ae9fd345b81e3abe7e514e19269dede0652d7c880c904abcd449009120a0a70df68a38774c5df49a1e38000000000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000980)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="00032bbd7000fcdbdf254400000008000300", @ANYRES32=r7, @ANYBLOB="0400bf0008000d0003800000040008010c00238005001f00000000000400cc0008000c00070000000a0018000303030303030000fc005a809400038005000400010000001c0002002327432c25291741152b321a492a71523b2f272757323141130001001202161b241860021818300b360918000500060040000000140003000800d21801040f000080010007000104140005000800060003000600020005000500020014000300c602dc4d040032003300fcff0300ff001400050000800d0008000300000008000400ff7f3c000280140003000300000401000300f3ff07000d000300050004000100000005000700020000001400030007000080001005000100000202000300040003802400018015000100300c02033030091616240601041b600b3400000005000700010000000400bf00"], 0x150}, 0x1, 0x0, 0x0, 0x4}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r4}, 0x18)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x1f, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)

2.273903218s ago: executing program 1 (id=784):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000300)={0x0, &(0x7f0000000040)})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xf, 0xc, &(0x7f0000000540)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newtaction={0x48, 0x30, 0x727, 0x7ffffd, 0x0, {}, [{0x34, 0x1, [@m_gact={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0)
uname(0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x7)
r2 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0900000004000000ff0f00000500000000000000", @ANYBLOB="0000000000000000000000030000fbffffff00", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r4 = fsopen(&(0x7f0000000040)='vfat\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000000c0)=',+\x00', &(0x7f0000000100)='sys_enter\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x5}, 0xffffffffffffff9c)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
listxattr(0x0, 0x0, 0x0)
write$binfmt_register(r2, &(0x7f0000000000)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x7, 0x3a, ')', 0x3a, '', 0x3a, './file0', 0x3a, [0x46]}, 0x29)

2.266361619s ago: executing program 1 (id=785):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001080)=ANY=[], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000c00)='sys_enter\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b2ff8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x5f}, 0x18)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000c40)=[{}, {0x2}, {0x280000, 0x4, 0x10009, 0x6}], 0x10, 0xfffffff6}, 0x94)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xd18c9b35, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030036000b05d25a806c8c6f94f90224fc60100005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x1, 0x800001, 0x0, 0x0, 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
mlock2(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x1)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00')
pread64(r4, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r5, 0x0, 0xfffffffffffffffc}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000019200)=ANY=[@ANYBLOB="1e000000000000000500"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00')
r7 = socket(0x10, 0x3, 0x0)
r8 = msgget$private(0x0, 0x2)
msgsnd(r8, &(0x7f0000000340)=ANY=[@ANYRES16=r8], 0x2000, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000006800000000020002000000000004000000010000000a000000020000008f00000400"/60], 0x3c}, 0x1, 0x0, 0x0, 0x20004880}, 0x0)
keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000a00)=[{0x0}, {0x0}, {0x0, 0xfffffffffffffee1}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0xffffffffffffffff}], 0x9, 0x0)

1.83546981s ago: executing program 0 (id=793):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102000028"], 0x50)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
keyctl$link(0x8, 0x0, 0x0) (fail_nth: 2)

1.473560556s ago: executing program 3 (id=795):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000300)={0x0, &(0x7f0000000040)})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xf, 0xc, &(0x7f0000000540)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newtaction={0x48, 0x30, 0x727, 0x7ffffd, 0x0, {}, [{0x34, 0x1, [@m_gact={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0)
uname(0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x7)
r2 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0900000004000000ff0f00000500000000000000", @ANYBLOB="0000000000000000000000030000fbffffff00", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r4 = fsopen(&(0x7f0000000040)='vfat\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000000c0)=',+\x00', &(0x7f0000000100)='sys_enter\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x5}, 0xffffffffffffff9c)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
listxattr(0x0, 0x0, 0x0)
write$binfmt_register(r2, &(0x7f0000000000)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x7, 0x3a, ')', 0x3a, '', 0x3a, './file0', 0x3a, [0x46]}, 0x29)

1.33004582s ago: executing program 0 (id=796):
r0 = syz_io_uring_setup(0x593, &(0x7f0000000400)={0x0, 0xc459, 0x8, 0x2, 0x398}, &(0x7f0000000300)=<r1=>0x0, &(0x7f0000000a40)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xff8, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000b00)=@IORING_OP_UNLINKAT={0x24, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200, 0x1})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x19, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095", @ANYRESDEC=r2], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
r4 = socket(0x200000100000011, 0x3, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000740)={0x2, 0x4e25, @multicast2}, 0x10)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000240)={'batadv0\x00', <r7=>0x0})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000c80)=@bpf_lsm={0x1d, 0x11, &(0x7f0000000940)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x100}, {}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x344b}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000500)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000, 0x65, '\x00', r7, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f00000006c0)={0xa, 0x5}, 0x8, 0x10, &(0x7f0000000700)={0x1, 0xd, 0xfffffff8, 0x80000000}, 0x10, 0x0, 0x0, 0xa, &(0x7f0000000b80)=[r0, 0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000bc0)=[{0x4, 0x4, 0x6, 0x3}, {0x0, 0x5, 0xf, 0x2}, {0x5, 0x5, 0x10, 0x8}, {0x1, 0x1, 0xb, 0x2}, {0x1, 0x1, 0x4, 0x6}, {0x0, 0x4, 0x2, 0xb}, {0x1, 0x3, 0x3}, {0x2, 0x3, 0xe, 0x5}, {0x4, 0x1, 0x6, 0xa}, {0x5, 0x2, 0x2, 0xb}], 0x10, 0x9}, 0x94)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r8, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r8, 0xda90)
getsockopt$IP_VS_SO_GET_DESTS(r8, 0x0, 0x484, &(0x7f0000000780)=""/197, &(0x7f00000003c0)=0xc5)
ioctl$int_in(r8, 0x5452, &(0x7f0000000380)=0x2003)
accept4(r8, 0x0, 0x0, 0x0)
bind$packet(r4, &(0x7f0000000040)={0x11, 0x7, r7, 0x1, 0x0, 0x6, @multicast}, 0x14)
r9 = io_uring_setup(0xef4, &(0x7f00000005c0)={0x0, 0x23a8, 0x20, 0x0, 0x1ba, 0x0, r0})
io_uring_register$IORING_REGISTER_RESIZE_RINGS(r0, 0x21, &(0x7f0000000640)={0x0, 0x79ba, 0x1, 0x2, 0x143, 0x0, r9}, 0x1)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000100)=0x800b, 0x4)
sendmsg$netlink(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000000)=ANY=[], 0x34}], 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2}, 0x94)
r10 = socket(0x2, 0x80805, 0x0)
r11 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r11, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r11, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r12=>0x0]}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r10, 0x84, 0x70, &(0x7f0000000800)={r12, @in6={{0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x35}, 0x35}}, [0x3, 0x40, 0xffff, 0x8, 0x5, 0x98a0, 0x60000, 0x2, 0x401, 0x3, 0xc, 0x9, 0xfffffffffffffffe, 0x5, 0xfffffffffffffffb]}, &(0x7f0000000900)=0x100)
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f0000000300)={r12, @in6={{0xa, 0x4e22, 0x3e156188, @private2={0xfc, 0x2, '\x00', 0x1}, 0x6}}}, 0x84)

1.32964943s ago: executing program 3 (id=797):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20008050)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x7800, 0x8000, 0x1, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x3, 0x0, 0x0, 0x0, 0x0, @dev, @private=0x10000}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000940)={'syztnl0\x00', &(0x7f0000000140)={'gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0xfffffffffffffdf0, 0x0, 0x0, 0x0, 0x4, 0x0, @local, @broadcast}}}})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000000)={0x7, 0xd, 0x0, 0xffdffffc, 0x6, "00001000"})
write$binfmt_aout(r1, &(0x7f0000000400)=ANY=[], 0xff2e)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r2, 0x1)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000200)='kmem_cache_free\x00', r4}, 0x18)
setfsuid(0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f000000e0c0), 0x10010)
sendfile(r2, r5, 0x0, 0x100000000010001)
ioctl$TIOCGPTPEER(r1, 0x5441, 0x9)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000080)={0x0, 0xfffffffd, 0x0, 0x6, 0x1, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4}}]}}]}, 0x48}}, 0x1000)
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001000)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)

1.32914621s ago: executing program 0 (id=798):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0xdffffffe, 0x80, 0xffffffff, 0x0, "8100e1c8e80b598c36ff000800"})
syz_open_pts(r0, 0x141601)
ioctl$TCFLSH(r0, 0x540b, 0x2)

1.256272327s ago: executing program 0 (id=799):
lstat(0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x40000, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a85}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x4fa, &(0x7f0000000680)={0x0, 0x86e0, 0x1000, 0x8, 0x397}, &(0x7f00000002c0), &(0x7f0000000000))
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001240)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d19f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d6356e4450d043ed20d313cd56a56d2e4cdf26f19af9a41695a58a9b6b45af1ca939b18d7b57791b99cfc6ec2a0848c29fea4eb8b82395a38e8aca5ab4bfc2ad8acf2e51b766f8ecd16194ad41ec097082f7fa32179ef99dafa6c2aa206a25ddc33e6f0a09169eeff428c71f54e1dfcfcd7cfc8f6e169f11c47d504"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/12], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x18)
eventfd(0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000580)={{{@in=@dev, @in=@broadcast}}, {{@in=@loopback}, 0x0, @in6=@mcast1}}, &(0x7f0000000480)=0xe8)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedreceive(r4, &(0x7f000001d600)=""/102378, 0x2000, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="05a60100f0ffffff8520000005000000186800000300000000000000010000001527ffff01000000185100000b00000000000000000000001842000007000000000000000000000018110000", @ANYRES32, @ANYBLOB="0020000000000000b742001c000000000085000000860000"], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6eb}, 0x94)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0x6)
readv(r1, &(0x7f0000000a00)=[{&(0x7f0000000340)=""/141, 0x8d}], 0x1)

803.169912ms ago: executing program 5 (id=808):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FS_IOC_GETFLAGS(r1, 0x5437, 0x0)
fcntl$setstatus(r1, 0x4, 0x2000) (async)
fcntl$setstatus(r1, 0x4, 0x2000)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000600a8000600200005400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452492954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="070000000400000008"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x21, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r3}, 0x18)
r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
ioctl$BLKIOMIN(r0, 0x1278, &(0x7f0000000180)) (async)
ioctl$BLKIOMIN(r0, 0x1278, &(0x7f0000000180))
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) (async)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)

721.374949ms ago: executing program 1 (id=810):
syz_open_dev$tty1(0xc, 0x4, 0x1) (async)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) (async)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x17, 0x18, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='workqueue_execute_start\x00', r1, 0x0, 0x7}, 0x18) (async)
fstat(0xffffffffffffffff, &(0x7f0000000280)) (async)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r2, 0xfffffffc)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000500)={'syz_tun\x00', &(0x7f0000000180)=@ethtool_link_settings={0x4d, 0x400, 0xf, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1]}}) (async)
preadv(0xffffffffffffffff, &(0x7f0000004ec0)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0) (async)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000580)={0x2e4, r4, 0x200, 0x70bd27, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x120, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffe}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}]}, @TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xc}]}]}, @TIPC_NLA_MEDIA={0x7c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}]}, @TIPC_NLA_NODE={0xf4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x4b, 0x4, {'gcm(aes)\x00', 0x23, "564d0a83b3280afb713b90e5d83f9de849ef6374dfe7d35ba418f6402080c710371da0"}}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "350e5ed76779f09b8a00735dbd76e397c005a96a7e57e97d9782fb5c3ad384ccafb0a857"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_KEY={0x45, 0x4, {'gcm(aes)\x00', 0x1d, "a0cea82502d8a61a8c1ffebc7462b98d4bc415094c2f6e063e694cfd22"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xe}]}, @TIPC_NLA_SOCK={0x20, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_LINK={0x20, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}]}]}, 0x2e4}, 0x1, 0x0, 0x0, 0x200c8804}, 0x8000) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x0, 0xd9e, 0x0, 0x0, 0x41000, 0x50, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10, 0xfffffff7}, 0x94) (async)
r5 = socket$inet6(0xa, 0x3, 0x8)
setsockopt$inet6_int(r5, 0x29, 0x4b, &(0x7f0000000540)=0x2, 0x4) (async)
recvmmsg(r5, &(0x7f0000001e00)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x0, 0x0)
r6 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_msfilter(r6, 0x0, 0x29, 0x0, 0x57)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="dbaa00fea0000000711008000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x67, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd}, 0x94) (async)
r7 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_opts(r7, 0x0, 0xd, &(0x7f0000000240)="ea00aa66", 0x4)

478.595413ms ago: executing program 1 (id=812):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x8, &(0x7f0000000000)='S', 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000400000005"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000017b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kfree\x00', r3}, 0x10)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r4, &(0x7f0000000280)='2', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='bbr', 0x3)
shutdown(r4, 0x1)
pipe2(&(0x7f0000001cc0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@uname={'uname', 0x3d, '\xd0\xae\xde\xc1\xaa \xff\xd8\x1d\x1b\xf8\x93)!|\xb0X\xa3\x96\xed\xa2\xab@\xa2m\x93\xdd\b<\x00t\xdc\xabl\xab!\xae\x16\xc4\xcd\xf9{\xdc5_;A\xd2{eC\x014\\\xb3\xc4\xce\xc3yS2-\x01\xbe\xaarW\x96O\xd3\x0f\xe2\xd7/\x17\x1d\xa7.8\x9f8-\xea<\x8d\x91\x90j\xea\xd5\xd5\xae\xcc\xc0\x97\xef\x10\x92\xea\x98|+\x00\x00\x00\x00\x00\x00\x00\x00'}}]}})
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50)
getsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000000100)=""/19, &(0x7f0000000080)=0x13)

478.253224ms ago: executing program 5 (id=813):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b810000850000006d000000a50000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r3, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000a0c10000000000000000000", 0x58}], 0x1)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r4, 0x0)
ftruncate(r4, 0xc17a)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x8, 0x3)
creat(&(0x7f00000002c0)='./file0\x00', 0x109)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000000)=[0x6], 0x0, 0x0, 0x1}}, 0x40)
r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r6, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x40}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44880}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0xe4ff, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd25, 0x25df9bfb, {0x0, 0x0, 0x0, r8, {0xd, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0x54, 0x2, [@TCA_ROUTE4_ACT={0x50, 0x6, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xa, 0x5, 0x4, 0x7, 0x8}, 0x39}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x80, 0x3}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8010}, 0x0)

478.141543ms ago: executing program 2 (id=814):
r0 = socket$inet6(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r3}, 0x10)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

477.816433ms ago: executing program 1 (id=815):
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x1e8629867d7bdaee, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8050}, 0x20000000)
sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

467.903654ms ago: executing program 2 (id=816):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@ipv6_delroute={0x24, 0x19, 0x1, 0x70bd25, 0x25dfcbfb, {0xa, 0x20, 0x20, 0x0, 0xff, 0x0, 0xfe, 0x2, 0x8ba1941754a13caa}, [@RTA_OIF={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20008010)

462.769215ms ago: executing program 3 (id=817):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0, 0xfff}, 0x94)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = eventfd2(0x0, 0x0)
readv(r4, &(0x7f0000000500)=[{&(0x7f0000000000)=""/92, 0x5c}], 0x1)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0e000000040000000800000010"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x18)
lgetxattr(0x0, &(0x7f0000000800)=@known='trusted.overlay.nlink\x00', 0x0, 0x0)
r7 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TUNGETFEATURES(r7, 0x800454cf, &(0x7f0000000180))
ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000240)={0xa1, 0x0, 0x0, 0x55}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0})

441.411547ms ago: executing program 2 (id=818):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2, 0x0, 0x7}, 0x18)
recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000002c0)=""/249, 0xf9}], 0x1}, 0x40000000)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
r4 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0x3, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r6, &(0x7f00000005c0), 0x10)
sendmsg$can_raw(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000380)={&(0x7f000000a000)=@canfd={{0x5}, 0x2, 0x2, 0x0, 0x0, "0327e1b22b5fcef7739c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76b5ee00000000000000094e2f9663a918fa1efd9b0b"}, 0x48}, 0x2}, 0x24000895)
r7 = syz_open_dev$loop(&(0x7f0000000000), 0x7, 0x80)
ioctl$BLKTRACESETUP(r7, 0xc0481273, 0x0)
lstat(0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x18)
setxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file0\x00', &(0x7f00000003c0), &(0x7f0000000400), 0x2, 0x3)
r9 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000017c0), 0x189182, 0x0)
writev(r9, &(0x7f0000000180)=[{&(0x7f0000002500)='\f7', 0x2}, {&(0x7f0000000140)="56653d35e8aeee8b0bd7bf0003587ec4cc6590527e4311ef586582aaf6105150c500151b660f6a", 0x27}], 0x2)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/devices\x00', 0x0, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0)

421.538128ms ago: executing program 0 (id=819):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) (async)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_DONE(r1, 0x0, 0xc9, 0x0, 0x0) (async)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) (async)
r3 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'team_slave_1\x00', <r4=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="29c7d5108f4a01f2f54f41ca63a518000000040000000000000003ac494c1cfb63ab9a370000000000"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xe, 0x1}, {0x0, 0x3}}}, 0x24}}, 0x800)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001080)={r0, <r6=>0xffffffffffffffff}, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x18, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRESOCT=r6, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000000)='kmem_cache_free\x00', r7}, 0x18) (async)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x80042, 0x4)
ioctl$FICLONERANGE(r8, 0x4020940d, &(0x7f00000000c0)={{r8}, 0x0, 0x0, 0x7}) (async)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r10}, 0x10) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140), &(0x7f00000004c0), 0x7fff, r9}, 0x38) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
kexec_load(0x0, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0xff600000, 0x1000000}], 0x0) (async)
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x818010, &(0x7f0000000300)={[{@minixdf}, {@grpjquota}]}, 0x3, 0x72c, &(0x7f00000014c0)="$eJzs3U9rHGUYAPBnJlk3ttFEUPEPSEVRsXTTxErpyXrSS7FQ8NqGZBtiNp2Y3a3d0EN78iqiKHjR7+Bd8ewH8CsoiJZ4qKeV2X9tk910bZMsZH8/mN3nmZnled9ueR/IDDsBjK0T+Usa8WJEXEwiZjr7k4gotKLJiPPt87bv3FzKtySazUt/Ja1z8jzu+0zueETciogXIuKXQsTJdHfdamNrbbFSKW928rna+sZctbF1anV9caW8Ur527syZhTNn3z13bv/m+vZHHz9f6g5y/vcfkzgf0530/nnsp3a5Qv5P+IAPDqLYCCWjHgCPZDIiJjrvz8VMTLQiAOAoaxYjmgDAmEn0fwAYM92/A3Sv7R3UdbBB/nw/Iqb61Z/sXDObal2HPLadPHBlIomI2cMcKEfSrdsRcWX2xO7/f8mua7b/1+n9GCAH6ud8/Tnfb/1Je+tP9Fl/prr3TjymwevfvfoTA9a/i0PW+PDlejaw/u2Il5LJPvWTXv1kQP0rQ9b/6e7yv4OONX+IeGNn/5mIB+4oSPa8P2Tu6mqlfLr92r/GifrNT/aa/7G+/S9p3cOy1/w3hpz/9Jev/nprj/pvvbb399+vft4Tvxiy/ueF974edCyvvzxg/g/7/r8fsv7ZVz7dGvJUAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBLSiJiOJC314jQtldrP8H42jqWVrFo7eTWrX1uO1rOyZ6OQdn9qeaadJ3k+3/k9/m6+0Iq3e/k7EfFMRHxVfLKVl5ayyvKoJw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHcd3PP//n2L7+f8AwBE3NeoBAACHTv8HgPGj/wPA+NH/AWD86P8AMH70fwAYP4/Q/4sHMQ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxsbFCxfyrbl95+ZSni9fb9TXsuunlsvVtdJ6fam0lG1ulFaybKVSLi1l6zs/n+zIK1m2sbAQ9RtztXK1NldtbF1ez+rXapdX1xdXypfLhUObGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMb7q1JWkpItJWnKalUsRTETEbheTqaqV8OiKejojfioVins+PetAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsM+qja21xUqlvCkQCAS9YNQrEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABy+ew/9HvVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCU0j+SiMi3N2den9559InkbrH1HhGffXfpmxuLtdrmfL7/797+2red/QujGD8A8DDdPt3t4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQT7WxtbZYqZQ3q40kIu4229p7eoceLxj1HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2D//BQAA//8ctNAX")

353.439515ms ago: executing program 2 (id=820):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x40)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006080)=@delchain={0x24, 0x66, 0x1, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff2}, {}, {0xc, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004800)

353.159625ms ago: executing program 0 (id=821):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r5, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x19, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8001]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}}]}, 0x94}}, 0x0)
sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000000580)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)={0x44, 0x7, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x5}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x4}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x9}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x1)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
r8 = memfd_secret(0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r10}, 0x10)
r11 = socket$caif_stream(0x25, 0x1, 0x0)
writev(r11, &(0x7f00000002c0)=[{&(0x7f0000000800)="c7", 0x1}], 0x1)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r9, r8, 0x2e, 0x4608, @void}, 0x10)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r12, <r13=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r14 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r13, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r14}, 0x10)
r15 = memfd_create(&(0x7f0000000000)='-!*\x00', 0x0)
fstatfs(r15, &(0x7f0000000040)=""/100)
r16 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00')
exit(0xffff)
renameat(r16, &(0x7f0000000140)='./mnt\x00', r16, &(0x7f0000000040)='./mnt\x00')
close_range(r9, 0xffffffffffffffff, 0x0)

352.634445ms ago: executing program 5 (id=822):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r3}, 0x18)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(0xffffffffffffffff, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0xa}, 0x20)
syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8923, &(0x7f00000001c0)={'hsr0\x00', @link_local})

325.455338ms ago: executing program 5 (id=823):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x8, &(0x7f0000000000)='S', 0x1)
getsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000000100)=""/19, &(0x7f0000000080)=0x13) (fail_nth: 2)

28.230257ms ago: executing program 2 (id=824):
syz_io_uring_setup(0x4ea0, &(0x7f0000000480)={0x0, 0x8981, 0x400, 0x0, 0x2f0}, 0x0, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b700000000000000"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x9, 0x6}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r5, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa1780c206050086dd6018232500102c"], 0x0)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r7 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))

1.90776ms ago: executing program 5 (id=825):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0xdffffffe, 0x80, 0xffffffff, 0x0, "8100e1c8e80b598c36ff000800"})
syz_open_pts(r0, 0x141601)
ioctl$TCFLSH(r0, 0x540b, 0x2)

1.68163ms ago: executing program 5 (id=826):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) (async)
r0 = socket$inet6(0xa, 0x3, 0x3)
setsockopt$inet6_int(r0, 0x29, 0x7, &(0x7f0000000140)=0x80000000, 0x4)
syz_emit_ethernet(0xfdef, &(0x7f0000000000)={@local, @empty, @val, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "5f1060", 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x22eb}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {0x8, 0x88be, 0x86ddffff}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0x4}}}}}}}}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1/file3\x00', 0x0) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffffc8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x2}, 0x18) (async)
renameat2(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) (async)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) (async)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0x9, @any, 0x4, 0x2}, 0xe) (async)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)

0s ago: executing program 2 (id=827):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20008050)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x7800, 0x8000, 0x1, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x3, 0x0, 0x0, 0x0, 0x0, @dev, @private=0x10000}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000940)={'syztnl0\x00', &(0x7f0000000140)={'gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0xfffffffffffffdf0, 0x0, 0x0, 0x0, 0x4, 0x0, @local, @broadcast}}}})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000000)={0x7, 0xd, 0x0, 0xffdffffc, 0x6, "00001000"})
write$binfmt_aout(r1, &(0x7f0000000400)=ANY=[], 0xff2e)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r2, 0x1)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000200)='kmem_cache_free\x00', r4}, 0x18)
setfsuid(0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f000000e0c0), 0x10010)
sendfile(r2, r5, 0x0, 0x100000000010001)
ioctl$TIOCGPTPEER(r1, 0x5441, 0x9)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000080)={0x0, 0xfffffffd, 0x0, 0x6, 0x1, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4}}]}}]}, 0x48}}, 0x1000)
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001000)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)

kernel console output (not intermixed with test programs):

he MAC address
[   85.133576][   T29] kauditd_printk_skb: 148 callbacks suppressed
[   85.133596][   T29] audit: type=1326 audit(1761165493.734:1500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4914 comm="syz.1.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[   85.148954][ T4921] .`: (slave 
€Â): Error -95 calling set_mac_address
[   85.177664][ T4416] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.189063][   T29] audit: type=1326 audit(1761165493.764:1501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4914 comm="syz.1.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[   85.214444][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[   85.217730][   T29] audit: type=1326 audit(1761165493.774:1502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4914 comm="syz.1.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[   85.229925][ T3596] udevd[3596]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[   85.233616][   T29] audit: type=1326 audit(1761165493.774:1503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4914 comm="syz.1.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[   85.233645][   T29] audit: type=1326 audit(1761165493.774:1504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4914 comm="syz.1.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[   85.269037][ T4916] netlink: 14 bytes leftover after parsing attributes in process `syz.1.394'.
[   85.286314][   T29] audit: type=1326 audit(1761165493.804:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4914 comm="syz.1.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[   85.418061][   T29] audit: type=1326 audit(1761165493.804:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4914 comm="syz.1.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[   85.441472][   T29] audit: type=1326 audit(1761165493.834:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4914 comm="syz.1.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[   85.464846][   T29] audit: type=1326 audit(1761165493.834:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4914 comm="syz.1.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[   85.488397][   T29] audit: type=1326 audit(1761165493.834:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4914 comm="syz.1.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[   85.514804][ T4916] .` (unregistering): (slave bond_slave_0): Releasing backup interface
[   85.529626][ T4916] .` (unregistering): (slave bond_slave_1): Releasing backup interface
[   85.550252][ T4934] vhci_hcd: invalid port number 96
[   85.555475][ T4934] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   85.564294][ T4916] .` (unregistering): Released all slaves
[   85.564666][ T4937] FAULT_INJECTION: forcing a failure.
[   85.564666][ T4937] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   85.583360][ T4937] CPU: 1 UID: 0 PID: 4937 Comm: syz.3.399 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   85.583432][ T4937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   85.583471][ T4937] Call Trace:
[   85.583479][ T4937]  <TASK>
[   85.583489][ T4937]  __dump_stack+0x1d/0x30
[   85.583584][ T4937]  dump_stack_lvl+0xe8/0x140
[   85.583610][ T4937]  dump_stack+0x15/0x1b
[   85.583636][ T4937]  should_fail_ex+0x265/0x280
[   85.583680][ T4937]  should_fail+0xb/0x20
[   85.583748][ T4937]  should_fail_usercopy+0x1a/0x20
[   85.583768][ T4937]  _copy_from_user+0x1c/0xb0
[   85.583841][ T4937]  __sys_bpf+0x183/0x7c0
[   85.583868][ T4937]  __x64_sys_bpf+0x41/0x50
[   85.583900][ T4937]  x64_sys_call+0x2aee/0x3000
[   85.583988][ T4937]  do_syscall_64+0xd2/0x200
[   85.584011][ T4937]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   85.584045][ T4937]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   85.584084][ T4937]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.584109][ T4937] RIP: 0033:0x7f9c0c57efc9
[   85.584172][ T4937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.584194][ T4937] RSP: 002b:00007f9c0afdf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   85.584218][ T4937] RAX: ffffffffffffffda RBX: 00007f9c0c7d5fa0 RCX: 00007f9c0c57efc9
[   85.584234][ T4937] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[   85.584249][ T4937] RBP: 00007f9c0afdf090 R08: 0000000000000000 R09: 0000000000000000
[   85.584272][ T4937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   85.584284][ T4937] R13: 00007f9c0c7d6038 R14: 00007f9c0c7d5fa0 R15: 00007fffc0dd0db8
[   85.584326][ T4937]  </TASK>
[   85.899909][ T4942] loop2: detected capacity change from 0 to 512
[   85.916317][ T4942] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
[   85.927101][ T4945] FAULT_INJECTION: forcing a failure.
[   85.927101][ T4945] name failslab, interval 1, probability 0, space 0, times 0
[   85.939883][ T4945] CPU: 1 UID: 0 PID: 4945 Comm: syz.0.402 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   85.939917][ T4945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   85.939932][ T4945] Call Trace:
[   85.939939][ T4945]  <TASK>
[   85.939947][ T4945]  __dump_stack+0x1d/0x30
[   85.940031][ T4945]  dump_stack_lvl+0xe8/0x140
[   85.940059][ T4945]  dump_stack+0x15/0x1b
[   85.940082][ T4945]  should_fail_ex+0x265/0x280
[   85.940119][ T4945]  should_failslab+0x8c/0xb0
[   85.940195][ T4945]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[   85.940232][ T4945]  ? __alloc_skb+0x101/0x320
[   85.940320][ T4945]  __alloc_skb+0x101/0x320
[   85.940401][ T4945]  alloc_skb_with_frags+0x7d/0x470
[   85.940484][ T4945]  ? selinux_file_open+0x2df/0x330
[   85.940527][ T4945]  sock_alloc_send_pskb+0x430/0x4e0
[   85.940600][ T4945]  ? mntput+0x4b/0x80
[   85.940619][ T4945]  tun_get_user+0x9b3/0x26e0
[   85.940778][ T4945]  ? ref_tracker_alloc+0x1f2/0x2f0
[   85.940864][ T4945]  ? selinux_file_permission+0x2f0/0x320
[   85.940948][ T4945]  tun_chr_write_iter+0x15e/0x210
[   85.940977][ T4945]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   85.941004][ T4945]  vfs_write+0x52a/0x960
[   85.941046][ T4945]  ksys_write+0xda/0x1a0
[   85.941161][ T4945]  __x64_sys_write+0x40/0x50
[   85.941208][ T4945]  x64_sys_call+0x2802/0x3000
[   85.941238][ T4945]  do_syscall_64+0xd2/0x200
[   85.941260][ T4945]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   85.941363][ T4945]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   85.941396][ T4945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.941426][ T4945] RIP: 0033:0x7f9b2c3fefc9
[   85.941506][ T4945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.941525][ T4945] RSP: 002b:00007f9b2ae67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   85.941544][ T4945] RAX: ffffffffffffffda RBX: 00007f9b2c655fa0 RCX: 00007f9b2c3fefc9
[   85.941578][ T4945] RDX: 000000000000fdef RSI: 0000200000000580 RDI: 00000000000000c8
[   85.941594][ T4945] RBP: 00007f9b2ae67090 R08: 0000000000000000 R09: 0000000000000000
[   85.941606][ T4945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   85.941618][ T4945] R13: 00007f9b2c656038 R14: 00007f9b2c655fa0 R15: 00007ffe0d438d58
[   85.941648][ T4945]  </TASK>
[   86.471147][ T4958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.404'.
[   86.888240][ T4964] loop2: detected capacity change from 0 to 512
[   86.916390][ T4964] EXT4-fs (loop2): orphan cleanup on readonly fs
[   86.930611][ T4964] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #15: comm syz.2.408: corrupted inode contents
[   86.954555][ T4964] EXT4-fs error (device loop2) in ext4_orphan_del:301: Corrupt filesystem
[   86.976933][ T4964] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #15: comm syz.2.408: corrupted inode contents
[   87.017184][ T4964] EXT4-fs error (device loop2): ext4_evict_inode:302: inode #15: comm syz.2.408: mark_inode_dirty error
[   87.152176][ T4974] vhci_hcd: invalid port number 96
[   87.157387][ T4974] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   87.197276][ T4964] EXT4-fs (loop2): 1 orphan inode deleted
[   87.203571][ T4964] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   87.238126][ T4976] netlink: 16 bytes leftover after parsing attributes in process `syz.3.410'.
[   87.321912][ T4981] FAULT_INJECTION: forcing a failure.
[   87.321912][ T4981] name failslab, interval 1, probability 0, space 0, times 0
[   87.334804][ T4981] CPU: 1 UID: 0 PID: 4981 Comm: syz.0.412 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   87.334838][ T4981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   87.334854][ T4981] Call Trace:
[   87.334863][ T4981]  <TASK>
[   87.334871][ T4981]  __dump_stack+0x1d/0x30
[   87.334893][ T4981]  dump_stack_lvl+0xe8/0x140
[   87.334970][ T4981]  dump_stack+0x15/0x1b
[   87.335001][ T4981]  should_fail_ex+0x265/0x280
[   87.335113][ T4981]  should_failslab+0x8c/0xb0
[   87.335215][ T4981]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[   87.335252][ T4981]  ? dup_task_struct+0x70/0x6b0
[   87.335293][ T4981]  dup_task_struct+0x70/0x6b0
[   87.335388][ T4981]  ? _parse_integer+0x27/0x40
[   87.335432][ T4981]  copy_process+0x399/0x2000
[   87.335468][ T4981]  ? kstrtouint+0x76/0xc0
[   87.335533][ T4981]  ? kstrtouint_from_user+0x9f/0xf0
[   87.335557][ T4981]  ? __rcu_read_unlock+0x4f/0x70
[   87.335661][ T4981]  kernel_clone+0x16c/0x5c0
[   87.335699][ T4981]  ? vfs_write+0x7e8/0x960
[   87.335733][ T4981]  __x64_sys_clone+0xe6/0x120
[   87.335852][ T4981]  x64_sys_call+0x119c/0x3000
[   87.335883][ T4981]  do_syscall_64+0xd2/0x200
[   87.335906][ T4981]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   87.335996][ T4981]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   87.336036][ T4981]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.336064][ T4981] RIP: 0033:0x7f9b2c3fefc9
[   87.336102][ T4981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.336120][ T4981] RSP: 002b:00007f9b2ae45fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   87.336139][ T4981] RAX: ffffffffffffffda RBX: 00007f9b2c656090 RCX: 00007f9b2c3fefc9
[   87.336155][ T4981] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000041200000
[   87.336167][ T4981] RBP: 00007f9b2ae46090 R08: 0000000000000000 R09: 0000000000000000
[   87.336179][ T4981] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[   87.336303][ T4981] R13: 00007f9b2c656128 R14: 00007f9b2c656090 R15: 00007ffe0d438d58
[   87.336328][ T4981]  </TASK>
[   87.553601][ T4982] FAT-fs (loop3): unable to read boot sector
[   87.590988][ T4983] loop3: detected capacity change from 0 to 256
[   87.617768][ T4964] FAULT_INJECTION: forcing a failure.
[   87.617768][ T4964] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   87.617936][ T4983] vfat: Unknown parameter 'syzkaller'
[   87.630911][ T4964] CPU: 0 UID: 0 PID: 4964 Comm: syz.2.408 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   87.630946][ T4964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   87.630961][ T4964] Call Trace:
[   87.630969][ T4964]  <TASK>
[   87.630980][ T4964]  __dump_stack+0x1d/0x30
[   87.631038][ T4964]  dump_stack_lvl+0xe8/0x140
[   87.631071][ T4964]  dump_stack+0x15/0x1b
[   87.631173][ T4964]  should_fail_ex+0x265/0x280
[   87.631224][ T4964]  should_fail+0xb/0x20
[   87.631246][ T4964]  should_fail_usercopy+0x1a/0x20
[   87.631325][ T4964]  _copy_to_user+0x20/0xa0
[   87.631362][ T4964]  simple_read_from_buffer+0xb5/0x130
[   87.631486][ T4964]  proc_fail_nth_read+0x10e/0x150
[   87.631535][ T4964]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   87.631580][ T4964]  vfs_read+0x1a8/0x770
[   87.631613][ T4964]  ? vt_ioctl+0x75f/0x18a0
[   87.631681][ T4964]  ? __rcu_read_unlock+0x4f/0x70
[   87.631731][ T4964]  ? __fget_files+0x184/0x1c0
[   87.631773][ T4964]  ksys_read+0xda/0x1a0
[   87.631809][ T4964]  __x64_sys_read+0x40/0x50
[   87.631842][ T4964]  x64_sys_call+0x27c0/0x3000
[   87.631890][ T4964]  do_syscall_64+0xd2/0x200
[   87.631914][ T4964]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   87.631954][ T4964]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   87.632017][ T4964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.632132][ T4964] RIP: 0033:0x7f9da7c4d9dc
[   87.632160][ T4964] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   87.632185][ T4964] RSP: 002b:00007f9da66b7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   87.632211][ T4964] RAX: ffffffffffffffda RBX: 00007f9da7ea5fa0 RCX: 00007f9da7c4d9dc
[   87.632229][ T4964] RDX: 000000000000000f RSI: 00007f9da66b70a0 RDI: 0000000000000013
[   87.632246][ T4964] RBP: 00007f9da66b7090 R08: 0000000000000000 R09: 0000000000000000
[   87.632308][ T4964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   87.632325][ T4964] R13: 00007f9da7ea6038 R14: 00007f9da7ea5fa0 R15: 00007ffea2595328
[   87.632352][ T4964]  </TASK>
[   87.850301][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.941548][ T4985] netlink: 16 bytes leftover after parsing attributes in process `syz.2.413'.
[   87.988339][ T4991] loop2: detected capacity change from 0 to 512
[   88.084263][ T4991] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   88.106678][ T4991] ext4 filesystem being mounted at /88/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   88.133335][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.210127][ T5000] veth0: mtu less than device minimum
[   88.441575][ T5010] netlink: 8 bytes leftover after parsing attributes in process `syz.0.421'.
[   88.713673][ T5014] bridge: RTM_NEWNEIGH with invalid ether address
[   88.726022][ T5014] loop3: detected capacity change from 0 to 164
[   88.868958][ T5020] loop1: detected capacity change from 0 to 512
[   88.875970][ T5016] vhci_hcd: invalid port number 96
[   88.881210][ T5016] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   88.886675][ T5020] journal_path: Lookup failure for './file0/../file0'
[   88.895148][ T5020] EXT4-fs: error: could not find journal device path
[   88.981718][ T5022] loop3: detected capacity change from 0 to 512
[   89.170590][ T5022] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   89.239371][ T5038] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   89.317201][ T5022] ext4 filesystem being mounted at /84/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   89.447188][ T5022] netlink: 'syz.3.425': attribute type 16 has an invalid length.
[   89.777279][ T5022] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   89.825091][ T5058] loop2: detected capacity change from 0 to 512
[   89.834972][ T5058] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[   89.981679][ T5064] vhci_hcd: invalid port number 96
[   89.987011][ T5064] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   90.017261][ T5078] ref_tracker: memory allocation failure, unreliable refcount tracker.
[   90.034692][ T5081] smc: net device bond0 applied user defined pnetid SYZ0
[   90.050917][ T5081] smc: net device bond0 erased user defined pnetid SYZ0
[   90.257170][ T5095] netlink: 28 bytes leftover after parsing attributes in process `syz.1.440'.
[   90.469496][ T5098] FAULT_INJECTION: forcing a failure.
[   90.469496][ T5098] name failslab, interval 1, probability 0, space 0, times 0
[   90.482219][ T5098] CPU: 1 UID: 0 PID: 5098 Comm: syz.5.443 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   90.482254][ T5098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   90.482277][ T5098] Call Trace:
[   90.482288][ T5098]  <TASK>
[   90.482299][ T5098]  __dump_stack+0x1d/0x30
[   90.482365][ T5098]  dump_stack_lvl+0xe8/0x140
[   90.482389][ T5098]  dump_stack+0x15/0x1b
[   90.482413][ T5098]  should_fail_ex+0x265/0x280
[   90.482475][ T5098]  should_failslab+0x8c/0xb0
[   90.482514][ T5098]  kmem_cache_alloc_noprof+0x50/0x480
[   90.482568][ T5098]  ? getname_flags+0x80/0x3b0
[   90.482609][ T5098]  getname_flags+0x80/0x3b0
[   90.482692][ T5098]  do_sys_openat2+0x60/0x110
[   90.482727][ T5098]  __x64_sys_openat+0xf2/0x120
[   90.482756][ T5098]  x64_sys_call+0x2eab/0x3000
[   90.482787][ T5098]  do_syscall_64+0xd2/0x200
[   90.482811][ T5098]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   90.482854][ T5098]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   90.482891][ T5098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.482920][ T5098] RIP: 0033:0x7f6b2db8efc9
[   90.482940][ T5098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.482964][ T5098] RSP: 002b:00007f6b2c5ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   90.483011][ T5098] RAX: ffffffffffffffda RBX: 00007f6b2dde6090 RCX: 00007f6b2db8efc9
[   90.483024][ T5098] RDX: 0000000000000000 RSI: 0000200000000200 RDI: ffffffffffffff9c
[   90.483039][ T5098] RBP: 00007f6b2c5ce090 R08: 0000000000000000 R09: 0000000000000000
[   90.483056][ T5098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   90.483071][ T5098] R13: 00007f6b2dde6128 R14: 00007f6b2dde6090 R15: 00007ffe76d61ba8
[   90.483098][ T5098]  </TASK>
[   90.850751][ T5114] loop0: detected capacity change from 0 to 512
[   90.859664][ T5114] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.442: invalid block
[   90.874491][ T5114] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.442: invalid indirect mapped block 4294967295 (level 1)
[   90.888796][ T5114] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.442: invalid indirect mapped block 4294967295 (level 1)
[   90.904855][ T5114] EXT4-fs (loop0): 2 truncates cleaned up
[   90.911279][ T5114] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   90.938844][ T5118] binfmt_misc: register: failed to install interpreter file ./file0
[   90.988213][   T29] kauditd_printk_skb: 115 callbacks suppressed
[   90.988232][   T29] audit: type=1400 audit(1761165499.594:1625): avc:  denied  { read } for  pid=5121 comm="syz.1.446" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   90.988815][ T5122] sd 0:0:1:0: device reset
[   91.001191][   T29] audit: type=1400 audit(1761165499.594:1626): avc:  denied  { ioctl } for  pid=5121 comm="syz.1.446" path="/dev/sg0" dev="devtmpfs" ino=135 ioctlcmd=0x2284 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   91.148496][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   91.431439][ T5134] FAULT_INJECTION: forcing a failure.
[   91.431439][ T5134] name failslab, interval 1, probability 0, space 0, times 0
[   91.444276][ T5134] CPU: 1 UID: 0 PID: 5134 Comm: syz.5.449 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   91.444324][ T5134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   91.444337][ T5134] Call Trace:
[   91.444344][ T5134]  <TASK>
[   91.444405][ T5134]  __dump_stack+0x1d/0x30
[   91.444432][ T5134]  dump_stack_lvl+0xe8/0x140
[   91.444457][ T5134]  dump_stack+0x15/0x1b
[   91.444605][ T5134]  should_fail_ex+0x265/0x280
[   91.444651][ T5134]  should_failslab+0x8c/0xb0
[   91.444688][ T5134]  kmem_cache_alloc_noprof+0x50/0x480
[   91.444799][ T5134]  ? copy_fs_struct+0x31/0x110
[   91.444853][ T5134]  copy_fs_struct+0x31/0x110
[   91.444896][ T5134]  ksys_unshare+0x2c6/0x6d0
[   91.444948][ T5134]  ? ksys_write+0x192/0x1a0
[   91.444983][ T5134]  __x64_sys_unshare+0x1f/0x30
[   91.445027][ T5134]  x64_sys_call+0x2915/0x3000
[   91.445095][ T5134]  do_syscall_64+0xd2/0x200
[   91.445187][ T5134]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   91.445224][ T5134]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   91.445268][ T5134]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.445296][ T5134] RIP: 0033:0x7f6b2db8efc9
[   91.445316][ T5134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.445340][ T5134] RSP: 002b:00007f6b2c5ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[   91.445364][ T5134] RAX: ffffffffffffffda RBX: 00007f6b2dde6090 RCX: 00007f6b2db8efc9
[   91.445397][ T5134] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000064000600
[   91.445410][ T5134] RBP: 00007f6b2c5ce090 R08: 0000000000000000 R09: 0000000000000000
[   91.445422][ T5134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   91.445434][ T5134] R13: 00007f6b2dde6128 R14: 00007f6b2dde6090 R15: 00007ffe76d61ba8
[   91.445454][ T5134]  </TASK>
[   91.639909][ T5139] netlink: 'syz.2.451': attribute type 8 has an invalid length.
[   91.677917][   T29] audit: type=1400 audit(1761165500.284:1627): avc:  denied  { map } for  pid=5138 comm="syz.2.451" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   91.701728][   T29] audit: type=1400 audit(1761165500.284:1628): avc:  denied  { execute } for  pid=5138 comm="syz.2.451" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   91.725868][   T29] audit: type=1400 audit(1761165500.284:1629): avc:  denied  { write } for  pid=5138 comm="syz.2.451" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   91.754499][ T5147] netlink: 'syz.2.451': attribute type 8 has an invalid length.
[   92.303068][   T29] audit: type=1400 audit(1761165500.904:1630): avc:  denied  { write } for  pid=5162 comm="syz.1.453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   92.322434][   T29] audit: type=1326 audit(1761165500.904:1631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5162 comm="syz.1.453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[   92.345919][   T29] audit: type=1326 audit(1761165500.904:1632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5162 comm="syz.1.453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[   92.369260][   T29] audit: type=1326 audit(1761165500.904:1633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5162 comm="syz.1.453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[   92.392620][   T29] audit: type=1326 audit(1761165500.904:1634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5162 comm="syz.1.453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[   92.472355][ T5173] binfmt_misc: register: failed to install interpreter file ./file0
[   92.786146][ T5182] netlink: 28 bytes leftover after parsing attributes in process `syz.1.455'.
[   93.109747][ T5184] loop0: detected capacity change from 0 to 512
[   93.212803][ T5184] EXT4-fs (loop0): 1 orphan inode deleted
[   93.219741][ T5184] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   93.237455][ T5184] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   93.256606][  T389] EXT4-fs error (device loop0): ext4_release_dquot:6981: comm kworker/u8:6: Failed to release dquot type 1
[   94.537051][ T5192] FAULT_INJECTION: forcing a failure.
[   94.537051][ T5192] name failslab, interval 1, probability 0, space 0, times 0
[   94.550279][ T5192] CPU: 0 UID: 0 PID: 5192 Comm: syz.2.460 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   94.550315][ T5192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   94.550344][ T5192] Call Trace:
[   94.550350][ T5192]  <TASK>
[   94.550357][ T5192]  __dump_stack+0x1d/0x30
[   94.550380][ T5192]  dump_stack_lvl+0xe8/0x140
[   94.550440][ T5192]  dump_stack+0x15/0x1b
[   94.550463][ T5192]  should_fail_ex+0x265/0x280
[   94.550507][ T5192]  ? __se_sys_memfd_create+0x1cc/0x590
[   94.550539][ T5192]  should_failslab+0x8c/0xb0
[   94.550614][ T5192]  __kmalloc_cache_noprof+0x4c/0x4a0
[   94.550655][ T5192]  ? fput+0x8f/0xc0
[   94.550709][ T5192]  __se_sys_memfd_create+0x1cc/0x590
[   94.550748][ T5192]  __x64_sys_memfd_create+0x31/0x40
[   94.550779][ T5192]  x64_sys_call+0x2ac2/0x3000
[   94.550855][ T5192]  do_syscall_64+0xd2/0x200
[   94.550878][ T5192]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   94.550916][ T5192]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   94.550996][ T5192]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.551017][ T5192] RIP: 0033:0x7f9da7c4efc9
[   94.551036][ T5192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.551087][ T5192] RSP: 002b:00007f9da6674e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   94.551107][ T5192] RAX: ffffffffffffffda RBX: 0000000000000521 RCX: 00007f9da7c4efc9
[   94.551123][ T5192] RDX: 00007f9da6674ef0 RSI: 0000000000000000 RDI: 00007f9da7cd2960
[   94.551139][ T5192] RBP: 0000200000000640 R08: 00007f9da6674bb7 R09: 00007f9da6674e40
[   94.551192][ T5192] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000200
[   94.551208][ T5192] R13: 00007f9da6674ef0 R14: 00007f9da6674eb0 R15: 0000200000000600
[   94.551232][ T5192]  </TASK>
[   94.800621][ T5198] loop1: detected capacity change from 0 to 512
[   94.893440][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.077059][ T5198] EXT4-fs error (device loop1): ext4_init_orphan_info:581: comm syz.1.461: inode #0: comm syz.1.461: iget: illegal inode #
[   95.238728][ T5198] EXT4-fs (loop1): get orphan inode failed
[   95.244748][ T5198] EXT4-fs (loop1): mount failed
[   95.358588][ T5208] SELinux:  Context @ is not valid (left unmapped).
[   95.376401][ T5193] netlink: 8 bytes leftover after parsing attributes in process `syz.1.461'.
[   95.602137][ T5181] 
: renamed from bond0 (while UP)
[   95.899537][ T5219] binfmt_misc: register: failed to install interpreter file ./file0
[   96.001780][ T5216] FAULT_INJECTION: forcing a failure.
[   96.001780][ T5216] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   96.015379][   T29] kauditd_printk_skb: 74 callbacks suppressed
[   96.015399][   T29] audit: type=1400 audit(1761165504.584:1708): avc:  denied  { setopt } for  pid=5215 comm="syz.2.468" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   96.041860][ T5216] CPU: 0 UID: 0 PID: 5216 Comm: syz.2.468 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   96.041887][ T5216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   96.041901][ T5216] Call Trace:
[   96.041908][ T5216]  <TASK>
[   96.041916][ T5216]  __dump_stack+0x1d/0x30
[   96.041945][ T5216]  dump_stack_lvl+0xe8/0x140
[   96.042042][ T5216]  dump_stack+0x15/0x1b
[   96.042059][ T5216]  should_fail_ex+0x265/0x280
[   96.042130][ T5216]  should_fail+0xb/0x20
[   96.042149][ T5216]  should_fail_usercopy+0x1a/0x20
[   96.042195][ T5216]  _copy_from_user+0x1c/0xb0
[   96.042227][ T5216]  __sys_bpf+0x183/0x7c0
[   96.042258][ T5216]  __x64_sys_bpf+0x41/0x50
[   96.042288][ T5216]  x64_sys_call+0x2aee/0x3000
[   96.042386][ T5216]  do_syscall_64+0xd2/0x200
[   96.042408][ T5216]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   96.042448][ T5216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.042470][ T5216] RIP: 0033:0x7f9da7c4efc9
[   96.042489][ T5216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.042536][ T5216] RSP: 002b:00007f9da66b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   96.042560][ T5216] RAX: ffffffffffffffda RBX: 00007f9da7ea5fa0 RCX: 00007f9da7c4efc9
[   96.042576][ T5216] RDX: 0000000000000020 RSI: 00002000000007c0 RDI: 0000000000000003
[   96.042591][ T5216] RBP: 00007f9da66b7090 R08: 0000000000000000 R09: 0000000000000000
[   96.042603][ T5216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   96.042614][ T5216] R13: 00007f9da7ea6038 R14: 00007f9da7ea5fa0 R15: 00007ffea2595328
[   96.042689][ T5216]  </TASK>
[   96.294635][ T5189] syz.1.461 (5189) used greatest stack depth: 7496 bytes left
[   96.305053][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.589558][ T5227] netlink: 28 bytes leftover after parsing attributes in process `syz.1.471'.
[   96.748030][   T29] audit: type=1326 audit(1761165505.354:1709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5232 comm="syz.2.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9da7c4efc9 code=0x7ffc0000
[   96.805219][   T29] audit: type=1326 audit(1761165505.384:1710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5232 comm="syz.2.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9da7c4efc9 code=0x7ffc0000
[   96.828650][   T29] audit: type=1326 audit(1761165505.384:1711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5232 comm="syz.2.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9da7c4efc9 code=0x7ffc0000
[   96.852089][   T29] audit: type=1326 audit(1761165505.384:1712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5232 comm="syz.2.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9da7c4efc9 code=0x7ffc0000
[   96.875534][   T29] audit: type=1326 audit(1761165505.384:1713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5232 comm="syz.2.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9da7c4efc9 code=0x7ffc0000
[   96.898990][   T29] audit: type=1326 audit(1761165505.384:1714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5232 comm="syz.2.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9da7c4efc9 code=0x7ffc0000
[   96.922365][   T29] audit: type=1326 audit(1761165505.384:1715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5232 comm="syz.2.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9da7c4efc9 code=0x7ffc0000
[   96.945906][   T29] audit: type=1326 audit(1761165505.384:1716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5232 comm="syz.2.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9da7c4efc9 code=0x7ffc0000
[   96.969414][   T29] audit: type=1326 audit(1761165505.384:1717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5232 comm="syz.2.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9da7c4efc9 code=0x7ffc0000
[   97.306309][ T5248] netlink: 'syz.1.478': attribute type 6 has an invalid length.
[   97.390617][ T5258] loop3: detected capacity change from 0 to 256
[   98.279357][ T5266] loop5: detected capacity change from 0 to 1024
[   98.286071][ T5266] EXT4-fs: Ignoring removed orlov option
[   98.312561][ T5258] FAT-fs (loop3): IO charset iso8859-14 not found
[   98.380736][ T5266] EXT4-fs (loop5): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   98.478890][ T5268] loop3: detected capacity change from 0 to 1156
[   98.496340][ T5270] loop1: detected capacity change from 0 to 256
[   98.507638][ T5270] FAT-fs (loop1): bogus number of FAT sectors
[   98.513837][ T5270] FAT-fs (loop1): Can't find a valid FAT filesystem
[   98.582838][ T5266] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.697332][ T5266] FAULT_INJECTION: forcing a failure.
[   98.697332][ T5266] name failslab, interval 1, probability 0, space 0, times 0
[   98.710095][ T5266] CPU: 1 UID: 0 PID: 5266 Comm: syz.5.482 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   98.710121][ T5266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   98.710145][ T5266] Call Trace:
[   98.710154][ T5266]  <TASK>
[   98.710163][ T5266]  __dump_stack+0x1d/0x30
[   98.710229][ T5266]  dump_stack_lvl+0xe8/0x140
[   98.710248][ T5266]  dump_stack+0x15/0x1b
[   98.710269][ T5266]  should_fail_ex+0x265/0x280
[   98.710362][ T5266]  ? ext4_expand_extra_isize_ea+0x777/0x11f0
[   98.710482][ T5266]  should_failslab+0x8c/0xb0
[   98.710516][ T5266]  __kmalloc_cache_noprof+0x4c/0x4a0
[   98.710548][ T5266]  ext4_expand_extra_isize_ea+0x777/0x11f0
[   98.710612][ T5266]  ? ext4_fc_track_inode+0x9f/0x530
[   98.710678][ T5266]  ? errseq_check+0x2c/0x50
[   98.710774][ T5266]  __ext4_expand_extra_isize+0x246/0x280
[   98.710843][ T5266]  __ext4_mark_inode_dirty+0x29d/0x3f0
[   98.710887][ T5266]  ext4_dirty_inode+0x92/0xc0
[   98.710908][ T5266]  ? __pfx_ext4_dirty_inode+0x10/0x10
[   98.710953][ T5266]  __mark_inode_dirty+0x162/0x750
[   98.711034][ T5266]  file_modified_flags+0x324/0x350
[   98.711075][ T5266]  file_modified+0x17/0x20
[   98.711172][ T5266]  ext4_buffered_write_iter+0x1d0/0x3c0
[   98.711195][ T5266]  ext4_file_write_iter+0x387/0xf60
[   98.711226][ T5266]  ? kstrtouint_from_user+0x9f/0xf0
[   98.711251][ T5266]  ? 0xffffffff81000000
[   98.711285][ T5266]  ? __rcu_read_unlock+0x4f/0x70
[   98.711314][ T5266]  ? avc_policy_seqno+0x15/0x30
[   98.711338][ T5266]  ? selinux_file_permission+0x1e4/0x320
[   98.711375][ T5266]  ? __pfx_ext4_file_write_iter+0x10/0x10
[   98.711425][ T5266]  vfs_write+0x52a/0x960
[   98.711463][ T5266]  __x64_sys_pwrite64+0xfd/0x150
[   98.711492][ T5266]  x64_sys_call+0xc4d/0x3000
[   98.711599][ T5266]  do_syscall_64+0xd2/0x200
[   98.711622][ T5266]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   98.711658][ T5266]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   98.711695][ T5266]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.711716][ T5266] RIP: 0033:0x7f6b2db8efc9
[   98.711729][ T5266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.711750][ T5266] RSP: 002b:00007f6b2c5ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[   98.711774][ T5266] RAX: ffffffffffffffda RBX: 00007f6b2dde6180 RCX: 00007f6b2db8efc9
[   98.711789][ T5266] RDX: 0000000000000001 RSI: 0000200000000340 RDI: 0000000000000009
[   98.711846][ T5266] RBP: 00007f6b2c5ad090 R08: 0000000000000000 R09: 0000000000000000
[   98.711858][ T5266] R10: 000000000004fed0 R11: 0000000000000246 R12: 0000000000000001
[   98.711870][ T5266] R13: 00007f6b2dde6218 R14: 00007f6b2dde6180 R15: 00007ffe76d61ba8
[   98.711890][ T5266]  </TASK>
[   99.044304][ T5293] loop3: detected capacity change from 0 to 128
[   99.059551][ T5293] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   99.072283][ T5293] ext4 filesystem being mounted at /92/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   99.448382][ T3312] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   99.530430][ T5303] netlink: 4 bytes leftover after parsing attributes in process `syz.1.493'.
[   99.657786][ T5306] 9pnet_fd: Insufficient options for proto=fd
[   99.845217][ T5322] infiniband syz0: set active
[   99.845242][ T5322] infiniband syz0: added bond_slave_0
[   99.860732][ T5322] RDS/IB: syz0: added
[   99.860752][ T5322] smc: adding ib device syz0 with port count 1
[   99.860845][ T5322] smc:    ib device syz0 port 1 has no pnetid
[   99.999821][ T5324] netlink: 36 bytes leftover after parsing attributes in process `syz.3.496'.
[  100.249785][ T5341] loop2: detected capacity change from 0 to 2048
[  100.266325][ T5341] EXT4-fs: Ignoring removed bh option
[  100.298144][ T5341] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  100.320127][ T5350] loop0: detected capacity change from 0 to 512
[  100.336911][ T5350] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  100.362227][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.366765][ T5352] loop3: detected capacity change from 0 to 512
[  100.387308][ T5350] EXT4-fs (loop0): 1 truncate cleaned up
[  100.394763][ T5350] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  100.639045][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.821598][ T5376] syz_tun: entered allmulticast mode
[  100.837065][ T5376] loop0: detected capacity change from 0 to 2048
[  100.858513][ T5376] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  100.871304][ T5376] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.892474][ T5376] loop0: detected capacity change from 0 to 1024
[  100.901905][ T5376] netlink: 8 bytes leftover after parsing attributes in process `syz.0.513'.
[  100.911331][ T5375] syz_tun: left allmulticast mode
[  100.935656][ T5380] loop0: detected capacity change from 0 to 1024
[  100.942422][ T5380] ext2: Unknown parameter 'dont_appraise'
[  100.969537][ T5382] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  100.982717][ T5382] loop0: detected capacity change from 0 to 1024
[  100.989676][ T5382] EXT4-fs: Ignoring removed nobh option
[  100.995811][ T5382] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  101.008753][ T5382] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #11: comm syz.0.515: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  101.027609][ T5382] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.515: couldn't read orphan inode 11 (err -117)
[  101.040188][ T5382] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.054090][   T29] kauditd_printk_skb: 136 callbacks suppressed
[  101.054107][   T29] audit: type=1400 audit(1761165509.664:1854): avc:  denied  { create } for  pid=5381 comm="syz.0.515" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  101.054713][ T5382] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.515: Invalid block bitmap block 0 in block_group 0
[  101.095333][ T5382] Quota error (device loop0): write_blk: dquota write failed
[  101.102827][ T5382] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  101.114522][ T5382] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.515: Failed to acquire dquot type 0
[  101.128601][   T29] audit: type=1326 audit(1761165509.734:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5381 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2c3fefc9 code=0x7ffc0000
[  101.152475][   T29] audit: type=1326 audit(1761165509.754:1856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5381 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7f9b2c3fefc9 code=0x7ffc0000
[  101.178361][   T29] audit: type=1326 audit(1761165509.784:1857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5381 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2c3fefc9 code=0x7ffc0000
[  101.203208][   T29] audit: type=1326 audit(1761165509.804:1858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5381 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2c3fefc9 code=0x7ffc0000
[  101.245343][ T5386] loop2: detected capacity change from 0 to 512
[  101.261163][ T5386] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.287289][ T5386] ext4 filesystem being mounted at /109/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  101.326743][   T29] audit: type=1326 audit(1761165509.904:1859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5381 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9b2c3fd810 code=0x7ffc0000
[  101.350266][   T29] audit: type=1326 audit(1761165509.904:1860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5381 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9b2c3fd810 code=0x7ffc0000
[  101.373963][   T29] audit: type=1326 audit(1761165509.904:1861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5381 comm="syz.0.515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b2c3fefc9 code=0x7ffc0000
[  101.401941][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.411122][   T12] EXT4-fs error (device loop0): ext4_release_dquot:6981: comm kworker/u8:0: Failed to release dquot type 0
[  101.423439][ T4416] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.472789][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.483677][ T5396] netlink: 16 bytes leftover after parsing attributes in process `syz.5.517'.
[  101.496116][ T5399] FAULT_INJECTION: forcing a failure.
[  101.496116][ T5399] name failslab, interval 1, probability 0, space 0, times 0
[  101.508809][ T5399] CPU: 0 UID: 0 PID: 5399 Comm: syz.0.522 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  101.508911][ T5399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  101.508928][ T5399] Call Trace:
[  101.508936][ T5399]  <TASK>
[  101.508945][ T5399]  __dump_stack+0x1d/0x30
[  101.508971][ T5399]  dump_stack_lvl+0xe8/0x140
[  101.508995][ T5399]  dump_stack+0x15/0x1b
[  101.509078][ T5399]  should_fail_ex+0x265/0x280
[  101.509120][ T5399]  should_failslab+0x8c/0xb0
[  101.509174][ T5399]  __kmalloc_node_track_caller_noprof+0xa5/0x580
[  101.509254][ T5399]  ? sidtab_sid2str_get+0xa0/0x130
[  101.509294][ T5399]  kmemdup_noprof+0x2b/0x70
[  101.509394][ T5399]  sidtab_sid2str_get+0xa0/0x130
[  101.509427][ T5399]  security_sid_to_context_core+0x1eb/0x2e0
[  101.509463][ T5399]  security_sid_to_context_force+0x2a/0x40
[  101.509526][ T5399]  selinux_inode_getsecurity+0x2c4/0x2e0
[  101.509566][ T5399]  security_inode_getsecurity+0xcf/0xe0
[  101.509598][ T5399]  vfs_getxattr+0x140/0x250
[  101.509628][ T5399]  do_getxattr+0x129/0x2b0
[  101.509657][ T5399]  path_getxattrat+0x22c/0x2a0
[  101.509704][ T5399]  __x64_sys_fgetxattr+0x59/0x70
[  101.509820][ T5399]  x64_sys_call+0x1ab3/0x3000
[  101.509847][ T5399]  do_syscall_64+0xd2/0x200
[  101.509868][ T5399]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  101.509906][ T5399]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  101.509951][ T5399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.509976][ T5399] RIP: 0033:0x7f9b2c3fefc9
[  101.509993][ T5399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.510060][ T5399] RSP: 002b:00007f9b2ae67038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c1
[  101.510083][ T5399] RAX: ffffffffffffffda RBX: 00007f9b2c655fa0 RCX: 00007f9b2c3fefc9
[  101.510096][ T5399] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003
[  101.510109][ T5399] RBP: 00007f9b2ae67090 R08: 0000000000000000 R09: 0000000000000000
[  101.510121][ T5399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  101.510159][ T5399] R13: 00007f9b2c656038 R14: 00007f9b2c655fa0 R15: 00007ffe0d438d58
[  101.510179][ T5399]  </TASK>
[  101.514552][ T5396] loop5: detected capacity change from 0 to 256
[  101.574906][ T5404] loop1: detected capacity change from 0 to 1024
[  101.660804][ T5406] netlink: 24 bytes leftover after parsing attributes in process `syz.0.526'.
[  101.662433][ T5404] ext2: Unknown parameter 'dont_appraise'
[  101.813768][ T5417] loop0: detected capacity change from 0 to 256
[  101.832962][ T5417] FAT-fs (loop0): codepage cp866 not found
[  101.923371][ T5420] netlink: 8 bytes leftover after parsing attributes in process `syz.1.527'.
[  101.944205][ T5417] netlink: 'syz.0.530': attribute type 3 has an invalid length.
[  101.952762][ T5417] ./file0: Can't lookup blockdev
[  101.962311][ T5417] loop0: detected capacity change from 0 to 1024
[  101.969104][ T5417] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  102.022683][ T5402] netlink: 'syz.3.524': attribute type 1 has an invalid length.
[  102.093013][ T5402] bond1: (slave geneve2): making interface the new active one
[  102.127405][ T5402] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  102.136166][  T389] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0
[  102.181421][  T389] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0
[  102.221395][  T389] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0
[  102.230596][  T389] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0
[  102.276300][ T5437] Cannot find add_set index 0 as target
[  102.306440][ T5437] SELinux:  Context Ü is not valid (left unmapped).
[  102.333582][ T5437] loop0: detected capacity change from 0 to 512
[  102.343861][ T5437] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  102.355959][ T5437] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.386143][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.412207][ T5448] loop0: detected capacity change from 0 to 1024
[  102.419199][ T5448] ext2: Unknown parameter 'dont_appraise'
[  102.623394][ T5454] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5454 comm=syz.0.540
[  102.657372][ T5454] netlink: 'syz.0.540': attribute type 12 has an invalid length.
[  102.665198][ T5454] netlink: 'syz.0.540': attribute type 29 has an invalid length.
[  102.672998][ T5454] netlink: 148 bytes leftover after parsing attributes in process `syz.0.540'.
[  102.681981][ T5454] netlink: 59 bytes leftover after parsing attributes in process `syz.0.540'.
[  102.741159][ T5462] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  102.793740][ T5458] loop1: detected capacity change from 0 to 8192
[  102.808145][ T5462] loop3: detected capacity change from 0 to 1024
[  102.814903][ T5462] EXT4-fs: Ignoring removed nobh option
[  102.825134][ T5462] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  102.846273][ T5462] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #11: comm syz.3.543: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  102.866043][ T5462] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.543: couldn't read orphan inode 11 (err -117)
[  102.880539][ T5462] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.919776][ T5462] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.543: Invalid block bitmap block 0 in block_group 0
[  102.943723][ T5462] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.543: Failed to acquire dquot type 0
[  103.004065][ T5488] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  103.062380][ T5488] loop1: detected capacity change from 0 to 1024
[  103.079647][ T5488] loop1: detected capacity change from 0 to 256
[  103.091128][ T5488] vfat: Deprecated parameter 'posix'
[  103.092109][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.096484][ T5488] FAT-fs: "posix" option is obsolete, not supported now
[  103.105759][  T389] EXT4-fs error (device loop3): ext4_release_dquot:6981: comm kworker/u8:6: Failed to release dquot type 0
[  103.264388][ T5502] xt_cluster: node mask cannot exceed total number of nodes
[  103.379272][ T5513] FAULT_INJECTION: forcing a failure.
[  103.379272][ T5513] name failslab, interval 1, probability 0, space 0, times 0
[  103.392022][ T5513] CPU: 1 UID: 0 PID: 5513 Comm: syz.3.561 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  103.392054][ T5513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  103.392070][ T5513] Call Trace:
[  103.392108][ T5513]  <TASK>
[  103.392116][ T5513]  __dump_stack+0x1d/0x30
[  103.392142][ T5513]  dump_stack_lvl+0xe8/0x140
[  103.392165][ T5513]  dump_stack+0x15/0x1b
[  103.392207][ T5513]  should_fail_ex+0x265/0x280
[  103.392244][ T5513]  should_failslab+0x8c/0xb0
[  103.392276][ T5513]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  103.392339][ T5513]  ? __alloc_skb+0x101/0x320
[  103.392370][ T5513]  __alloc_skb+0x101/0x320
[  103.392401][ T5513]  netlink_alloc_large_skb+0xbf/0xf0
[  103.392429][ T5513]  netlink_sendmsg+0x3cf/0x6b0
[  103.392501][ T5513]  ? __pfx_netlink_sendmsg+0x10/0x10
[  103.392546][ T5513]  __sock_sendmsg+0x145/0x180
[  103.392575][ T5513]  ____sys_sendmsg+0x31e/0x4e0
[  103.392619][ T5513]  ___sys_sendmsg+0x17b/0x1d0
[  103.392736][ T5513]  __x64_sys_sendmsg+0xd4/0x160
[  103.392776][ T5513]  x64_sys_call+0x191e/0x3000
[  103.392846][ T5513]  do_syscall_64+0xd2/0x200
[  103.392861][ T5513]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  103.392887][ T5513]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  103.392913][ T5513]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.393003][ T5513] RIP: 0033:0x7f9c0c57efc9
[  103.393016][ T5513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.393031][ T5513] RSP: 002b:00007f9c0afdf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  103.393046][ T5513] RAX: ffffffffffffffda RBX: 00007f9c0c7d5fa0 RCX: 00007f9c0c57efc9
[  103.393101][ T5513] RDX: 0000000000040000 RSI: 0000200000000200 RDI: 0000000000000003
[  103.393131][ T5513] RBP: 00007f9c0afdf090 R08: 0000000000000000 R09: 0000000000000000
[  103.393140][ T5513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  103.393150][ T5513] R13: 00007f9c0c7d6038 R14: 00007f9c0c7d5fa0 R15: 00007fffc0dd0db8
[  103.393166][ T5513]  </TASK>
[  103.598221][ T5515] FAULT_INJECTION: forcing a failure.
[  103.598221][ T5515] name failslab, interval 1, probability 0, space 0, times 0
[  103.610974][ T5515] CPU: 0 UID: 0 PID: 5515 Comm: syz.2.559 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  103.611079][ T5515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  103.611094][ T5515] Call Trace:
[  103.611103][ T5515]  <TASK>
[  103.611165][ T5515]  __dump_stack+0x1d/0x30
[  103.611199][ T5515]  dump_stack_lvl+0xe8/0x140
[  103.611223][ T5515]  dump_stack+0x15/0x1b
[  103.611244][ T5515]  should_fail_ex+0x265/0x280
[  103.611284][ T5515]  should_failslab+0x8c/0xb0
[  103.611353][ T5515]  kmem_cache_alloc_noprof+0x50/0x480
[  103.611388][ T5515]  ? prepare_creds+0x37/0x4c0
[  103.611446][ T5515]  prepare_creds+0x37/0x4c0
[  103.611482][ T5515]  lookup_user_key+0x12a/0xd10
[  103.611503][ T5515]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  103.611526][ T5515]  __se_sys_add_key+0x268/0x350
[  103.611603][ T5515]  __x64_sys_add_key+0x67/0x80
[  103.611636][ T5515]  x64_sys_call+0x28c8/0x3000
[  103.611694][ T5515]  do_syscall_64+0xd2/0x200
[  103.611753][ T5515]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  103.611778][ T5515]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  103.611838][ T5515]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.611857][ T5515] RIP: 0033:0x7f9da7c4efc9
[  103.611870][ T5515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.611885][ T5515] RSP: 002b:00007f9da6675038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  103.611972][ T5515] RAX: ffffffffffffffda RBX: 00007f9da7ea6180 RCX: 00007f9da7c4efc9
[  103.611983][ T5515] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000000c0
[  103.611993][ T5515] RBP: 00007f9da6675090 R08: ffffffffffffffff R09: 0000000000000000
[  103.612065][ T5515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  103.612075][ T5515] R13: 00007f9da7ea6218 R14: 00007f9da7ea6180 R15: 00007ffea2595328
[  103.612092][ T5515]  </TASK>
[  103.824723][ T5518] SELinux:  Context system_u:object_r:pam_var_run_t:s0 is not valid (left unmapped).
[  103.834771][ T5521] netlink: 'syz.0.564': attribute type 4 has an invalid length.
[  103.863492][ T5525] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  103.896297][ T5531] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  103.917779][ T5531] loop0: detected capacity change from 0 to 1024
[  103.929257][ T5533] loop3: detected capacity change from 0 to 1024
[  103.929930][ T5531] EXT4-fs: Ignoring removed nobh option
[  103.939738][ T5533] EXT4-fs: Ignoring removed nobh option
[  103.941863][ T5531] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  103.948852][ T5528] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5528 comm=syz.5.567
[  103.957965][ T5533] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  103.980733][ T5531] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #11: comm syz.0.568: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  103.999605][ T5531] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.568: couldn't read orphan inode 11 (err -117)
[  104.002761][ T5533] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #11: comm syz.3.566: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  104.012519][ T5531] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.047715][ T5533] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.566: couldn't read orphan inode 11 (err -117)
[  104.058058][ T5531] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.568: Invalid block bitmap block 0 in block_group 0
[  104.060189][ T5533] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.075434][ T5531] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.568: Failed to acquire dquot type 0
[  104.085838][ T5536] vhci_hcd: invalid port number 96
[  104.101688][ T5536] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  104.129853][ T5542] netlink: 'syz.1.570': attribute type 4 has an invalid length.
[  104.153796][ T5525] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.566: Invalid block bitmap block 0 in block_group 0
[  104.177964][ T5544] binfmt_misc: register: failed to install interpreter file ./file0
[  104.208264][ T5525] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.566: Failed to acquire dquot type 0
[  104.211555][ T5550] can0: slcan on ttyS3.
[  104.268919][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.278276][ T5550] can0 (unregistered): slcan off ttyS3.
[  104.284740][ T3494] EXT4-fs error (device loop0): ext4_release_dquot:6981: comm kworker/u8:7: Failed to release dquot type 0
[  104.384923][ T5562] sctp: [Deprecated]: syz.1.579 (pid 5562) Use of struct sctp_assoc_value in delayed_ack socket option.
[  104.384923][ T5562] Use struct sctp_sack_info instead
[  104.390792][ T5554] netlink: 4 bytes leftover after parsing attributes in process `syz.2.577'.
[  104.468108][ T5554] netlink: 4 bytes leftover after parsing attributes in process `syz.2.577'.
[  104.482988][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.495171][ T5569] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.502503][ T5569] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.619023][ T3494] EXT4-fs error (device loop3): ext4_release_dquot:6981: comm kworker/u8:7: Failed to release dquot type 0
[  104.660105][ T5569] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  104.679369][ T5569] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  104.788336][ T5582] netlink: 60 bytes leftover after parsing attributes in process `syz.5.586'.
[  104.803024][ T5602] netlink: 'syz.3.584': attribute type 1 has an invalid length.
[  104.813129][   T12] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  104.883144][   T12] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  104.921777][   T12] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  104.954911][   T12] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  104.987570][ T5613] loop1: detected capacity change from 0 to 512
[  105.024051][ T5613] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.055658][ T5613] ext4 filesystem being mounted at /105/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  105.094728][ T5613] netlink: 'syz.1.587': attribute type 16 has an invalid length.
[  105.119168][ T5613] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  105.137831][ T5625] FAULT_INJECTION: forcing a failure.
[  105.137831][ T5625] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  105.150935][ T5625] CPU: 0 UID: 0 PID: 5625 Comm: syz.5.594 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  105.150967][ T5625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  105.150982][ T5625] Call Trace:
[  105.150989][ T5625]  <TASK>
[  105.150998][ T5625]  __dump_stack+0x1d/0x30
[  105.151086][ T5625]  dump_stack_lvl+0xe8/0x140
[  105.151112][ T5625]  dump_stack+0x15/0x1b
[  105.151132][ T5625]  should_fail_ex+0x265/0x280
[  105.151167][ T5625]  should_fail+0xb/0x20
[  105.151191][ T5625]  should_fail_usercopy+0x1a/0x20
[  105.151216][ T5625]  strncpy_from_user+0x25/0x230
[  105.151242][ T5625]  ? kmem_cache_alloc_noprof+0x242/0x480
[  105.151274][ T5625]  ? getname_flags+0x80/0x3b0
[  105.151323][ T5625]  getname_flags+0xae/0x3b0
[  105.151361][ T5625]  __x64_sys_execve+0x42/0x70
[  105.151389][ T5625]  x64_sys_call+0x271a/0x3000
[  105.151416][ T5625]  do_syscall_64+0xd2/0x200
[  105.151435][ T5625]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  105.151615][ T5625]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  105.151645][ T5625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.151665][ T5625] RIP: 0033:0x7f6b2db8efc9
[  105.151679][ T5625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.151701][ T5625] RSP: 002b:00007f6b2c5ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[  105.151779][ T5625] RAX: ffffffffffffffda RBX: 00007f6b2dde5fa0 RCX: 00007f6b2db8efc9
[  105.151873][ T5625] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000300
[  105.151889][ T5625] RBP: 00007f6b2c5ef090 R08: 0000000000000000 R09: 0000000000000000
[  105.151903][ T5625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  105.151918][ T5625] R13: 00007f6b2dde6038 R14: 00007f6b2dde5fa0 R15: 00007ffe76d61ba8
[  105.151939][ T5625]  </TASK>
[  105.420392][ T5629] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  105.488702][ T5634] netlink: 4 bytes leftover after parsing attributes in process `syz.5.598'.
[  105.620384][ T5642] serio: Serial port ptm0
[  106.555870][ T5569] __nla_validate_parse: 3 callbacks suppressed
[  106.555917][ T5569] netlink: 24 bytes leftover after parsing attributes in process `syz.0.581'.
[  106.718448][ T5656] 
€Â: renamed from hsr0 (while UP)
[  106.841093][   T29] kauditd_printk_skb: 264 callbacks suppressed
[  106.841121][   T29] audit: type=1400 audit(1761165515.444:2116): avc:  denied  { name_bind } for  pid=5657 comm="syz.2.606" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  107.157110][   T29] audit: type=1326 audit(1761165515.754:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5663 comm="syz.5.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b2db8efc9 code=0x7ffc0000
[  107.180507][   T29] audit: type=1326 audit(1761165515.754:2118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5663 comm="syz.5.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b2db8efc9 code=0x7ffc0000
[  107.246920][   T29] audit: type=1326 audit(1761165515.764:2119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5663 comm="syz.5.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6b2db8efc9 code=0x7ffc0000
[  107.270210][   T29] audit: type=1326 audit(1761165515.764:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5663 comm="syz.5.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b2db8efc9 code=0x7ffc0000
[  107.293538][   T29] audit: type=1326 audit(1761165515.764:2121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5663 comm="syz.5.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b2db8efc9 code=0x7ffc0000
[  107.316903][   T29] audit: type=1326 audit(1761165515.824:2122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5663 comm="syz.5.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f6b2db8efc9 code=0x7ffc0000
[  107.337564][ T5667] vhci_hcd: invalid port number 96
[  107.340235][   T29] audit: type=1326 audit(1761165515.824:2123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5663 comm="syz.5.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b2db8efc9 code=0x7ffc0000
[  107.345324][ T5667] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  107.368614][   T29] audit: type=1326 audit(1761165515.824:2124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5663 comm="syz.5.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b2db8efc9 code=0x7ffc0000
[  107.399071][   T29] audit: type=1326 audit(1761165515.844:2125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5663 comm="syz.5.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f6b2db8efc9 code=0x7ffc0000
[  107.569591][ T5678] vhci_hcd: invalid port number 254
[  107.720634][ T5688] loop5: detected capacity change from 0 to 512
[  107.739839][ T5688] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.762695][ T5688] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  107.852356][ T4416] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.916517][ T5697] loop5: detected capacity change from 0 to 512
[  107.953332][ T5697] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.985299][ T5697] ext4 filesystem being mounted at /57/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.128861][ T4416] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.618748][ T5713] vhci_hcd: invalid port number 96
[  108.623908][ T5713] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  108.721148][ T5720] loop0: detected capacity change from 0 to 1024
[  108.728116][ T5720] EXT4-fs: Ignoring removed nobh option
[  108.737034][ T5720] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 not in group (block 21474836485)!
[  108.747993][ T5720] EXT4-fs (loop0): group descriptors corrupted!
[  108.893776][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.893988][ T5726] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  108.931911][ T5728] FAULT_INJECTION: forcing a failure.
[  108.931911][ T5728] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  108.945300][ T5728] CPU: 0 UID: 0 PID: 5728 Comm: syz.1.626 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  108.945405][ T5728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  108.945483][ T5728] Call Trace:
[  108.945490][ T5728]  <TASK>
[  108.945498][ T5726] loop0: detected capacity change from 0 to 1024
[  108.945500][ T5728]  __dump_stack+0x1d/0x30
[  108.945526][ T5728]  dump_stack_lvl+0xe8/0x140
[  108.945597][ T5728]  dump_stack+0x15/0x1b
[  108.945666][ T5728]  should_fail_ex+0x265/0x280
[  108.945723][ T5728]  should_fail+0xb/0x20
[  108.945746][ T5728]  should_fail_usercopy+0x1a/0x20
[  108.945775][ T5728]  _copy_to_user+0x20/0xa0
[  108.945811][ T5728]  simple_read_from_buffer+0xb5/0x130
[  108.945846][ T5728]  proc_fail_nth_read+0x10e/0x150
[  108.945900][ T5728]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  108.946006][ T5728]  vfs_read+0x1a8/0x770
[  108.946050][ T5728]  ? __rcu_read_unlock+0x4f/0x70
[  108.946085][ T5728]  ? __fget_files+0x184/0x1c0
[  108.946142][ T5728]  ksys_read+0xda/0x1a0
[  108.946193][ T5728]  __x64_sys_read+0x40/0x50
[  108.946225][ T5728]  x64_sys_call+0x27c0/0x3000
[  108.946321][ T5728]  do_syscall_64+0xd2/0x200
[  108.946345][ T5728]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  108.946382][ T5728]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  108.946502][ T5728]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.946531][ T5728] RIP: 0033:0x7fc3f254d9dc
[  108.946552][ T5728] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  108.946577][ T5728] RSP: 002b:00007fc3f0faf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  108.946602][ T5728] RAX: ffffffffffffffda RBX: 00007fc3f27a5fa0 RCX: 00007fc3f254d9dc
[  108.946679][ T5728] RDX: 000000000000000f RSI: 00007fc3f0faf0a0 RDI: 0000000000000005
[  108.946696][ T5728] RBP: 00007fc3f0faf090 R08: 0000000000000000 R09: 0000000000000000
[  108.946789][ T5728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  108.946806][ T5728] R13: 00007fc3f27a6038 R14: 00007fc3f27a5fa0 R15: 00007ffea91727a8
[  108.946831][ T5728]  </TASK>
[  109.002812][ T5730] netlink: 8 bytes leftover after parsing attributes in process `+}[@'.
[  109.037374][ T5726] EXT4-fs: Ignoring removed nobh option
[  109.166052][ T5726] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  109.178056][ T5726] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #11: comm syz.0.625: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  109.197059][ T5726] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.625: couldn't read orphan inode 11 (err -117)
[  109.221514][ T5726] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.245286][ T5726] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.625: Invalid block bitmap block 0 in block_group 0
[  109.259153][ T5726] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.625: Failed to acquire dquot type 0
[  109.275059][ T5736] loop1: detected capacity change from 0 to 128
[  109.275413][ T5738] FAULT_INJECTION: forcing a failure.
[  109.275413][ T5738] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  109.294727][ T5738] CPU: 1 UID: 0 PID: 5738 Comm: syz.5.629 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  109.294773][ T5738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  109.294795][ T5738] Call Trace:
[  109.294803][ T5738]  <TASK>
[  109.294812][ T5738]  __dump_stack+0x1d/0x30
[  109.294834][ T5738]  dump_stack_lvl+0xe8/0x140
[  109.294853][ T5738]  dump_stack+0x15/0x1b
[  109.294872][ T5738]  should_fail_ex+0x265/0x280
[  109.294922][ T5738]  should_fail+0xb/0x20
[  109.294941][ T5738]  should_fail_usercopy+0x1a/0x20
[  109.295041][ T5738]  _copy_from_user+0x1c/0xb0
[  109.295069][ T5738]  __copy_msghdr+0x244/0x300
[  109.295179][ T5738]  ___sys_sendmsg+0x109/0x1d0
[  109.295231][ T5738]  __sys_sendmmsg+0x178/0x300
[  109.295276][ T5738]  __x64_sys_sendmmsg+0x57/0x70
[  109.295350][ T5738]  x64_sys_call+0x1c4a/0x3000
[  109.295375][ T5738]  do_syscall_64+0xd2/0x200
[  109.295396][ T5738]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  109.295476][ T5738]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  109.295506][ T5738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.295609][ T5738] RIP: 0033:0x7f6b2db8efc9
[  109.295639][ T5738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  109.295658][ T5738] RSP: 002b:00007f6b2c5ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  109.295681][ T5738] RAX: ffffffffffffffda RBX: 00007f6b2dde5fa0 RCX: 00007f6b2db8efc9
[  109.295696][ T5738] RDX: 0000000000000002 RSI: 0000200000000900 RDI: 0000000000000006
[  109.295711][ T5738] RBP: 00007f6b2c5ef090 R08: 0000000000000000 R09: 0000000000000000
[  109.295725][ T5738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  109.295832][ T5738] R13: 00007f6b2dde6038 R14: 00007f6b2dde5fa0 R15: 00007ffe76d61ba8
[  109.295864][ T5738]  </TASK>
[  109.488896][ T5726] netlink: 92 bytes leftover after parsing attributes in process `syz.0.625'.
[  109.638904][ T5746] vhci_hcd: invalid port number 96
[  109.644054][ T5746] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  109.662400][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.677045][  T295] EXT4-fs error (device loop0): ext4_release_dquot:6981: comm kworker/u8:5: Failed to release dquot type 0
[  109.734239][ T5754] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  109.774339][ T5754] loop0: detected capacity change from 0 to 1024
[  109.787243][ T5754] EXT4-fs: Ignoring removed nobh option
[  109.820729][ T5759] binfmt_misc: register: failed to install interpreter file ./file0
[  109.830674][ T5754] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  109.856477][ T5754] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #11: comm syz.0.633: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  109.913694][ T5762] loop2: detected capacity change from 0 to 512
[  109.920297][ T5762] msdos: Unknown parameter 'cheQk'
[  109.925565][ T5754] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.633: couldn't read orphan inode 11 (err -117)
[  109.927123][ T5764] loop5: detected capacity change from 0 to 512
[  109.947167][ T5754] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.962568][ T5754] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.633: Invalid block bitmap block 0 in block_group 0
[  109.979290][ T5754] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.633: Failed to acquire dquot type 0
[  109.992238][ T5764] EXT4-fs (loop5): too many log groups per flexible block group
[  110.024357][ T5766] syzkaller1: entered promiscuous mode
[  110.030297][ T5766] syzkaller1: entered allmulticast mode
[  110.036721][ T5764] EXT4-fs (loop5): failed to initialize mballoc (-12)
[  110.043552][ T5764] EXT4-fs (loop5): mount failed
[  110.069069][ T5754] usb usb7: usbfs: process 5754 (syz.0.633) did not claim interface 0 before use
[  110.161009][ T5770] FAULT_INJECTION: forcing a failure.
[  110.161009][ T5770] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  110.174170][ T5770] CPU: 0 UID: 0 PID: 5770 Comm: syz.5.640 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  110.174251][ T5770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  110.174267][ T5770] Call Trace:
[  110.174275][ T5770]  <TASK>
[  110.174285][ T5770]  __dump_stack+0x1d/0x30
[  110.174310][ T5770]  dump_stack_lvl+0xe8/0x140
[  110.174330][ T5770]  dump_stack+0x15/0x1b
[  110.174352][ T5770]  should_fail_ex+0x265/0x280
[  110.174397][ T5770]  should_fail+0xb/0x20
[  110.174412][ T5770]  should_fail_usercopy+0x1a/0x20
[  110.174432][ T5770]  strncpy_from_user+0x25/0x230
[  110.174461][ T5770]  ? kmem_cache_alloc_noprof+0x242/0x480
[  110.174550][ T5770]  ? getname_flags+0x80/0x3b0
[  110.174589][ T5770]  getname_flags+0xae/0x3b0
[  110.174688][ T5770]  __x64_sys_mkdirat+0x40/0x60
[  110.174715][ T5770]  x64_sys_call+0x2b7/0x3000
[  110.174742][ T5770]  do_syscall_64+0xd2/0x200
[  110.174763][ T5770]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  110.174851][ T5770]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  110.174903][ T5770]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.174930][ T5770] RIP: 0033:0x7f6b2db8efc9
[  110.174948][ T5770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.174970][ T5770] RSP: 002b:00007f6b2c5ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  110.174993][ T5770] RAX: ffffffffffffffda RBX: 00007f6b2dde5fa0 RCX: 00007f6b2db8efc9
[  110.175008][ T5770] RDX: 0000000000000000 RSI: 0000200000002040 RDI: ffffffffffffff9c
[  110.175051][ T5770] RBP: 00007f6b2c5ef090 R08: 0000000000000000 R09: 0000000000000000
[  110.175067][ T5770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  110.175113][ T5770] R13: 00007f6b2dde6038 R14: 00007f6b2dde5fa0 R15: 00007ffe76d61ba8
[  110.175139][ T5770]  </TASK>
[  110.423054][ T5773] netlink: 4 bytes leftover after parsing attributes in process `syz.2.641'.
[  110.445969][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.455136][ T5773] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=5773 comm=syz.2.641
[  110.481464][ T5781] loop1: detected capacity change from 0 to 128
[  110.485273][  T389] EXT4-fs error (device loop0): ext4_release_dquot:6981: comm kworker/u8:6: Failed to release dquot type 0
[  110.509490][ T5781] syz.1.646: attempt to access beyond end of device
[  110.509490][ T5781] loop1: rw=2049, sector=154, nr_sectors = 6 limit=128
[  110.525420][ T5773] loop2: detected capacity change from 0 to 2048
[  110.532550][ T5781] syz.1.646: attempt to access beyond end of device
[  110.532550][ T5781] loop1: rw=2049, sector=158, nr_sectors = 2 limit=128
[  110.545999][ T5781] Buffer I/O error on dev loop1, logical block 79, lost async page write
[  110.555567][ T5781] syz.1.646: attempt to access beyond end of device
[  110.555567][ T5781] loop1: rw=2049, sector=160, nr_sectors = 2 limit=128
[  110.569090][ T5781] Buffer I/O error on dev loop1, logical block 80, lost async page write
[  110.578553][ T5781] syz.1.646: attempt to access beyond end of device
[  110.578553][ T5781] loop1: rw=2049, sector=162, nr_sectors = 6 limit=128
[  110.593536][ T5781] syz.1.646: attempt to access beyond end of device
[  110.593536][ T5781] loop1: rw=2049, sector=166, nr_sectors = 2 limit=128
[  110.606945][ T5781] Buffer I/O error on dev loop1, logical block 83, lost async page write
[  110.619410][ T5787] netlink: 'syz.5.648': attribute type 16 has an invalid length.
[  110.627261][ T5781] syz.1.646: attempt to access beyond end of device
[  110.627261][ T5781] loop1: rw=2049, sector=168, nr_sectors = 2 limit=128
[  110.640683][ T5781] Buffer I/O error on dev loop1, logical block 84, lost async page write
[  110.658409][ T5773] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  110.679804][ T5781] syz.1.646: attempt to access beyond end of device
[  110.679804][ T5781] loop1: rw=2049, sector=186, nr_sectors = 6 limit=128
[  110.693828][ T5789] vhci_hcd: invalid port number 96
[  110.699014][ T5789] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  110.733824][ T5773] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1794 sclass=netlink_route_socket pid=5773 comm=+}[@
[  110.748327][ T5792] binfmt_misc: register: failed to install interpreter file ./file0
[  110.759395][ T5781] syz.1.646: attempt to access beyond end of device
[  110.759395][ T5781] loop1: rw=2049, sector=190, nr_sectors = 2 limit=128
[  110.772754][ T5781] Buffer I/O error on dev loop1, logical block 95, lost async page write
[  110.781561][ T5781] syz.1.646: attempt to access beyond end of device
[  110.781561][ T5781] loop1: rw=2049, sector=192, nr_sectors = 2 limit=128
[  110.794966][ T5781] Buffer I/O error on dev loop1, logical block 96, lost async page write
[  110.803971][ T5787] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  110.803980][ T5781] syz.1.646: attempt to access beyond end of device
[  110.803980][ T5781] loop1: rw=2049, sector=194, nr_sectors = 6 limit=128
[  110.804320][ T5781] Buffer I/O error on dev loop1, logical block 99, lost async page write
[  110.841727][ T5781] Buffer I/O error on dev loop1, logical block 100, lost async page write
[  110.857415][ T5781] Buffer I/O error on dev loop1, logical block 111, lost async page write
[  110.867564][ T5781] Buffer I/O error on dev loop1, logical block 112, lost async page write
[  110.897367][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[  110.959692][ T5810] netlink: 'syz.2.657': attribute type 16 has an invalid length.
[  110.977795][ T5811] loop0: detected capacity change from 0 to 512
[  111.001551][ T5810] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  111.018880][ T5811] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
[  111.285833][ T5813] loop1: detected capacity change from 0 to 128
[  111.435173][ T5825] binfmt_misc: register: failed to install interpreter file ./file0
[  111.590298][ T5828] lo speed is unknown, defaulting to 1000
[  111.596130][ T5828] lo speed is unknown, defaulting to 1000
[  111.602566][ T5828] lo speed is unknown, defaulting to 1000
[  111.618569][ T5828] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  111.637147][ T5828] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  111.654700][ T5827] netlink: 4 bytes leftover after parsing attributes in process `syz.1.662'.
[  111.717691][ T5828] lo speed is unknown, defaulting to 1000
[  111.723753][ T5828] lo speed is unknown, defaulting to 1000
[  111.746022][ T5828] lo speed is unknown, defaulting to 1000
[  111.762426][ T5828] lo speed is unknown, defaulting to 1000
[  111.789156][ T5828] lo speed is unknown, defaulting to 1000
[  111.809333][ T5831] netlink: 8 bytes leftover after parsing attributes in process `syz.5.663'.
[  111.948673][ T5836] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  112.004180][ T5837] loop1: detected capacity change from 0 to 1024
[  112.021168][ T5837] EXT4-fs: Ignoring removed nobh option
[  112.036660][ T5837] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  112.057554][ T5837] EXT4-fs error (device loop1): ext4_ext_check_inode:523: inode #11: comm syz.1.664: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  112.137101][ T5837] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.664: couldn't read orphan inode 11 (err -117)
[  112.207502][ T5837] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.245964][ T5841] loop2: detected capacity change from 0 to 512
[  112.252882][ T5841] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[  112.272234][ T5836] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.664: Invalid block bitmap block 0 in block_group 0
[  112.299237][ T5836] __quota_error: 206 callbacks suppressed
[  112.299252][ T5836] Quota error (device loop1): write_blk: dquota write failed
[  112.312581][ T5836] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  112.342270][ T5836] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.664: Failed to acquire dquot type 0
[  112.374901][   T29] audit: type=1326 audit(1761165520.974:2326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5835 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[  112.415292][ T5846] netlink: 16 bytes leftover after parsing attributes in process `syz.2.667'.
[  112.424282][ T5846] netlink: 24 bytes leftover after parsing attributes in process `syz.2.667'.
[  112.435009][   T29] audit: type=1326 audit(1761165521.004:2327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5835 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[  112.449613][ T5846] loop2: detected capacity change from 0 to 164
[  112.458347][   T29] audit: type=1326 audit(1761165521.014:2328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5835 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[  112.487985][   T29] audit: type=1326 audit(1761165521.014:2329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5835 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[  112.511676][   T29] audit: type=1326 audit(1761165521.014:2330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5835 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[  112.535058][   T29] audit: type=1326 audit(1761165521.014:2331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5835 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[  112.558380][   T29] audit: type=1326 audit(1761165521.014:2332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5835 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[  112.581686][   T29] audit: type=1326 audit(1761165521.014:2333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5835 comm="syz.1.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[  112.662959][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.677269][  T389] EXT4-fs error (device loop1): ext4_release_dquot:6981: comm kworker/u8:6: Failed to release dquot type 0
[  112.698336][ T5848] loop2: detected capacity change from 0 to 164
[  112.820210][ T5859] binfmt_misc: register: failed to install interpreter file ./file0
[  112.842564][ T5861] vcan0: tx drop: invalid da for name 0xfffffffffffffffd
[  112.867910][ T5867] loop3: detected capacity change from 0 to 512
[  112.988730][ T5867] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.007356][ T5873] netlink: 12 bytes leftover after parsing attributes in process `syz.5.677'.
[  113.041487][ T5867] ext4 filesystem being mounted at /122/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  113.092463][    C0] vcan0: j1939_tp_rxtimer: 0xffff88811c4b4400: rx timeout, send abort
[  113.112785][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.138613][ T5881] loop3: detected capacity change from 0 to 512
[  113.157877][ T5882] netlink: 4 bytes leftover after parsing attributes in process `syz.5.680'.
[  113.178313][ T5881] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.217117][ T5881] ext4 filesystem being mounted at /123/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  113.256485][ T5887] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  113.256485][ T5887] The task syz.5.680 (5887) triggered the difference, watch for misbehavior.
[  113.277674][ T5887] netlink: 4 bytes leftover after parsing attributes in process `syz.5.680'.
[  113.421989][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.592457][    C0] vcan0: j1939_tp_rxtimer: 0xffff88811c4b4600: rx timeout, send abort
[  113.600758][    C0] vcan0: j1939_tp_rxtimer: 0xffff88811c4b4400: abort rx timeout. Force session deactivation
[  113.685933][ T5893] loop0: detected capacity change from 0 to 512
[  113.723205][ T5893] EXT4-fs error (device loop0): __ext4_fill_super:5512: inode #2: comm syz.0.682: invalid fast symlink length 39
[  113.737139][ T5893] EXT4-fs (loop0): get root inode failed
[  113.742813][ T5893] EXT4-fs (loop0): mount failed
[  113.822024][ T5900] loop1: detected capacity change from 0 to 1032
[  113.828991][ T5900] EXT4-fs: inline encryption not supported
[  113.846260][ T5900] EXT4-fs warning (device loop1): read_mmp_block:115: Error -117 while reading MMP block 64
[  113.913858][ T5912] loop1: detected capacity change from 0 to 512
[  113.945531][ T5912] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.958290][ T5912] ext4 filesystem being mounted at /120/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  114.017909][ T5926] loop5: detected capacity change from 0 to 512
[  114.035480][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.050290][ T5926] ------------[ cut here ]------------
[  114.055895][ T5926] EA inode 11 i_nlink=2
[  114.056296][ T5926] WARNING: CPU: 1 PID: 5926 at fs/ext4/xattr.c:1058 ext4_xattr_inode_update_ref+0x36a/0x380
[  114.070671][ T5926] Modules linked in:
[  114.074568][ T5926] CPU: 1 UID: 0 PID: 5926 Comm: ÐH­t4÷þÿÿÿ¯vX¿ê Not tainted syzkaller #0 PREEMPT(voluntary) 
[  114.084869][ T5926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  114.094998][ T5926] RIP: 0010:ext4_xattr_inode_update_ref+0x36a/0x380
[  114.100691][    C0] vcan0: j1939_tp_rxtimer: 0xffff88811c4b4600: abort rx timeout. Force session deactivation
[  114.101691][ T5926] Code: 90 49 8d 7e 40 e8 c6 fe b8 ff 4d 8b 6e 40 4c 89 e7 e8 da f9 b8 ff 41 8b 56 48 48 c7 c7 4f c6 55 86 4c 89 ee e8 17 fd 67 ff 90 <0f> 0b 90 90 e9 ff fe ff ff e8 98 ca b5 03 0f 1f 84 00 00 00 00 00
[  114.131523][ T5926] RSP: 0018:ffffc9000e3a35a0 EFLAGS: 00010246
[  114.137659][ T5926] RAX: e12973f007ddcf00 RBX: ffff88810060ba20 RCX: ffff888119a3b180
[  114.145665][ T5926] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[  114.153806][ T5926] RBP: 0000000000000002 R08: 0001c9000e3a3427 R09: 0000000000000000
[  114.161864][ T5926] R10: 00000000ffffffff R11: 0000000000000000 R12: ffff88810060b9d0
[  114.169999][ T5926] R13: 000000000000000b R14: ffff88810060b988 R15: 0000000000000001
[  114.178070][ T5926] FS:  00007f6b2c5ef6c0(0000) GS:ffff8882aef13000(0000) knlGS:0000000000000000
[  114.187039][ T5926] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  114.193636][ T5926] CR2: 0000000000000000 CR3: 0000000124002000 CR4: 00000000003506f0
[  114.199262][ T5923] 
€Â: renamed from hsr0 (while UP)
[  114.201643][ T5926] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  114.214911][ T5926] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  114.222979][ T5926] Call Trace:
[  114.226300][ T5926]  <TASK>
[  114.229305][ T5926]  ext4_xattr_set_entry+0x77f/0x1020
[  114.234627][ T5926]  ext4_xattr_ibody_set+0x184/0x3c0
[  114.239879][ T5926]  ext4_expand_extra_isize_ea+0xcbb/0x11f0
[  114.245759][ T5926]  __ext4_expand_extra_isize+0x246/0x280
[  114.251556][ T5926]  __ext4_mark_inode_dirty+0x29d/0x3f0
[  114.257203][ T5926]  ext4_evict_inode+0x80e/0xd90
[  114.262506][ T5926]  ? __pfx_ext4_evict_inode+0x10/0x10
[  114.267997][ T5926]  evict+0x2e3/0x550
[  114.272244][ T5926]  ? __dquot_initialize+0x146/0x7c0
[  114.278775][ T5926]  iput+0x4ed/0x650
[  114.283093][ T5926]  ext4_process_orphan+0x1a9/0x1c0
[  114.288256][ T5926]  ext4_orphan_cleanup+0x6a8/0xa00
[  114.293810][ T5926]  ext4_fill_super+0x3483/0x3810
[  114.298838][ T5926]  ? snprintf+0x86/0xb0
[  114.303015][ T5926]  ? set_blocksize+0x1a8/0x310
[  114.308469][ T5926]  ? sb_set_blocksize+0xe3/0x100
[  114.313532][ T5926]  ? setup_bdev_super+0x30e/0x370
[  114.318635][ T5926]  ? __pfx_ext4_fill_super+0x10/0x10
[  114.323981][ T5926]  get_tree_bdev_flags+0x291/0x300
[  114.329187][ T5926]  ? __pfx_ext4_fill_super+0x10/0x10
[  114.334534][ T5926]  get_tree_bdev+0x1f/0x30
[  114.339005][ T5926]  ext4_get_tree+0x1c/0x30
[  114.343573][ T5926]  vfs_get_tree+0x57/0x1d0
[  114.348087][ T5926]  do_new_mount+0x24d/0x660
[  114.352629][ T5926]  path_mount+0x4a5/0xb70
[  114.357007][ T5926]  ? user_path_at+0x109/0x130
[  114.361737][ T5926]  __se_sys_mount+0x28c/0x2e0
[  114.366504][ T5926]  __x64_sys_mount+0x67/0x80
[  114.371155][ T5926]  x64_sys_call+0x2b51/0x3000
[  114.375867][ T5926]  do_syscall_64+0xd2/0x200
[  114.380462][ T5926]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  114.386591][ T5926]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  114.392506][ T5926]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.398479][ T5926] RIP: 0033:0x7f6b2db9076a
[  114.403000][ T5926] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.422842][ T5926] RSP: 002b:00007f6b2c5eee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  114.431382][ T5926] RAX: ffffffffffffffda RBX: 00007f6b2c5eeef0 RCX: 00007f6b2db9076a
[  114.439409][ T5926] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f6b2c5eeeb0
[  114.447448][ T5926] RBP: 0000200000000180 R08: 00007f6b2c5eeef0 R09: 0000000000800700
[  114.455417][ T5926] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0
[  114.463433][ T5926] R13: 00007f6b2c5eeeb0 R14: 000000000000046f R15: 000000000000002c
[  114.471426][ T5926]  </TASK>
[  114.474437][ T5926] ---[ end trace 0000000000000000 ]---
[  114.480742][ T5926] EXT4-fs error (device loop5): ext4_xattr_inode_iget:441: inode #18: comm ÐH­t4÷þÿÿÿ¯vX¿ê: iget: bad extra_isize 90 (inode size 256)
[  114.495001][ T5926] EXT4-fs (loop5): Remounting filesystem read-only
[  114.502503][ T5926] EXT4-fs warning (device loop5): ext4_evict_inode:274: xattr delete (err -30)
[  114.511576][ T5926] EXT4-fs (loop5): 1 orphan inode deleted
[  114.518155][ T5926] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  114.533473][ T5926] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.587607][ T5944] netlink: 'syz.2.698': attribute type 10 has an invalid length.
[  114.600354][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.608067][ T5944] team0: Port device bond0 added
[  114.618755][ T5947] binfmt_misc: register: failed to install interpreter file ./file0
[  114.653232][ T5953] netlink: 4 bytes leftover after parsing attributes in process `syz.5.702'.
[  114.663616][ T5952] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[  114.693477][ T5952] team1: entered promiscuous mode
[  114.698659][ T5952] team1: entered allmulticast mode
[  114.704480][ T5952] 8021q: adding VLAN 0 to HW filter on device team1
[  114.719077][ T5953] team2: entered promiscuous mode
[  114.724109][ T5953] team2: entered allmulticast mode
[  114.729393][ T5953] 8021q: adding VLAN 0 to HW filter on device team2
[  114.823131][ T5980] binfmt_misc: register: failed to install interpreter file ./file0
[  114.900965][ T5992] FAULT_INJECTION: forcing a failure.
[  114.900965][ T5992] name failslab, interval 1, probability 0, space 0, times 0
[  114.913715][ T5992] CPU: 1 UID: 0 PID: 5992 Comm: syz.3.716 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  114.913745][ T5992] Tainted: [W]=WARN
[  114.913753][ T5992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  114.913766][ T5992] Call Trace:
[  114.913774][ T5992]  <TASK>
[  114.913783][ T5992]  __dump_stack+0x1d/0x30
[  114.913846][ T5992]  dump_stack_lvl+0xe8/0x140
[  114.913870][ T5992]  dump_stack+0x15/0x1b
[  114.913891][ T5992]  should_fail_ex+0x265/0x280
[  114.913929][ T5992]  should_failslab+0x8c/0xb0
[  114.913996][ T5992]  __kmalloc_cache_node_noprof+0x54/0x4a0
[  114.914049][ T5992]  ? __get_vm_area_node+0x106/0x1d0
[  114.914085][ T5992]  __get_vm_area_node+0x106/0x1d0
[  114.914120][ T5992]  __vmalloc_node_range_noprof+0x28c/0xed0
[  114.914235][ T5992]  ? copy_process+0x399/0x2000
[  114.914265][ T5992]  ? obj_cgroup_charge_account+0xba/0x1a0
[  114.914392][ T5992]  __vmalloc_node_noprof+0x89/0xc0
[  114.914425][ T5992]  ? copy_process+0x399/0x2000
[  114.914490][ T5992]  ? copy_process+0x399/0x2000
[  114.914553][ T5992]  dup_task_struct+0x433/0x6b0
[  114.914575][ T5992]  ? _parse_integer+0x27/0x40
[  114.914641][ T5992]  copy_process+0x399/0x2000
[  114.914661][ T5992]  ? kstrtouint+0x76/0xc0
[  114.914685][ T5992]  ? kstrtouint_from_user+0x9f/0xf0
[  114.914699][ T5992]  ? __rcu_read_unlock+0x4f/0x70
[  114.914766][ T5992]  kernel_clone+0x16c/0x5c0
[  114.914801][ T5992]  ? vfs_write+0x7e8/0x960
[  114.914878][ T5992]  __x64_sys_clone+0xe6/0x120
[  114.914908][ T5992]  x64_sys_call+0x119c/0x3000
[  114.914992][ T5992]  do_syscall_64+0xd2/0x200
[  114.915007][ T5992]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  114.915075][ T5992]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  114.915105][ T5992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.915134][ T5992] RIP: 0033:0x7f9c0c57efc9
[  114.915207][ T5992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.915221][ T5992] RSP: 002b:00007f9c0afdefe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  114.915246][ T5992] RAX: ffffffffffffffda RBX: 00007f9c0c7d5fa0 RCX: 00007f9c0c57efc9
[  114.915256][ T5992] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
[  114.915266][ T5992] RBP: 00007f9c0afdf090 R08: 0000000000000000 R09: 0000000000000000
[  114.915275][ T5992] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  114.915327][ T5992] R13: 00007f9c0c7d6038 R14: 00007f9c0c7d5fa0 R15: 00007fffc0dd0db8
[  114.915342][ T5992]  </TASK>
[  114.915349][ T5992] syz.3.716: vmalloc error: size 16384, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[  115.055867][ T5989] tc_dump_action: action bad kind
[  115.058922][ T5992] ,cpuset=/,mems_allowed=0
[  115.178584][ T5992] CPU: 1 UID: 0 PID: 5992 Comm: syz.3.716 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  115.178646][ T5992] Tainted: [W]=WARN
[  115.178653][ T5992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  115.178697][ T5992] Call Trace:
[  115.178706][ T5992]  <TASK>
[  115.178716][ T5992]  __dump_stack+0x1d/0x30
[  115.178747][ T5992]  dump_stack_lvl+0xe8/0x140
[  115.178773][ T5992]  dump_stack+0x15/0x1b
[  115.178830][ T5992]  warn_alloc+0x12b/0x1a0
[  115.178875][ T5992]  __vmalloc_node_range_noprof+0x2b1/0xed0
[  115.178986][ T5992]  ? obj_cgroup_charge_account+0xba/0x1a0
[  115.179021][ T5992]  __vmalloc_node_noprof+0x89/0xc0
[  115.179060][ T5992]  ? copy_process+0x399/0x2000
[  115.179093][ T5992]  ? copy_process+0x399/0x2000
[  115.179153][ T5992]  dup_task_struct+0x433/0x6b0
[  115.179187][ T5992]  ? _parse_integer+0x27/0x40
[  115.179248][ T5992]  copy_process+0x399/0x2000
[  115.179289][ T5992]  ? kstrtouint+0x76/0xc0
[  115.179391][ T5992]  ? kstrtouint_from_user+0x9f/0xf0
[  115.179417][ T5992]  ? __rcu_read_unlock+0x4f/0x70
[  115.179454][ T5992]  kernel_clone+0x16c/0x5c0
[  115.179559][ T5992]  ? vfs_write+0x7e8/0x960
[  115.179594][ T5992]  __x64_sys_clone+0xe6/0x120
[  115.179642][ T5992]  x64_sys_call+0x119c/0x3000
[  115.179752][ T5992]  do_syscall_64+0xd2/0x200
[  115.179777][ T5992]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  115.179840][ T5992]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  115.179877][ T5992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.179981][ T5992] RIP: 0033:0x7f9c0c57efc9
[  115.180000][ T5992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.180022][ T5992] RSP: 002b:00007f9c0afdefe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  115.180044][ T5992] RAX: ffffffffffffffda RBX: 00007f9c0c7d5fa0 RCX: 00007f9c0c57efc9
[  115.180060][ T5992] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
[  115.180076][ T5992] RBP: 00007f9c0afdf090 R08: 0000000000000000 R09: 0000000000000000
[  115.180091][ T5992] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  115.180166][ T5992] R13: 00007f9c0c7d6038 R14: 00007f9c0c7d5fa0 R15: 00007fffc0dd0db8
[  115.180190][ T5992]  </TASK>
[  115.180215][ T5992] Mem-Info:
[  115.406394][ T5992] active_anon:12052 inactive_anon:13 isolated_anon:0
[  115.406394][ T5992]  active_file:10815 inactive_file:5550 isolated_file:0
[  115.406394][ T5992]  unevictable:0 dirty:72 writeback:0
[  115.406394][ T5992]  slab_reclaimable:3386 slab_unreclaimable:16197
[  115.406394][ T5992]  mapped:31181 shmem:1385 pagetables:1311
[  115.406394][ T5992]  sec_pagetables:0 bounce:0
[  115.406394][ T5992]  kernel_misc_reclaimable:0
[  115.406394][ T5992]  free:1872480 free_pcp:19278 free_cma:0
[  115.414424][ T5997] FAULT_INJECTION: forcing a failure.
[  115.414424][ T5997] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  115.451617][ T5992] Node 0 active_anon:48324kB inactive_anon:52kB active_file:43260kB inactive_file:22200kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:126812kB dirty:288kB writeback:0kB shmem:5540kB kernel_stack:3824kB pagetables:5244kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  115.464694][ T5997] CPU: 0 UID: 0 PID: 5997 Comm: syz.2.717 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  115.464803][ T5997] Tainted: [W]=WARN
[  115.464811][ T5997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  115.464827][ T5997] Call Trace:
[  115.464837][ T5997]  <TASK>
[  115.464846][ T5997]  __dump_stack+0x1d/0x30
[  115.464907][ T5997]  dump_stack_lvl+0xe8/0x140
[  115.464932][ T5997]  dump_stack+0x15/0x1b
[  115.464988][ T5997]  should_fail_ex+0x265/0x280
[  115.465030][ T5997]  should_fail+0xb/0x20
[  115.465051][ T5997]  should_fail_usercopy+0x1a/0x20
[  115.465077][ T5997]  _copy_from_user+0x1c/0xb0
[  115.465108][ T5997]  restore_altstack+0x4b/0x2d0
[  115.465177][ T5997]  ? __set_task_blocked+0x23a/0x2a0
[  115.465211][ T5997]  __ia32_sys_rt_sigreturn+0xdc/0x350
[  115.465242][ T5997]  ? _raw_spin_unlock_irq+0x26/0x50
[  115.465337][ T5997]  ? signal_setup_done+0x266/0x290
[  115.465365][ T5997]  ? xfd_validate_state+0x45/0xf0
[  115.465390][ T5997]  ? fpu__clear_user_states+0x63/0x1e0
[  115.465429][ T5997]  ? fpregs_mark_activate+0x66/0x140
[  115.465514][ T5997]  ? fpu__clear_user_states+0x63/0x1e0
[  115.465556][ T5997]  ? arch_do_signal_or_restart+0x2b5/0x440
[  115.465624][ T5997]  x64_sys_call+0x2d4b/0x3000
[  115.465647][ T5997]  do_syscall_64+0xd2/0x200
[  115.465670][ T5997]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  115.465710][ T5997]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  115.465775][ T5997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.465803][ T5997] RIP: 0033:0x7f9da7beb099
[  115.465928][ T5997] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  115.465952][ T5997] RSP: 002b:00007f9da66b6a80 EFLAGS: 00000246 ORIG_RAX: 000000000000000f
[  115.465997][ T5997] RAX: ffffffffffffffda RBX: 00007f9da7ea5fa0 RCX: 00007f9da7beb099
[  115.466013][ T5997] RDX: 00007f9da66b6a80 RSI: 00007f9da66b6bb0 RDI: 0000000000000011
[  115.466029][ T5997] RBP: 00007f9da66b7090 R08: 0000000000000000 R09: 0000000000000000
[  115.466046][ T5997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  115.466063][ T5997] R13: 00007f9da7ea6038 R14: 00007f9da7ea5fa0 R15: 00007ffea2595328
[  115.466087][ T5997]  </TASK>
[  115.712328][ T5992] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  115.741998][ T5992] lowmem_reserve[]: 0 2881 7859 7859
[  115.747453][ T5992] Node 0 DMA32 free:2946640kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2950272kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:3528kB free_cma:0kB
[  115.778887][ T5992] lowmem_reserve[]: 0 0 4978 4978
[  115.783952][ T5992] Node 0 Normal free:4526200kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44284kB inactive_anon:52kB active_file:43260kB inactive_file:22200kB unevictable:0kB writepending:896kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:78248kB local_pcp:11020kB free_cma:0kB
[  115.817369][ T5992] lowmem_reserve[]: 0 0 0 0
[  115.822147][ T5992] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  115.835061][ T5992] Node 0 DMA32: 2*4kB (M) 1*8kB (M) 4*16kB (M) 2*32kB (M) 3*64kB (M) 2*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2946640kB
[  115.851147][ T5992] Node 0 Normal: 1073*4kB (UME) 140*8kB (UM) 251*16kB (UM) 745*32kB (UM) 405*64kB (UM) 190*128kB (UM) 73*256kB (UM) 48*512kB (UME) 16*1024kB (UME) 12*2048kB (U) 1064*4096kB (UME) = 4525876kB
[  115.870338][ T5992] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  115.879662][ T5992] 16718 total pagecache pages
[  115.884348][ T5992] 2 pages in swap cache
[  115.888647][ T5992] Free swap  = 124988kB
[  115.892803][ T5992] Total swap = 124996kB
[  115.896994][ T5992] 2097051 pages RAM
[  115.900787][ T5992] 0 pages HighMem/MovableOnly
[  115.905446][ T5992] 81083 pages reserved
[  115.983514][ T6023] netlink: 15358 bytes leftover after parsing attributes in process `syz.3.726'.
[  115.989746][ T6020] binfmt_misc: register: failed to install interpreter file ./file0
[  116.009369][ T6001] lo speed is unknown, defaulting to 1000
[  116.089694][ T6041] lo speed is unknown, defaulting to 1000
[  116.186349][ T6058] 
€Â: renamed from hsr0
[  116.189123][ T6060] netlink: 'syz.3.741': attribute type 21 has an invalid length.
[  116.204380][ T6060] netlink: 'syz.3.741': attribute type 3 has an invalid length.
[  116.235575][ T6068] xt_hashlimit: max too large, truncated to 1048576
[  116.243049][ T6068] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  116.361622][ T6081] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6081 comm=syz.0.748
[  116.462337][ T6087] netlink: 'syz.0.749': attribute type 10 has an invalid length.
[  116.470358][ T6087] bond0: (slave 
€Â): The slave device specified does not support setting the MAC address
[  116.480821][ T6087] 
€Â: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  116.493176][ T6087] bond0: (slave 
€Â): Error -22 calling dev_set_mtu
[  116.504852][ T6087] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  116.514441][ T6087] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  116.524146][ T6087] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  116.532717][ T6087] bond0 (unregistering): Released all slaves
[  116.663250][ T6108] __nla_validate_parse: 1 callbacks suppressed
[  116.663266][ T6108] netlink: 12 bytes leftover after parsing attributes in process `syz.0.757'.
[  116.683352][ T6108] vlan0: entered allmulticast mode
[  116.770329][ T6114] FAULT_INJECTION: forcing a failure.
[  116.770329][ T6114] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  116.783594][ T6114] CPU: 1 UID: 0 PID: 6114 Comm: syz.0.760 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  116.783628][ T6114] Tainted: [W]=WARN
[  116.783635][ T6114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  116.783649][ T6114] Call Trace:
[  116.783725][ T6114]  <TASK>
[  116.783732][ T6114]  __dump_stack+0x1d/0x30
[  116.783774][ T6114]  dump_stack_lvl+0xe8/0x140
[  116.783799][ T6114]  dump_stack+0x15/0x1b
[  116.783820][ T6114]  should_fail_ex+0x265/0x280
[  116.783914][ T6114]  should_fail+0xb/0x20
[  116.783933][ T6114]  should_fail_usercopy+0x1a/0x20
[  116.783957][ T6114]  _copy_to_user+0x20/0xa0
[  116.783986][ T6114]  simple_read_from_buffer+0xb5/0x130
[  116.784015][ T6114]  proc_fail_nth_read+0x10e/0x150
[  116.784162][ T6114]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  116.784190][ T6114]  vfs_read+0x1a8/0x770
[  116.784229][ T6114]  ? __rcu_read_unlock+0x4f/0x70
[  116.784318][ T6114]  ? __fget_files+0x184/0x1c0
[  116.784345][ T6114]  ksys_read+0xda/0x1a0
[  116.784370][ T6114]  __x64_sys_read+0x40/0x50
[  116.784483][ T6114]  x64_sys_call+0x27c0/0x3000
[  116.784512][ T6114]  do_syscall_64+0xd2/0x200
[  116.784605][ T6114]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  116.784663][ T6114]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  116.784706][ T6114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.784725][ T6114] RIP: 0033:0x7f9b2c3fd9dc
[  116.784738][ T6114] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  116.784795][ T6114] RSP: 002b:00007f9b2ae67030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  116.784813][ T6114] RAX: ffffffffffffffda RBX: 00007f9b2c655fa0 RCX: 00007f9b2c3fd9dc
[  116.784827][ T6114] RDX: 000000000000000f RSI: 00007f9b2ae670a0 RDI: 0000000000000003
[  116.784840][ T6114] RBP: 00007f9b2ae67090 R08: 0000000000000000 R09: 0000000000000000
[  116.784888][ T6114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  116.784899][ T6114] R13: 00007f9b2c656038 R14: 00007f9b2c655fa0 R15: 00007ffe0d438d58
[  116.784916][ T6114]  </TASK>
[  117.187758][ T6149] xt_socket: unknown flags 0x40
[  117.308904][   T29] kauditd_printk_skb: 1013 callbacks suppressed
[  117.308995][   T29] audit: type=1400 audit(1761165525.914:3342): avc:  denied  { map_create } for  pid=6129 comm="syz.1.765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  117.334597][   T29] audit: type=1400 audit(1761165525.914:3343): avc:  denied  { prog_load } for  pid=6129 comm="syz.1.765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  117.353633][   T29] audit: type=1400 audit(1761165525.914:3344): avc:  denied  { prog_load } for  pid=6129 comm="syz.1.765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  117.372661][   T29] audit: type=1326 audit(1761165525.914:3345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[  117.396076][   T29] audit: type=1326 audit(1761165525.914:3346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[  117.419394][   T29] audit: type=1326 audit(1761165525.914:3347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[  117.442749][   T29] audit: type=1400 audit(1761165525.914:3348): avc:  denied  { prog_load } for  pid=6129 comm="syz.1.765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  117.461738][   T29] audit: type=1326 audit(1761165525.914:3349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[  117.485156][   T29] audit: type=1326 audit(1761165525.914:3350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[  117.508497][   T29] audit: type=1326 audit(1761165525.914:3351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f254efc9 code=0x7ffc0000
[  117.690169][ T6165] netlink: 12 bytes leftover after parsing attributes in process `syz.3.778'.
[  117.699646][ T6165] FAULT_INJECTION: forcing a failure.
[  117.699646][ T6165] name failslab, interval 1, probability 0, space 0, times 0
[  117.712469][ T6165] CPU: 0 UID: 0 PID: 6165 Comm: syz.3.778 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  117.712494][ T6165] Tainted: [W]=WARN
[  117.712500][ T6165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  117.712527][ T6165] Call Trace:
[  117.712555][ T6165]  <TASK>
[  117.712562][ T6165]  __dump_stack+0x1d/0x30
[  117.712593][ T6165]  dump_stack_lvl+0xe8/0x140
[  117.712609][ T6165]  dump_stack+0x15/0x1b
[  117.712623][ T6165]  should_fail_ex+0x265/0x280
[  117.712655][ T6165]  should_failslab+0x8c/0xb0
[  117.712678][ T6165]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  117.712703][ T6165]  ? __alloc_skb+0x101/0x320
[  117.712773][ T6165]  __alloc_skb+0x101/0x320
[  117.712797][ T6165]  netlink_alloc_large_skb+0xbf/0xf0
[  117.712839][ T6165]  netlink_sendmsg+0x3cf/0x6b0
[  117.712985][ T6165]  ? __pfx_netlink_sendmsg+0x10/0x10
[  117.713012][ T6165]  __sock_sendmsg+0x145/0x180
[  117.713032][ T6165]  ____sys_sendmsg+0x31e/0x4e0
[  117.713060][ T6165]  ___sys_sendmsg+0x17b/0x1d0
[  117.713164][ T6165]  __x64_sys_sendmsg+0xd4/0x160
[  117.713302][ T6165]  x64_sys_call+0x191e/0x3000
[  117.713320][ T6165]  do_syscall_64+0xd2/0x200
[  117.713333][ T6165]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  117.713437][ T6165]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  117.713515][ T6165]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.713531][ T6165] RIP: 0033:0x7f9c0c57efc9
[  117.713543][ T6165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.713600][ T6165] RSP: 002b:00007f9c0afdf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  117.713680][ T6165] RAX: ffffffffffffffda RBX: 00007f9c0c7d5fa0 RCX: 00007f9c0c57efc9
[  117.713689][ T6165] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[  117.713699][ T6165] RBP: 00007f9c0afdf090 R08: 0000000000000000 R09: 0000000000000000
[  117.713708][ T6165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  117.713851][ T6165] R13: 00007f9c0c7d6038 R14: 00007f9c0c7d5fa0 R15: 00007fffc0dd0db8
[  117.713865][ T6165]  </TASK>
[  117.989689][ T6180] binfmt_misc: register: failed to install interpreter file ./file0
[  118.165135][ T6195] FAULT_INJECTION: forcing a failure.
[  118.165135][ T6195] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  118.178264][ T6195] CPU: 0 UID: 0 PID: 6195 Comm: syz.0.790 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  118.178327][ T6195] Tainted: [W]=WARN
[  118.178334][ T6195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  118.178346][ T6195] Call Trace:
[  118.178353][ T6195]  <TASK>
[  118.178360][ T6195]  __dump_stack+0x1d/0x30
[  118.178401][ T6195]  dump_stack_lvl+0xe8/0x140
[  118.178501][ T6195]  dump_stack+0x15/0x1b
[  118.178518][ T6195]  should_fail_ex+0x265/0x280
[  118.178555][ T6195]  should_fail+0xb/0x20
[  118.178571][ T6195]  should_fail_usercopy+0x1a/0x20
[  118.178610][ T6195]  _copy_to_user+0x20/0xa0
[  118.178631][ T6195]  simple_read_from_buffer+0xb5/0x130
[  118.178652][ T6195]  proc_fail_nth_read+0x10e/0x150
[  118.178681][ T6195]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  118.178806][ T6195]  vfs_read+0x1a8/0x770
[  118.178830][ T6195]  ? __rcu_read_unlock+0x4f/0x70
[  118.178927][ T6195]  ? __fget_files+0x184/0x1c0
[  118.179031][ T6195]  ksys_read+0xda/0x1a0
[  118.179055][ T6195]  __x64_sys_read+0x40/0x50
[  118.179083][ T6195]  x64_sys_call+0x27c0/0x3000
[  118.179105][ T6195]  do_syscall_64+0xd2/0x200
[  118.179172][ T6195]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  118.179199][ T6195]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  118.179306][ T6195]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.179327][ T6195] RIP: 0033:0x7f9b2c3fd9dc
[  118.179341][ T6195] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  118.179356][ T6195] RSP: 002b:00007f9b2ae67030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  118.179378][ T6195] RAX: ffffffffffffffda RBX: 00007f9b2c655fa0 RCX: 00007f9b2c3fd9dc
[  118.179388][ T6195] RDX: 000000000000000f RSI: 00007f9b2ae670a0 RDI: 0000000000000004
[  118.179437][ T6195] RBP: 00007f9b2ae67090 R08: 0000000000000000 R09: 0000000000000000
[  118.179510][ T6195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  118.179522][ T6195] R13: 00007f9b2c656038 R14: 00007f9b2c655fa0 R15: 00007ffe0d438d58
[  118.179549][ T6195]  </TASK>
[  118.430764][ T6202] FAULT_INJECTION: forcing a failure.
[  118.430764][ T6202] name failslab, interval 1, probability 0, space 0, times 0
[  118.443469][ T6202] CPU: 1 UID: 0 PID: 6202 Comm: syz.0.793 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  118.443540][ T6202] Tainted: [W]=WARN
[  118.443547][ T6202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  118.443560][ T6202] Call Trace:
[  118.443567][ T6202]  <TASK>
[  118.443574][ T6202]  __dump_stack+0x1d/0x30
[  118.443653][ T6202]  dump_stack_lvl+0xe8/0x140
[  118.443676][ T6202]  dump_stack+0x15/0x1b
[  118.443744][ T6202]  should_fail_ex+0x265/0x280
[  118.443775][ T6202]  should_failslab+0x8c/0xb0
[  118.443802][ T6202]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  118.443873][ T6202]  ? __alloc_skb+0x101/0x320
[  118.443905][ T6202]  __alloc_skb+0x101/0x320
[  118.443933][ T6202]  ? audit_log_start+0x342/0x720
[  118.443956][ T6202]  audit_log_start+0x3a0/0x720
[  118.444004][ T6202]  ? kstrtouint+0x76/0xc0
[  118.444037][ T6202]  audit_seccomp+0x48/0x100
[  118.444070][ T6202]  ? __seccomp_filter+0x82d/0x1250
[  118.444149][ T6202]  __seccomp_filter+0x83e/0x1250
[  118.444179][ T6202]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  118.444206][ T6202]  ? vfs_write+0x7e8/0x960
[  118.444226][ T6202]  ? __rcu_read_unlock+0x4f/0x70
[  118.444319][ T6202]  ? __fget_files+0x184/0x1c0
[  118.444344][ T6202]  __secure_computing+0x82/0x150
[  118.444417][ T6202]  syscall_trace_enter+0xcf/0x1e0
[  118.444447][ T6202]  do_syscall_64+0xac/0x200
[  118.444468][ T6202]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  118.444491][ T6202]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  118.444544][ T6202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.444563][ T6202] RIP: 0033:0x7f9b2c3fefc9
[  118.444575][ T6202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  118.444655][ T6202] RSP: 002b:00007f9b2ae67038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  118.444671][ T6202] RAX: ffffffffffffffda RBX: 00007f9b2c655fa0 RCX: 00007f9b2c3fefc9
[  118.444683][ T6202] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
[  118.444696][ T6202] RBP: 00007f9b2ae67090 R08: 0000000000000000 R09: 0000000000000000
[  118.444778][ T6202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  118.444788][ T6202] R13: 00007f9b2c656038 R14: 00007f9b2c655fa0 R15: 00007ffe0d438d58
[  118.444804][ T6202]  </TASK>
[  118.855196][ T6207] binfmt_misc: register: failed to install interpreter file ./file0
[  119.060808][ T6221] macvtap0: entered promiscuous mode
[  119.067067][ T6221] macvtap0: left promiscuous mode
[  119.170443][ T6228] FAULT_INJECTION: forcing a failure.
[  119.170443][ T6228] name failslab, interval 1, probability 0, space 0, times 0
[  119.183140][ T6228] CPU: 1 UID: 0 PID: 6228 Comm: syz.2.802 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  119.183236][ T6228] Tainted: [W]=WARN
[  119.183244][ T6228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  119.183259][ T6228] Call Trace:
[  119.183280][ T6228]  <TASK>
[  119.183343][ T6228]  __dump_stack+0x1d/0x30
[  119.183369][ T6228]  dump_stack_lvl+0xe8/0x140
[  119.183391][ T6228]  dump_stack+0x15/0x1b
[  119.183443][ T6228]  should_fail_ex+0x265/0x280
[  119.183499][ T6228]  should_failslab+0x8c/0xb0
[  119.183613][ T6228]  __kmalloc_noprof+0xa5/0x570
[  119.183647][ T6228]  ? alloc_pipe_info+0x1c9/0x350
[  119.183741][ T6228]  alloc_pipe_info+0x1c9/0x350
[  119.183770][ T6228]  splice_direct_to_actor+0x592/0x680
[  119.183798][ T6228]  ? __pfx_direct_splice_actor+0x10/0x10
[  119.183821][ T6228]  ? selinux_file_permission+0x2f0/0x320
[  119.183849][ T6228]  do_splice_direct+0xda/0x150
[  119.183905][ T6228]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  119.183941][ T6228]  do_sendfile+0x380/0x650
[  119.184022][ T6228]  __x64_sys_sendfile64+0x105/0x150
[  119.184052][ T6228]  x64_sys_call+0x2bb4/0x3000
[  119.184100][ T6228]  do_syscall_64+0xd2/0x200
[  119.184122][ T6228]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  119.184156][ T6228]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  119.184332][ T6228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.184354][ T6228] RIP: 0033:0x7f9da7c4efc9
[  119.184367][ T6228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.184396][ T6228] RSP: 002b:00007f9da66b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  119.184480][ T6228] RAX: ffffffffffffffda RBX: 00007f9da7ea5fa0 RCX: 00007f9da7c4efc9
[  119.184494][ T6228] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[  119.184540][ T6228] RBP: 00007f9da66b7090 R08: 0000000000000000 R09: 0000000000000000
[  119.184551][ T6228] R10: 000000008000002b R11: 0000000000000246 R12: 0000000000000001
[  119.184561][ T6228] R13: 00007f9da7ea6038 R14: 00007f9da7ea5fa0 R15: 00007ffea2595328
[  119.184623][ T6228]  </TASK>
[  119.191359][ T6230] netlink: 8 bytes leftover after parsing attributes in process `syz.5.804'.
[  119.428331][ T6236] binfmt_misc: register: failed to install interpreter file ./file0
[  119.489205][ T6240] netlink: 'syz.5.808': attribute type 21 has an invalid length.
[  119.497079][ T6240] netlink: 128 bytes leftover after parsing attributes in process `syz.5.808'.
[  119.527633][ T6243] FAULT_INJECTION: forcing a failure.
[  119.527633][ T6243] name failslab, interval 1, probability 0, space 0, times 0
[  119.533248][ T6240] netlink: 'syz.5.808': attribute type 5 has an invalid length.
[  119.540340][ T6243] CPU: 0 UID: 0 PID: 6243 Comm: syz.2.809 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  119.540374][ T6243] Tainted: [W]=WARN
[  119.540446][ T6243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  119.540463][ T6243] Call Trace:
[  119.540474][ T6243]  <TASK>
[  119.540483][ T6243]  __dump_stack+0x1d/0x30
[  119.540513][ T6243]  dump_stack_lvl+0xe8/0x140
[  119.540541][ T6243]  dump_stack+0x15/0x1b
[  119.540566][ T6243]  should_fail_ex+0x265/0x280
[  119.540689][ T6243]  should_failslab+0x8c/0xb0
[  119.540728][ T6243]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  119.540781][ T6243]  ? __alloc_skb+0x101/0x320
[  119.540819][ T6243]  __alloc_skb+0x101/0x320
[  119.540856][ T6243]  netlink_alloc_large_skb+0xbf/0xf0
[  119.540896][ T6243]  netlink_sendmsg+0x3cf/0x6b0
[  119.540968][ T6243]  ? __pfx_netlink_sendmsg+0x10/0x10
[  119.541012][ T6243]  __sock_sendmsg+0x145/0x180
[  119.541044][ T6243]  ____sys_sendmsg+0x31e/0x4e0
[  119.541154][ T6243]  ___sys_sendmsg+0x17b/0x1d0
[  119.541217][ T6243]  __x64_sys_sendmsg+0xd4/0x160
[  119.541261][ T6243]  x64_sys_call+0x191e/0x3000
[  119.541343][ T6243]  do_syscall_64+0xd2/0x200
[  119.541416][ T6243]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  119.541485][ T6243]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  119.541524][ T6243]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.541550][ T6243] RIP: 0033:0x7f9da7c4efc9
[  119.541579][ T6243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.541600][ T6243] RSP: 002b:00007f9da66b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  119.541622][ T6243] RAX: ffffffffffffffda RBX: 00007f9da7ea5fa0 RCX: 00007f9da7c4efc9
[  119.541668][ T6243] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  119.541683][ T6243] RBP: 00007f9da66b7090 R08: 0000000000000000 R09: 0000000000000000
[  119.541697][ T6243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  119.541709][ T6243] R13: 00007f9da7ea6038 R14: 00007f9da7ea5fa0 R15: 00007ffea2595328
[  119.541730][ T6243]  </TASK>
[  119.754551][ T6240] netlink: 3 bytes leftover after parsing attributes in process `syz.5.808'.
[  119.793550][ T6258] netlink: 96 bytes leftover after parsing attributes in process `syz.2.814'.
[  119.865326][ T6269] netlink: 4 bytes leftover after parsing attributes in process `syz.0.819'.
[  119.937828][ T6278] 
€Â: renamed from hsr0 (while UP)
[  119.962152][ T6280] FAULT_INJECTION: forcing a failure.
[  119.962152][ T6280] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  119.975410][ T6280] CPU: 0 UID: 0 PID: 6280 Comm: syz.5.823 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  119.975445][ T6280] Tainted: [W]=WARN
[  119.975452][ T6280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  119.975463][ T6280] Call Trace:
[  119.975469][ T6280]  <TASK>
[  119.975475][ T6280]  __dump_stack+0x1d/0x30
[  119.975560][ T6280]  dump_stack_lvl+0xe8/0x140
[  119.975577][ T6280]  dump_stack+0x15/0x1b
[  119.975595][ T6280]  should_fail_ex+0x265/0x280
[  119.975637][ T6280]  should_fail+0xb/0x20
[  119.975654][ T6280]  should_fail_usercopy+0x1a/0x20
[  119.975675][ T6280]  _copy_from_user+0x1c/0xb0
[  119.975728][ T6280]  do_ip_getsockopt+0x12a/0xfe0
[  119.975812][ T6280]  ? _parse_integer+0x27/0x40
[  119.975898][ T6280]  ? __rcu_read_unlock+0x4f/0x70
[  119.975926][ T6280]  ? avc_has_perm_noaudit+0x1b1/0x200
[  119.975955][ T6280]  ? avc_has_perm+0xf7/0x180
[  119.975969][ T6280]  ip_getsockopt+0x5c/0x180
[  119.976057][ T6280]  ? selinux_socket_getsockopt+0xf0/0x1b0
[  119.976158][ T6280]  ? selinux_socket_getsockopt+0xf0/0x1b0
[  119.976190][ T6280]  tcp_getsockopt+0xad/0xe0
[  119.976258][ T6280]  sock_common_getsockopt+0x60/0x70
[  119.976283][ T6280]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  119.976310][ T6280]  do_sock_getsockopt+0x200/0x240
[  119.976369][ T6280]  __x64_sys_getsockopt+0x11e/0x1a0
[  119.976399][ T6280]  x64_sys_call+0x2bca/0x3000
[  119.976469][ T6280]  do_syscall_64+0xd2/0x200
[  119.976489][ T6280]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  119.976521][ T6280]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  119.976556][ T6280]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.976629][ T6280] RIP: 0033:0x7f6b2db8efc9
[  119.976642][ T6280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.976658][ T6280] RSP: 002b:00007f6b2c5ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  119.976687][ T6280] RAX: ffffffffffffffda RBX: 00007f6b2dde5fa0 RCX: 00007f6b2db8efc9
[  119.976701][ T6280] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000003
[  119.976713][ T6280] RBP: 00007f6b2c5ef090 R08: 0000200000000080 R09: 0000000000000000
[  119.976723][ T6280] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  119.976733][ T6280] R13: 00007f6b2dde6038 R14: 00007f6b2dde5fa0 R15: 00007ffe76d61ba8
[  119.976749][ T6280]  </TASK>
[  120.285224][ T6291] ==================================================================
[  120.293360][ T6291] BUG: KCSAN: data-race in mas_state_walk / mas_wr_store_entry
[  120.300939][ T6291] 
[  120.303273][ T6291] write to 0xffff88810453d208 of 8 bytes by task 6286 on cpu 1:
[  120.310910][ T6291]  mas_wr_store_entry+0x1192/0x26e0
[  120.316133][ T6291]  mas_store_prealloc+0x74d/0xa80
[  120.321174][ T6291]  commit_merge+0x6a5/0x730
[  120.325685][ T6291]  vma_expand+0x220/0x320
[  120.330014][ T6291]  vma_merge_new_range+0x296/0x310
[  120.335130][ T6291]  mmap_region+0xa50/0x1620
[  120.339645][ T6291]  do_mmap+0x9b3/0xbe0
[  120.343716][ T6291]  vm_mmap_pgoff+0x17a/0x2e0
[  120.348316][ T6291]  ksys_mmap_pgoff+0xc2/0x310
[  120.352988][ T6291]  x64_sys_call+0x14a3/0x3000
[  120.357673][ T6291]  do_syscall_64+0xd2/0x200
[  120.362198][ T6291]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.368102][ T6291] 
[  120.370431][ T6291] read to 0xffff88810453d208 of 8 bytes by task 6291 on cpu 0:
[  120.377983][ T6291]  mas_state_walk+0x28f/0x650
[  120.382697][ T6291]  mas_walk+0x60/0x150
[  120.386777][ T6291]  lock_vma_under_rcu+0x95/0x170
[  120.391737][ T6291]  do_user_addr_fault+0x233/0x1080
[  120.396867][ T6291]  exc_page_fault+0x62/0xa0
[  120.401395][ T6291]  asm_exc_page_fault+0x26/0x30
[  120.406246][ T6291] 
[  120.408565][ T6291] value changed: 0x00007f6b2c58cfff -> 0x00007f6b2c56bfff
[  120.415671][ T6291] 
[  120.417988][ T6291] Reported by Kernel Concurrency Sanitizer on:
[  120.424139][ T6291] CPU: 0 UID: 0 PID: 6291 Comm: syz.5.826 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  120.435347][ T6291] Tainted: [W]=WARN
[  120.439146][ T6291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  120.449203][ T6291] ==================================================================