last executing test programs:

52.818358442s ago: executing program 4 (id=342):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7111})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x5}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x7, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x4, 0xffffff00, 0x6, 0xc31, 0x7}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x70}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20000014}, 0x20000000) (fail_nth: 5)

52.166488019s ago: executing program 4 (id=349):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x9658, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0xd9b, 0x3}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x8f17, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r2, 0x0, 0x1a, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x5}, 0x100)

52.038384111s ago: executing program 4 (id=352):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e22, @loopback}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1a, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000180)={0xffffffff}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000400)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{}, &(0x7f0000000000), &(0x7f00000005c0)=r3}, 0x20)
syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0xfffffffffffffffa, 0x2a200)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r4, {}, {}, {0x6}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x40d5}, 0x0)

51.957889558s ago: executing program 4 (id=354):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f00000005c0)={[{@jqfmt_vfsold}, {@orlov}, {@user_xattr}, {@noload}, {@nombcache}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@nodiscard}]}, 0xfa, 0x47c, &(0x7f0000000a80)="$eJzs3M1vFOUfAPDvTLulwI9fK+ILCFJFI/GlpeVFDl40mnDQxEQPGE+1LaRSqKE1EUK0esCjIfFu/C+MJ70Y9aKJV70bEmK4gHpZMzsztLS77ZZud4H9fJLZfZ6Z2X2e78w8O8/Ms7sBdK2h7CGJ+F9E/B4RA3n29hWG8qeb1y9N/H390kQS1epbfyW19W5cvzRRrlq+bnueqVaL/JY65V5+N2J8ZmbqfJEfmT/7wcjchYsvTJ8dPz11eurc2PHjRw7v6zs2drQlcWZx3djz8eze3SfeufLGxMkr7/2UpJHHHcviaJWhfOvW9XSrC+uwHUvSSW/22F/k9v+yuKTekUAn9UREtrsqtfY/ED2x9daygXjts45WDthU1Wq1usqn8kIVuI8l0ekaAJ1Rnuiz699yalPX465w7eX8AiiL+2Yx5Ut6I80T+yvLrm9baSgiTi7881U2xSbdhwAAWOq7rP/zfL3+XxoP54m+7OH/xRjKYEQ8EBE7I+LBiNgVEQ9F1NZ9JCIeXWf5y0dIVvZ/0qt3HFwTsv7fS8XY1u39v7RcZbCnyO2oxV9JTk3PTB0qtsnBqGw5NZ1Mja5Sxvev/vZFo2VL+3/ZlJVf9gWLelztXXaDbnJ8fnwjMS917dOIPb314k9q4wJRjOvtjog9d1jG9LO9DZetHf8qGr9t06pfRzyT7/+FWBZ/KWk4Pjn64rGxoyP9MTN1aKQ8Klb6+dfLbzYqf0Pxt0C2/7fVPf5vxT+Y9EfMXbh4pjZeO7f+Mi7/8XnDa5p1Hv8ndhTHf1/ydm1GX7Hgo/H5+fOjEX3J6yvnjy2+W5kv18/iP3igfvvfGYtb4rGI2BsR+yLi8eyisKj7ExHxZEQcWCX+H1956v31x9+esdIs/sm19n8s3f/rT/Sc+eHbtePvj4hG+/9ILXWwmNPM51+zFdzItgMAAIB7Rf4d+CQdXkwnw8P5d/h3xbZ0ZnZu/rlTsx+em8y/Kz8YlbS80zWw5H7oaHFvuMyPLcsfLu4bf9mztZYfnpidmex08NDltq9o/2matf/Mnz2drh2w6Vowjgbco7R/6F7aP3SnZM32X2lbXYD2c/6H7lWv/X/ScO3hbza1MkBbOf9D92qi/S/kT417BcC9yfkfupf2D12p4W/j0w395L/tiX+L/zO8W+pz/ycivSuqcf8nepv+M4tGicrKtlwdyNt/NmdL3Vd1+pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNf4LAAD///R05PQ=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x18, 0x0, 0xfffffffe})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='kfree\x00', r2}, 0x18)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)
sendto$inet6(r3, &(0x7f00000005c0)="f5", 0x1, 0x20000880, &(0x7f0000000240)={0xa, 0x4e20, 0xfffffffc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x4}, 0x8)
write$sndseq(r0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70300001c000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kfree\x00', r5, 0x0, 0x2}, 0x18)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000400)=[{0x6, 0x1, 0x2, 0x7fff7ffc}]})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r7, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r7, 0x0, 0x30, &(0x7f00000012c0)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x290)
close_range(r6, 0xffffffffffffffff, 0x0)
syz_mount_image$tmpfs(0x0, &(0x7f0000000100)='./file0\x00', 0x208b022, 0x0, 0x1, 0x0, &(0x7f00000000c0))
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
pivot_root(0x0, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)

51.730387738s ago: executing program 4 (id=358):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x40, 0x170)
fgetxattr(r2, &(0x7f00000003c0)=@known='security.selinux\x00', 0x0, 0x0)

51.433383334s ago: executing program 4 (id=365):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
syz_io_uring_setup(0x186, &(0x7f0000000740)={0x0, 0x567, 0x13100}, &(0x7f0000000100), &(0x7f0000000000))
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000104000028000000", @ANYRES32, @ANYBLOB="6635d11b0000003b991454b1f566dfffffff0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000400)='sys_enter\x00', r3}, 0x18)
nanosleep(&(0x7f0000000240), 0x0)
getsockopt$sock_buf(r1, 0x1, 0x1c, &(0x7f0000000240)=""/188, &(0x7f0000000040)=0xbc)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000b80)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000e00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000008300007639b300bf0900000000000055090100000000009500000000000000335afcfff0ffffffbf91000000000000b7020000010000238500000085000000b7000000000000009500000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r6 = signalfd(r5, &(0x7f0000000400)={[0x3]}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES16=r4, @ANYRES32=r5, @ANYRESHEX=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @cgroup_sysctl=0x12, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x28, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r7}, 0x10)
r8 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1)
fcntl$setlease(r8, 0x400, 0x1)
fremovexattr(r8, &(0x7f0000000040)=@known='system.posix_acl_default\x00')
r9 = socket$key(0xf, 0x3, 0x2)
r10 = add_key$user(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r10, &(0x7f0000000280)='user\x00', &(0x7f0000000300)=@secondary)
sendmsg$key(r9, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000540)=ANY=[@ANYBLOB="020300030c0000000007000000000000020009001000000053bb00000000000003000600000000000200100000000000000000000000000002000100000000000000060d00000000030005000000020002000000ac1414000000000000000000"], 0x60}, 0x1, 0x7}, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r12, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001f80)=ANY=[@ANYBLOB="600000000101010200000000000000000a0000000c00198008000200050000000600124000030000380002802c0001"], 0x60}}, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x50, 0x10, 0x1, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xffff, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0xfffffffe, 0x8}}, {0x4, 0x1b}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000500)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18)

51.413708656s ago: executing program 32 (id=365):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
syz_io_uring_setup(0x186, &(0x7f0000000740)={0x0, 0x567, 0x13100}, &(0x7f0000000100), &(0x7f0000000000))
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000104000028000000", @ANYRES32, @ANYBLOB="6635d11b0000003b991454b1f566dfffffff0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000400)='sys_enter\x00', r3}, 0x18)
nanosleep(&(0x7f0000000240), 0x0)
getsockopt$sock_buf(r1, 0x1, 0x1c, &(0x7f0000000240)=""/188, &(0x7f0000000040)=0xbc)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000b80)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000e00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000008300007639b300bf0900000000000055090100000000009500000000000000335afcfff0ffffffbf91000000000000b7020000010000238500000085000000b7000000000000009500000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r6 = signalfd(r5, &(0x7f0000000400)={[0x3]}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES16=r4, @ANYRES32=r5, @ANYRESHEX=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @cgroup_sysctl=0x12, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x28, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r7}, 0x10)
r8 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1)
fcntl$setlease(r8, 0x400, 0x1)
fremovexattr(r8, &(0x7f0000000040)=@known='system.posix_acl_default\x00')
r9 = socket$key(0xf, 0x3, 0x2)
r10 = add_key$user(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r10, &(0x7f0000000280)='user\x00', &(0x7f0000000300)=@secondary)
sendmsg$key(r9, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000540)=ANY=[@ANYBLOB="020300030c0000000007000000000000020009001000000053bb00000000000003000600000000000200100000000000000000000000000002000100000000000000060d00000000030005000000020002000000ac1414000000000000000000"], 0x60}, 0x1, 0x7}, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r12, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001f80)=ANY=[@ANYBLOB="600000000101010200000000000000000a0000000c00198008000200050000000600124000030000380002802c0001"], 0x60}}, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x50, 0x10, 0x1, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xffff, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0xfffffffe, 0x8}}, {0x4, 0x1b}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000500)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18)

44.910010052s ago: executing program 2 (id=470):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000010000000000000000018110000", @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{&(0x7f0000000380)={0xa, 0x4e23, 0x5, @loopback, 0x2}, 0x1c, &(0x7f0000001580)=[{&(0x7f0000000480)='Y', 0x1}], 0x1}}], 0x1, 0x4004)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000002500)={0x0, 0x6}, 0x8)

44.908994302s ago: executing program 2 (id=471):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000010000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000000000008500000086000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x18)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003040)=[{{&(0x7f0000000380)={0xa, 0x4e23, 0x5, @loopback, 0x2}, 0x1c, &(0x7f0000001580)=[{&(0x7f0000000480)='Y', 0x1}], 0x1}}], 0x1, 0x4004)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000002500)={0x0, 0x6}, 0x8)

44.835308799s ago: executing program 2 (id=473):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @empty, 0xffffffff}, 0x1c)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xffffffff}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000008095"], 0x0, 0x3}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0xe0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000000), &(0x7f0000000040)=r4}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x3, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}, {0x3400, 0x7f, 0x6, 0x5}, {0x7, 0x7, 0x5}]})
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x14)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000003c0)=0x1)

44.315845135s ago: executing program 2 (id=477):
mount$nfs(0x0, &(0x7f0000000640)='.\x00', &(0x7f0000000680), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='acl,fsc=u'])
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
pivot_root(&(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000400)='./file0/file0\x00')
mount$nfs(0x0, &(0x7f0000000640)='.\x00', &(0x7f0000000680), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='acl,fsc=u']) (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) (async)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) (async)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) (async)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) (async)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) (async)
pivot_root(&(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000400)='./file0/file0\x00') (async)

44.245295731s ago: executing program 2 (id=478):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x256581, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
recvmmsg(r2, &(0x7f00000057c0)=[{{&(0x7f0000000240)=@un=@abs, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000380)=""/100, 0x64}, {&(0x7f0000000700)=""/194, 0xc2}, {&(0x7f00000000c0)=""/17, 0x11}], 0x3, &(0x7f0000000800)=""/248, 0xf8}, 0xe}, {{&(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000000dc0)=[{&(0x7f0000000900)=""/104, 0x68}, {&(0x7f0000000980)=""/112, 0x70}, {&(0x7f00000010c0)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/24, 0x18}, {&(0x7f0000000a00)=""/194, 0xc2}, {&(0x7f00000058c0)=""/198, 0xc6}, {&(0x7f0000000c00)=""/74, 0x4a}, {&(0x7f0000000c80)=""/254, 0xfe}, {&(0x7f0000000d80)}], 0x9, &(0x7f0000000e80)=""/90, 0x5a}, 0x9}, {{&(0x7f0000000f00)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f00000042c0)=[{&(0x7f00000020c0)=""/4096, 0x1000}, {&(0x7f0000000f80)=""/115, 0x73}, {&(0x7f0000001000)=""/52, 0x34}, {&(0x7f00000030c0)=""/4096, 0x1000}, {&(0x7f00000040c0)=""/223, 0xdf}, {&(0x7f00000041c0)=""/96, 0x60}, {&(0x7f0000004240)=""/110, 0x6e}], 0x7}, 0x10000}, {{0x0, 0x0, &(0x7f0000001040)=[{&(0x7f0000004440)=""/4096, 0x1000}, {&(0x7f0000005440)=""/204, 0xcc}, {&(0x7f0000005540)=""/164, 0xa4}, {&(0x7f0000005600)=""/238, 0xee}], 0x4, &(0x7f0000005700)=""/164, 0xa4}, 0x80}], 0x4, 0x2, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x7, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r6}, 0x18)
unshare(0x64000680)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
r7 = msgget$private(0x0, 0x8)
msgrcv(r7, &(0x7f0000001080)={0x0, ""/1}, 0x9, 0x2, 0x3000)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f00000004c0)={{0x0, 0xee00, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x1000000000000b, 0x6f76, 0x3, 0x0, 0x1, 0x8, 0x7b, 0x3})
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000080), 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x38}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r9, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x34, 0x0, 0x8, 0x401, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @icmpv6}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}]}, 0x34}}, 0x0)

43.91768685s ago: executing program 2 (id=488):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

43.884217373s ago: executing program 33 (id=488):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

2.236894592s ago: executing program 1 (id=1249):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x4, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x40, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0x4}, 0x1c)
sendto$inet6(r0, &(0x7f00000000c0)='\x00', 0x1, 0x440c0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000080), 0xc)
writev(r0, &(0x7f0000001300)=[{&(0x7f0000000100)='^', 0x34000}], 0x1)

2.230404472s ago: executing program 1 (id=1252):
r0 = socket(0x2, 0x80805, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
sendmmsg$inet_sctp(r0, 0x0, 0x0, 0x2)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x23000, 0x1000, 0x0, 0x3}, 0x20)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
r2 = socket$kcm(0x2a, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', <r3=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r1, &(0x7f0000000180)={0x2c, 0x2, r3}, 0x10)
sendmsg$ETHTOOL_MSG_WOL_GET(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000006c0)={0x0, 0x194}}, 0x4000040)

2.161310898s ago: executing program 6 (id=1253):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x12, &(0x7f0000000940)=ANY=[@ANYRES32=0x1], &(0x7f0000000080)='GPL\x00', 0xfffffffb, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000140)={0x4, 0x1, 0x8009, 0x5}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd1, &(0x7f0000000000)=0xb, 0x4)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10020, 0x1, {0x2}})
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="6400000002060500000000000000000000000000120003006269746d61703a69702c6d616300000005000400000000000900020073797a310000004018000780050003001f0000000c00018008000140ffffffff05000500020000000500010006"], 0x64}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000000906010200000000000a0000000000000900020073797a31000000000500010007000000180007800c00018008000140ffffffff080009"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

2.160582248s ago: executing program 1 (id=1254):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000440)='ext4_ext_remove_space\x00', r1, 0x0, 0x4804}, 0x4d)
r2 = fsopen(&(0x7f0000000400)='proc\x00', 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x7, 0xbe, &(0x7f0000000300)=ANY=[@ANYBLOB="1801000201040000003aeb000002000018110000", @ANYRES32, @ANYBLOB="0000001a3757d4f726f549500000000000b702000000000000850000008600000095"], &(0x7f00000006c0)='GPL\x00', 0x40001, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000003c0)='kyber_adjust\x00', r5, 0x0, 0xfffffffffffffdff}, 0x18)
sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000300240248ff050005001200", 0x2e}], 0x1}, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x6, 0x0, 0x0, 0xd)
r7 = fsmount(r2, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e24, 0x1, @empty, 0xfffffffe}, 0x1c)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, &(0x7f0000000000)=0x8, 0x4)
write(0xffffffffffffffff, 0x0, 0x0)
recvmsg(r7, &(0x7f0000000340)={0x0, 0x3c, 0x0, 0xfffffffffffffd7b, &(0x7f0000000500)=""/156, 0xce}, 0x41)
r8 = epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="8609702833ba8a62ecd2e4cde74667d754bef8b94423f2910a27e3ea3a45362fd42a479d6e6c5c11ce8866d949c3a14753de36d161690b8248a5e5b55b0c343243959fa85a2ceed58591e0d512a870be2d1304e3120345a8f9dc533683cad12b73a1e9785dd246227405f12d2216e7809ce915f9a8c5b962d095fad374a72a4aca3f2b6584717658a522b74c2de7ce72ebc85e9862963f442a37aba392716c961df788394b2527807fdb1a663657a5ddd337dfd1b325cff0f8a2a41b3e6c50bc4240394a4bbd0d024e72f24192bc6216f3fc1c4948909832af51b69d3abb", @ANYRES16=r6], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x14, 0xf, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESOCT=r4, @ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lirc_mode2=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r9}, 0x18)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r4, &(0x7f0000000000)={0xc0000008})
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = socket(0x1e, 0x1, 0x0)
connect$tipc(r11, &(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r11, &(0x7f0000000340), 0x2000011a)
splice(r11, 0x0, r10, 0x0, 0x4ff9c, 0x0)
syz_usb_connect(0x2, 0x0, 0x0, 0x0)
openat$cgroup_subtree(r7, &(0x7f0000000100), 0x2, 0x0)

2.154521469s ago: executing program 6 (id=1256):
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
r0 = gettid()
r1 = gettid()
tkill(r0, 0x12)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000940), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r3, 0x0, 0x10007ffffffff}, 0x18)
tkill(r1, 0x14)

2.093382584s ago: executing program 6 (id=1258):
bind$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000040)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x5a}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x20, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x22, 0x2}, @mptcp=@ack={0x1e, 0x7, 0x88, 0x4, "d289fa"}]}}}}}}}}, 0x0)

2.092674364s ago: executing program 3 (id=1259):
socket$kcm(0x10, 0x2, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f00000003c0)=ANY=[@ANYRES8=<r3=>r1, @ANYRES32=r1, @ANYBLOB="850000005346000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8c, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r4}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000100)=<r5=>0x0)
quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000801, r5, &(0x7f0000000140)={0x8, 0xffffffffffffffff, 0x81, 0x0, 0x4, 0x4, 0xffffffffffffffff, 0x20007, 0x9})
r6 = socket(0x10, 0x803, 0x0)
connect$netlink(r6, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
getsockname$packet(r6, 0x0, &(0x7f0000000200))
bpf$MAP_CREATE(0x0, &(0x7f0000000ec0)=ANY=[@ANYBLOB="07000000270000000802cbb2133cb707111e00005823a297acd2a74959028af1d61ab467efc908c239fecaf1e77f253a13cce0774864d782965723153d5d8bf207f5887be89815c35e41ab6848e753a41732fce97e54c142d5", @ANYRES32, @ANYRESDEC, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000041000000000000000000000000fc5d997019ceed03d46829bbb53576009c6f10aa9a7e9cdce21019b28f85323877472e5d84ae91422c3734ef08f83674ad262cc1901a8dc40601e7f72f481692d65aa42ec37563760c33d555b7e314763512b431285b5888f01dd889d6d709a3b8c8c36e7e2d"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="000000000700000000b24752620b341aba120000", @ANYRESOCT=r2], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
quotactl_fd$Q_GETFMT(r7, 0xffffffff80000401, r5, &(0x7f0000000240))
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="07000000040000000800000001000000000000", @ANYRES32, @ANYBLOB="0000010000000000000000090000000000000000fd5d217948a910fe7220539d596d1753c32860d6119a3f21b0189a528cbf56815dd0c4d2492ded8282b1112ba3badcf53c0c010e442a5dbd185b558f7001bbd4edfb04b084709f42978e36e81a8d9a2d14022d511bc5d4daf9652ac13fef730dc16e359f42d51b6e0ef1635762bca215688f3b6f5bbb7fba80c4956d17e35728bd", @ANYRES32=<r9=>0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0x2000000000000034, &(0x7f00000002c0)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095", @ANYRES32=r9, @ANYRES32=r8], &(0x7f0000000380)='syzkaller\x00', 0xd, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x18)
r11 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x2000)
ioctl$SG_GET_VERSION_NUM(r11, 0x2284, &(0x7f0000000440))
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r11, 0x40047211, &(0x7f0000000300)=0x4)
r12 = gettid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x13, 0xffffffffffffffff, 0x28f45000)
process_vm_writev(r12, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r7}, 0x18)
r13 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r13, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x338, 0x150, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x268, 0xffffffff, 0xffffffff, 0x268, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@remote, @mcast2, [0xff, 0xff000000, 0x0, 0xffffff00], [0xff000000, 0xff, 0xff], 'veth1_vlan\x00', 'geneve1\x00', {}, {}, 0x29, 0x10, 0x0, 0x78}, 0x0, 0x110, 0x150, 0x60030000, {0x0, 0xff000000}, [@common=@unspec=@physdev={{0x68}, {'ipvlan0\x00', {0xff}, 'syz_tun\x00', {}, 0xc, 0x18}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x5, 0x5, {0xd457}}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x2f}, @empty, [0xff000000, 0xff000000, 0xffffff00, 0xffffffff], [0x0, 0xffffff00, 0xffffff00, 0xffffffff], 'gretap0\x00', 'netdevsim0\x00', {0xff}, {0xff}, 0x3c, 0x1, 0x5, 0x64}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@private=0xa01faff, 'pim6reg0\x00', {0x400000}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x398)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x10008, {0x0, 0x0, 0x0, 0x0, {0xa, 0x2}, {0x0, 0xffef}, {0xfff3, 0x19}}}, 0x24}, 0x1, 0x0, 0x0, 0x8014}, 0x4004000)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r0}, 0x4)

2.092008644s ago: executing program 6 (id=1260):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18)
utime(0x0, 0x0)

2.02931801s ago: executing program 6 (id=1261):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x6, 0x298})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000c00)={[{@noblock_validity}, {}, {@sysvgroups}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@nodelalloc}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x8}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, 0x0, &(0x7f0000000040))
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x2)
readv(r3, &(0x7f0000000600)=[{&(0x7f00000002c0)=""/135, 0x87}], 0x1)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x2)
ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, &(0x7f0000000b00)={{0x2, 0x3, 0x9, 0x3, 0xffffffff}, 0x0, 0x800, 'id1\x00', 'timer1\x00', 0x0, 0x4, 0xffffffffaa71010d, 0x2, 0xffff})
mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0)

2.006633752s ago: executing program 3 (id=1262):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0xfffffffc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0x12}, {0xe, 0x10}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x0)

1.817377479s ago: executing program 3 (id=1263):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000580)='/sys/power/image_size', 0x1a1081, 0x18)
pwritev(r2, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYRES16=r1, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x63, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0xffffffff, 0xfc}, 0x0, 0x0, 0x800000, 0x6, 0x2, 0xcb, 0xffff, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xfff7ffffffffffff, 0xffffffffffffffff, 0x1)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r3 = perf_event_open(0x0, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1)
pause()
timer_create(0x7, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000280))
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4, 0x0, 0x40000000000000}, 0x18)
r5 = socket$igmp6(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r5, 0x29, 0x22, &(0x7f0000000000)={{0xa, 0x0, 0x101, @mcast1, 0x8}, {0xa, 0x0, 0xfffffffd, @private2, 0x6}, 0x0, {[0x6, 0x200, 0x1, 0xfffffefc, 0x2d, 0x1, 0x0, 0x200003]}}, 0x5c)
r6 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r6, 0xa, 0x13)
fcntl$setlease(r6, 0x400, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f00000001c0)={0x50000001})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[], 0xfc}, 0x1, 0x0, 0x0, 0x4080000}, 0x54adc8a2fff47367)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)

1.583700739s ago: executing program 1 (id=1264):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x6, 0x298})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000c00)={[{@noblock_validity}, {}, {@sysvgroups}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@nodelalloc}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0, r1, 0x0, 0x8}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, &(0x7f0000000340)={0x0, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
r3 = open(&(0x7f0000000140)='./file1\x00', 0x64042, 0x1e9)
pwritev2(r3, &(0x7f0000000240), 0x0, 0x2000, 0x0, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x2)
readv(r4, &(0x7f0000000600)=[{&(0x7f00000002c0)=""/135, 0x87}], 0x1)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x2)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r3, 0xc0f85403, &(0x7f0000000b00)={{0x2, 0x3, 0x9, 0x3, 0xffffffff}, 0x0, 0x800, 'id1\x00', 'timer1\x00', 0x0, 0x4, 0xffffffffaa71010d, 0x2, 0xffff})
mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x23}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={0xffffffffffffffff, r5}, 0xc)

1.393462686s ago: executing program 0 (id=1265):
r0 = socket(0x2, 0x80805, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
sendmmsg$inet_sctp(r0, 0x0, 0x0, 0x2)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x23000, 0x1000, 0x0, 0x3}, 0x20)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
r2 = socket$kcm(0x2a, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', <r3=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r1, &(0x7f0000000180)={0x2c, 0x2, r3}, 0x10)
sendmsg$ETHTOOL_MSG_WOL_GET(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000006c0)={0x0, 0x194}}, 0x4000040)

1.385513317s ago: executing program 0 (id=1266):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x12, &(0x7f0000000940)=ANY=[@ANYRES32=0x1], &(0x7f0000000080)='GPL\x00', 0xfffffffb, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000140)={0x4, 0x1, 0x8009, 0x5}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd1, &(0x7f0000000000)=0xb, 0x4)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
syz_io_uring_setup(0x112, &(0x7f0000000280)={0x0, 0x408c, 0x100, 0x8, 0x40}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10020, 0x1, {0x2}})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="6400000002060500000000000000000000000000120003006269746d61703a69702c6d616300000005000400000000000900020073797a310000004018000780050003001f0000000c00018008000140ffffffff05000500020000000500010006"], 0x64}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000000906010200000000000a0000000000000900020073797a31000000000500010007000000180007800c00018008000140ffffffff080009"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

555.51606ms ago: executing program 6 (id=1270):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f00000001c0))
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000002c0)=ANY=[@ANYRESDEC=0x0], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000740)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x51, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x2, 0x80805, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0xfffffffffffffe42, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000400)='xprtrdma_reply\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18)
fsmount(r3, 0x1, 0xf5)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=ANY=[@ANYBLOB="0600000004000000be7000005c00000000"], 0x50)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000400000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file0\x00', 0x8000, &(0x7f00000004c0)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2be, &(0x7f00000014c0)="$eJzs3MFrE1sUx/HzmrRJU9rkweOBgnrQjW6GNv4BGqQFMaDUpqgLYWonGjImZSZEImKzEbf+HcWlO0H9B7oRN+7dFUFw04U40plMm8S0pm3SxPb7gTJ3eu+vc9qm5dxC78adV4+LedfImxUZiauMiNRlUyS1NWr4p3Ed8cdj0qwulya+fz5z++69G5lsdnZedS6zcDmtqlPn3j159vr8h8rE4puptzFZT93f+Jb+sv7/+qmNnwuPCq4WXC2VK2rqUrlcMZdsS5cLbtFQvWVbpmtpoeRaTst83i6vrNTULC1PJlYcy3XVLNW0aNW0UtaKU1PzoVkoqWEYOpmQky3axZrc2vy8mdl12ov0tCL0Xqz1drzTGsfJ1DtP5tb6VRcAABhee/f/Qa+/e/+fXQyuPe7/Rej/+6TecveH/h/HguNkzETj57cV/T8AAAAAAAAAAAAAAAAAAAAAAH+DTc9Lep6XDK/hW0xE4iIS3g+6TvTHAb//VwZULnqs6R/34iL2y2qumguuwXwmLwWxxZJpScoP//XgRf3XRTCeu56dnVbfaONDbuVXq7mIfzaBnw+lgkwgzJ/9dybIq7zfylUb+VFJND8/LUn5r1M+O5veyYfHIaxWc2Ny8UJT3pCkfHwgZbFlua3+5zOq125m254/7q8DAAAAAOA4MHRbqnX/G5z9aPgL4uJv71vmg3ynvw+078+nO+7vo3K6myMqAQAAAADAobm1p0XTti3nAIOYiBwiflwHERmKMtoGV0VkCMo4qkFcRIL36EHiX7fjXaW8LtZERWTgX5Z9DAb9mwkAAABAr+00/fsIfXrRx4oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADh5uj0PLFz/21Q4sUe86XGRI/8EAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCHyKwAA//9OCxaA")
r5 = inotify_init()
close(0xffffffffffffffff)
inotify_add_watch(r5, &(0x7f0000000200)='./file0\x00', 0x400008bf)
r6 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='kfree\x00', r4, 0x0, 0x6}, 0x18)
sendmsg$nl_route_sched(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@deltaction={0x54, 0x18, 0x1, 0x70bd2a, 0x25dfdc00, {0xa}, [@TCA_ACT_TAB={0x40, 0x1, [{0xc, 0x93, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0x14, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x29, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x37}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x44000}, 0x40040)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x82044, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r8, &(0x7f0000004200)='t', 0x1)
sendfile(r8, r7, 0x0, 0x3ffff)
sendfile(r8, r7, 0x0, 0x7ffff000)

533.029492ms ago: executing program 3 (id=1272):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x8, 0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
r5 = socket$kcm(0x11, 0x3, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000640)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd26, 0x25dfdc00, {0x0, 0x0, 0x0, r9, {0x2, 0x4}, {}, {0x8, 0x1}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x54, 0x2, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x89, 0x3, 0x8, 0x7, 0x8}, 0x2}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000850)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r5, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r10, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb00"/38, 0x26}, {&(0x7f00000004c0)="f058fecbd680b650", 0x8}], 0x2}, 0x48000)

496.719716ms ago: executing program 0 (id=1273):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x635c, 0x1f480, 0x0, 0x399})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
io_uring_enter(r0, 0x8ae, 0x6933, 0x17, 0x0, 0xeffd)

492.495196ms ago: executing program 1 (id=1274):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0xfffffffc, @empty, 0xfffff364}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000100)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0xc2, 0x0, 0x0, 0x0, {[@mptcp=@syn={0x1e, 0xc, 0x0, 0x5}]}}}}}}}, 0x0)

386.580765ms ago: executing program 5 (id=1275):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000300)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14)
r2 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r2, &(0x7f0000000000)={0x11, 0x0, r1, 0x1, 0x10, 0x6, @remote}, 0x14)
syz_emit_ethernet(0x186, &(0x7f0000000880)=ANY=[], 0x0)

155.014566ms ago: executing program 0 (id=1276):
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x2008098, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00'], 0x1, 0x1d3, &(0x7f00000004c0)="$eJzs3L1qFFEUB/CbGE2MJKQStPGijTaDprZQJIK4oKgrfoAwIRNddt0NO1PsisXWVj6HiDZ2gvgCeQu7IIRUqRzRzYeJIY26G8zv18yZ+TNwDgOX4Q7MyuXXz+uLebKYFmF0YiSMXgm9sD4SZsJo2NQLF94/WHt19+Gjm1crlbnxjcsxxukznx6/fHv2c3Hi/ofpj+NheebJyursl+WTy6dWvt17VstjLY/NVhHTON9qFel8I4sLtbyexHi7kaV5FmvNPGvvyBcbraWlbkybC1OTS+0sz2Pa7MZ61o1FKxbtbkyfprVmTJIkTk0G/kT1zXpZhtWyLMvxXijLctgNMWCe/+G2uajfiXEihK+9TrVT7R/7+fUblbmL8aeZ7bvWOp3qka38Uj+PO/OjYXIjn90zPxbOn+vnP7Jrtyq78uNh4d+PDwAAAAAA/6Ukbvl9f39k43TPvF/98n1g1/79WDg9NqAhAAAAgH3l3Rf1tNHI2getGAsHog2FYiDFu3Ag2tguhr0yAQAAf9v2S/+wOwEAAAAAAAAAAAAAAAAAAIDDaxC/Exv2jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+/keAAD///dtbTI=")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x89, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xd6)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000340))
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
socket(0x2, 0x80805, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = gettid()
timer_create(0x8, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r3}, &(0x7f0000bbdffc))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
r4 = inotify_init()
r5 = inotify_add_watch(r4, &(0x7f0000000280)='.\x00', 0x25000001)
inotify_rm_watch(r4, r5)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, &(0x7f00000001c0)=0x59ca, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000040)={'vcan0\x00'})
r7 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
readv(r7, &(0x7f0000001140)=[{0x0}], 0x1)

145.783066ms ago: executing program 5 (id=1277):
syz_emit_ethernet(0x118, 0x0, 0x0)

89.485931ms ago: executing program 5 (id=1278):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x10, 0x4, &(0x7f0000000380)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
sendmsg$inet6(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)='y=', 0x2}], 0x1}, 0x2)

89.132361ms ago: executing program 5 (id=1279):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
close(0xffffffffffffffff)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000007000000140001800500020001010000080006001a"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8)

83.577902ms ago: executing program 1 (id=1280):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f00000003c0)=ANY=[@ANYRES8=<r4=>r2, @ANYRES32=r2, @ANYBLOB="850000005346000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8c, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r5}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000100)=<r6=>0x0)
quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000801, r6, &(0x7f0000000140)={0x8, 0xffffffffffffffff, 0x81, 0x0, 0x4, 0x4, 0xffffffffffffffff, 0x20007, 0x9})
r7 = socket(0x10, 0x803, 0x0)
connect$netlink(r7, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
getsockname$packet(r7, 0x0, &(0x7f0000000200))
bpf$MAP_CREATE(0x0, &(0x7f0000000ec0)=ANY=[@ANYBLOB="07000000270000000802cbb2133cb707111e00005823a297acd2a74959028af1d61ab467efc908c239fecaf1e77f253a13cce0774864d782965723153d5d8bf207f5887be89815c35e41ab6848e753a41732fce97e54c142d5", @ANYRES32, @ANYRESDEC, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000041000000000000000000000000fc5d997019ceed03d46829bbb53576009c6f10aa9a7e9cdce21019b28f85323877472e5d84ae91422c3734ef08f83674ad262cc1901a8dc40601e7f72f481692d65aa42ec37563760c33d555b7e314763512b431285b5888f01dd889d6d709a3b8c8c36e7e2d"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="000000000700000000b24752620b341aba120000", @ANYRESOCT=r3], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
quotactl_fd$Q_GETFMT(r8, 0xffffffff80000401, r6, &(0x7f0000000240))
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="07000000040000000800000001000000000000", @ANYRES32, @ANYBLOB="0000010000000000000000090000000000000000fd5d217948a910fe7220539d596d1753c32860d6119a3f21b0189a528cbf56815dd0c4d2492ded8282b1112ba3badcf53c0c010e442a5dbd185b558f7001bbd4edfb04b084709f42978e36e81a8d9a2d14022d511bc5d4daf9652ac13fef730dc16e359f42d51b6e0ef1635762bca215688f3b6f5bbb7fba80c4956d17e35728bd", @ANYRES32=<r10=>0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0x2000000000000034, &(0x7f00000002c0)=ANY=[@ANYRES16=r0, @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095", @ANYRES32=r10, @ANYRES32=r9], 0x0, 0xd, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r11}, 0x18)
r12 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x2000)
ioctl$SG_GET_VERSION_NUM(r12, 0x2284, &(0x7f0000000440))
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r12, 0x40047211, &(0x7f0000000300)=0x4)
r13 = gettid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x13, 0xffffffffffffffff, 0x28f45000)
process_vm_writev(r13, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r8}, 0x18)
r14 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r14, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x338, 0x150, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x268, 0xffffffff, 0xffffffff, 0x268, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@remote, @mcast2, [0xff, 0xff000000, 0x0, 0xffffff00], [0xff000000, 0xff, 0xff], 'veth1_vlan\x00', 'geneve1\x00', {}, {}, 0x29, 0x10, 0x0, 0x78}, 0x0, 0x110, 0x150, 0x60030000, {0x0, 0xff000000}, [@common=@unspec=@physdev={{0x68}, {'ipvlan0\x00', {0xff}, 'syz_tun\x00', {}, 0xc, 0x18}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x5, 0x5, {0xd457}}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x2f}, @empty, [0xff000000, 0xff000000, 0xffffff00, 0xffffffff], [0x0, 0xffffff00, 0xffffff00, 0xffffffff], 'gretap0\x00', 'netdevsim0\x00', {0xff}, {0xff}, 0x3c, 0x1, 0x5, 0x64}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@private=0xa01faff, 'pim6reg0\x00', {0x400000}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x398)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x10008, {0x0, 0x0, 0x0, 0x0, {0xa, 0x2}, {0x0, 0xffef}, {0xfff3, 0x19}}}, 0x24}, 0x1, 0x0, 0x0, 0x8014}, 0x4004000)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r1}, 0x4)

77.445693ms ago: executing program 3 (id=1281):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="020000000400000008"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0xa4c42, 0x108)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000180)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, &(0x7f0000000340)=[{&(0x7f0000000480)='y', 0x1}], 0x1}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000000206010700000000000000000000000014000300686173683a69702c706f72742c6970000900020073797a31000000000500010007000000050005000a0000000500040001000000c1590c9fe92c70409533a7acaf3d7072b144c5f5c963697b3ff9bea20eba159d251d57a146ac718289d253f3be698fed96dc6035adef29a07823dc76dea18307c0b1366c07f0145dcd4b556e3129ca"], 0x4c}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="740000000906010200000000ffff0000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002140)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x30bd27, 0x4000005, {0x0, 0x0, 0x42c, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x0, 0x101, 0x3, 0xc, 0x13}, {0x17, 0x0, 0x8001, 0x8, 0x2, 0x7}, 0xffffff80, 0x947, 0xe03}}, @TCA_TBF_RTAB={0x404, 0x2, [0x6, 0x6, 0x6b16, 0x7, 0xfffffffd, 0x8, 0x8, 0x3, 0x7, 0x7, 0x5, 0x8, 0x80, 0x9, 0x30, 0x4, 0x81, 0x9, 0x2, 0x8, 0x40, 0x8, 0x80000001, 0x80, 0x7, 0x7a2, 0x2, 0x400, 0x3, 0xfffffffa, 0x6, 0x5, 0xaf8, 0x1, 0x3, 0x3ff, 0xfff, 0x2, 0x23, 0x10001, 0x1, 0x5, 0x10001, 0x3, 0x59, 0x3, 0xd54e, 0x40, 0x6, 0xd, 0x0, 0x28, 0x9, 0xa4800000, 0x1, 0xa0, 0x1, 0x7, 0x4, 0x1, 0x7, 0x4, 0xff, 0x5, 0x7, 0x3ff, 0x3, 0xf6a5, 0x7, 0x8, 0x2, 0xcff, 0xfffffacf, 0x62d9b417, 0x4, 0x10001, 0xa, 0x1, 0x2, 0x8002, 0x5, 0x5, 0x5, 0xbffffffb, 0x5, 0x0, 0x81, 0x6, 0x2, 0xe, 0xe, 0x7, 0x4, 0x496c01fc, 0x4, 0x7fffffff, 0x9, 0x8, 0x12, 0x9, 0x80000001, 0x325b, 0x7, 0x0, 0x80000006, 0x2, 0x3, 0x5, 0x1, 0x18001, 0x5, 0x94, 0x2, 0x9, 0x7, 0x3, 0x5, 0x80, 0x1, 0xffffffff, 0x4, 0x0, 0x6e4b03e5, 0x3, 0x4, 0x5, 0xa993, 0x200, 0x6847adf1, 0xfffffffc, 0x9, 0x81, 0x7, 0x5, 0x5, 0x7fffffff, 0x8, 0xc, 0xd, 0x8, 0x1, 0x7fffffff, 0x8, 0x0, 0x8, 0x5, 0x2, 0x4, 0xe, 0x8001, 0x8, 0x40000, 0x0, 0x9, 0xd, 0x5, 0x8, 0x100, 0x8, 0x0, 0x1, 0x2, 0x9, 0x6, 0x3ff, 0x4, 0x1, 0xf682, 0x40, 0x3, 0x8, 0x3, 0x1fffe, 0xfffdfffe, 0x5, 0x1, 0xfffffff8, 0xa608, 0x23972b46, 0x407, 0x0, 0x40, 0xd, 0x4, 0xa, 0x5, 0x6, 0x10, 0x5, 0x5, 0x10, 0x41, 0x42, 0x76, 0x3, 0xfffffffa, 0x7, 0x2, 0x20004, 0x40, 0x9, 0x6, 0x2f3, 0xfffffffb, 0xcf30, 0x8, 0x4, 0xffffff8a, 0xfffffffe, 0x4, 0x80000000, 0x4, 0x0, 0x0, 0x2, 0x1, 0xfff, 0x4, 0x1, 0x9, 0x5, 0x9, 0x5, 0x8, 0x80000000, 0x0, 0x3, 0xeff, 0x6, 0x8001, 0x8, 0xc, 0x3, 0x1, 0x24, 0x0, 0x8, 0x6c67, 0x800, 0xffffff59, 0x9, 0x0, 0x303, 0x7, 0x1, 0x6, 0x6, 0x6561, 0x800007, 0x4, 0xc, 0x42, 0x3c04, 0x8, 0x5fa, 0x1]}]}}]}, 0x45c}}, 0x8000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x70, 0x0, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x4}, @MPTCP_PM_ATTR_ADDR={0x34, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010102}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xfe}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private=0xa010101}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x3}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000000}, 0x80)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0)

73.483083ms ago: executing program 0 (id=1282):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x2, 0x2, 0x4}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000300000018110000", @ANYRES32=r1], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='kfree\x00', r2}, 0x10)
open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0)

73.051463ms ago: executing program 5 (id=1283):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x10)
r1 = io_uring_setup(0x1fb8, &(0x7f0000000540)={0x0, 0x1ae0, 0x400, 0x0, 0xea})
io_uring_register$IORING_REGISTER_FILES(r1, 0x23, &(0x7f0000000000), 0x0)

5.146229ms ago: executing program 5 (id=1284):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x12, &(0x7f0000000940)=ANY=[@ANYRES32=0x1], &(0x7f0000000080)='GPL\x00', 0xfffffffb, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000140)={0x4, 0x1, 0x8009, 0x5}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd1, &(0x7f0000000000)=0xb, 0x4)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
syz_io_uring_setup(0x112, &(0x7f0000000280)={0x0, 0x408c, 0x100, 0x8, 0x40}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10020, 0x1, {0x2}})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="6400000002060500000000000000000000000000120003006269746d61703a69702c6d616300000005000400000000000900020073797a310000004018000780050003001f0000000c00018008000140ffffffff05000500020000000500010006"], 0x64}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000000906010200000000000a0000000000000900020073797a31000000000500010007000000180007800c00018008000140ffffffff080009"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

4.375999ms ago: executing program 0 (id=1285):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
getsockopt$llc_int(r0, 0x10c, 0x3, 0x0, &(0x7f0000000000))
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00'}, 0x10)
lsm_set_self_attr(0x69, 0x0, 0x0, 0x0)

0s ago: executing program 3 (id=1286):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
keyctl$reject(0x13, 0x0, 0x400, 0x8000000000000204, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r3, &(0x7f0000001040)={0xfc, {"a2e3ad09ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d670a8b089b3f363563030890e0879b0af8c6e70a9b334a959b669a9b2f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d073b5d0acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669114e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813491ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eb4581f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab9640071550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c513a9177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f411254c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486229e5b2e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df7227dfdb0d2b9e935c5af3cf474bed79dfc24ab0f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78c8fa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000026347ee800", 0x1000}}, 0x1006)

kernel console output (not intermixed with test programs):

fa0 R15: 00007ffe54607388
[   63.429990][ T4621]  </TASK>
[   63.677000][ T4629] xt_hashlimit: max too large, truncated to 1048576
[   63.710518][ T4628] hub 9-0:1.0: USB hub found
[   63.715934][ T4628] hub 9-0:1.0: 8 ports detected
[   63.724392][ T4633] netlink: 8 bytes leftover after parsing attributes in process `syz.1.348'.
[   63.733346][ T4633] netlink: 312 bytes leftover after parsing attributes in process `syz.1.348'.
[   63.818756][ T4636] siw: device registration error -23
[   63.930008][ T4641] SELinux: failed to load policy
[   64.019130][ T4650] loop4: detected capacity change from 0 to 512
[   64.070926][ T4650] EXT4-fs: Ignoring removed orlov option
[   64.097700][ T4656] program syz.1.357 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   64.107542][ T4650] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[   64.118056][ T4650] EXT4-fs error (device loop4): ext4_iget_extra_inode:5073: inode #15: comm syz.4.354: corrupted in-inode xattr: e_value size too large
[   64.151267][ T4650] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.354: couldn't read orphan inode 15 (err -117)
[   64.164851][ T4656] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   64.240086][ T3319] EXT4-fs error (device loop4): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39
[   64.272445][ T3319] EXT4-fs error (device loop4): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39
[   64.364578][ T4668] EXT4-fs: Ignoring removed nomblk_io_submit option
[   64.414113][ T4673] SELinux: failed to load policy
[   64.476626][ T1586] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.545431][ T1586] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.574336][ T4639] serio: Serial port ttyS3
[   64.652029][ T1586] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.711963][ T4692] set_capacity_and_notify: 1 callbacks suppressed
[   64.711982][ T4692] loop0: detected capacity change from 0 to 2048
[   64.730815][ T1586] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.741761][ T4692] EXT4-fs: Ignoring removed nobh option
[   64.764740][ T4680] serio: Serial port ttyS3
[   64.776249][ T4684] lo speed is unknown, defaulting to 1000
[   64.786763][ T4692] EXT4-fs error (device loop0): ext4_find_extent:939: inode #2: comm syz.0.368: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   64.855025][ T4692] EXT4-fs error (device loop0): ext4_find_extent:939: inode #2: comm syz.0.368: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   64.908785][ T1586] bridge_slave_1: left allmulticast mode
[   64.914606][ T1586] bridge_slave_1: left promiscuous mode
[   64.920272][ T1586] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.960212][ T1586] bridge_slave_0: left allmulticast mode
[   64.965937][ T1586] bridge_slave_0: left promiscuous mode
[   64.971918][ T1586] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.032283][ T4705] loop3: detected capacity change from 0 to 128
[   65.064791][ T1586] $H� (unregistering): (slave bond_slave_0): Releasing backup interface
[   65.074130][ T1586] bond_slave_0: left promiscuous mode
[   65.087067][ T1586] $H� (unregistering): (slave bond_slave_1): Releasing backup interface
[   65.096995][ T1586] bond_slave_1: left promiscuous mode
[   65.105558][ T1586] $H� (unregistering): Released all slaves
[   65.176431][ T1586] tipc: Left network mode
[   65.258606][ T1586] hsr_slave_0: left promiscuous mode
[   65.272168][ T1586] hsr_slave_1: left promiscuous mode
[   65.298582][ T1586] veth1_macvtap: left promiscuous mode
[   65.308389][ T1586] veth0_macvtap: left promiscuous mode
[   65.335171][ T1586] veth1_vlan: left promiscuous mode
[   65.340473][ T1586] veth0_vlan: left promiscuous mode
[   65.480517][ T4727] SELinux: failed to load policy
[   65.527792][ T4733] loop0: detected capacity change from 0 to 128
[   65.563684][ T1586] team0 (unregistering): Port device team_slave_1 removed
[   65.565974][ T4735] loop1: detected capacity change from 0 to 1024
[   65.577829][ T4735] EXT4-fs: Ignoring removed nomblk_io_submit option
[   65.589213][ T1586] team0 (unregistering): Port device team_slave_0 removed
[   65.678052][ T4684] chnl_net:caif_netlink_parms(): no params data found
[   65.718663][ T4749] loop3: detected capacity change from 0 to 1024
[   65.727149][ T4749] EXT4-fs: Ignoring removed nomblk_io_submit option
[   65.743023][ T4684] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.750199][ T4684] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.777839][ T4684] bridge_slave_0: entered allmulticast mode
[   65.791631][ T4684] bridge_slave_0: entered promiscuous mode
[   65.803695][ T4684] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.810855][ T4684] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.833638][ T4684] bridge_slave_1: entered allmulticast mode
[   65.850474][ T4684] bridge_slave_1: entered promiscuous mode
[   65.915510][ T4684] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.938068][ T4684] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.973322][ T4756] serio: Serial port ttyS3
[   65.979326][ T4684] team0: Port device team_slave_0 added
[   65.986193][ T4684] team0: Port device team_slave_1 added
[   66.023204][ T4770] SELinux: failed to load policy
[   66.031511][ T4684] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.038557][ T4684] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   66.064692][ T4684] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.115772][ T4684] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.122810][ T4684] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   66.149104][ T4684] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.186983][ T4684] hsr_slave_0: entered promiscuous mode
[   66.193136][ T4684] hsr_slave_1: entered promiscuous mode
[   66.199159][ T4684] debugfs: 'hsr0' already exists in 'hsr'
[   66.204949][ T4684] Cannot create hsr debugfs directory
[   66.306954][ T4746] serio: Serial port ttyS3
[   66.330134][ T4684] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   66.356302][ T4684] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   66.376748][ T4684] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   66.514128][ T4684] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   66.557936][ T4684] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.565067][ T4684] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.603738][ T4684] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.614682][   T29] kauditd_printk_skb: 239 callbacks suppressed
[   66.614700][   T29] audit: type=1400 audit(1767453282.445:1586): avc:  denied  { write } for  pid=4796 comm="syz.1.394" name="urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[   66.656114][ T2388] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.679419][ T4802] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   66.747135][ T4684] 8021q: adding VLAN 0 to HW filter on device team0
[   66.758700][ T2388] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.765902][ T2388] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.776858][ T4811] xt_hashlimit: max too large, truncated to 1048576
[   66.777684][ T4805] SELinux: failed to load policy
[   66.792775][ T2388] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.799964][ T2388] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.822608][ T4808] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   66.830108][ T4808] batman_adv: batadv0: Removing interface: batadv_slave_0
[   66.848105][ T4814] loop0: detected capacity change from 0 to 1024
[   66.850363][ T4815] hub 9-0:1.0: USB hub found
[   66.855060][ T4814] EXT4-fs: Ignoring removed nomblk_io_submit option
[   66.866525][ T4808] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   66.872357][ T4815] hub 9-0:1.0: 8 ports detected
[   66.874116][ T4808] batman_adv: batadv0: Removing interface: batadv_slave_1
[   66.888017][   T29] audit: type=1326 audit(1767453282.725:1587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2ba5f749 code=0x7ffc0000
[   66.942870][ T4819] hub 9-0:1.0: USB hub found
[   66.953688][ T4819] hub 9-0:1.0: 8 ports detected
[   66.966233][   T29] audit: type=1326 audit(1767453282.745:1588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1b2ba5f749 code=0x7ffc0000
[   66.989700][   T29] audit: type=1326 audit(1767453282.745:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2ba5f749 code=0x7ffc0000
[   67.013399][   T29] audit: type=1326 audit(1767453282.745:1590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2ba5f749 code=0x7ffc0000
[   67.028727][ T4684] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   67.036952][   T29] audit: type=1326 audit(1767453282.745:1591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1b2ba5f749 code=0x7ffc0000
[   67.047316][ T4684] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   67.081176][   T29] audit: type=1326 audit(1767453282.745:1592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2ba5f749 code=0x7ffc0000
[   67.104695][   T29] audit: type=1326 audit(1767453282.745:1593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2ba5f749 code=0x7ffc0000
[   67.128454][   T29] audit: type=1326 audit(1767453282.745:1594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1b2ba5f749 code=0x7ffc0000
[   67.152714][   T29] audit: type=1326 audit(1767453282.745:1595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2ba5f749 code=0x7ffc0000
[   67.228968][ T4684] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.391121][ T4836] lo speed is unknown, defaulting to 1000
[   67.516747][ T4863] loop2: detected capacity change from 0 to 1024
[   67.522281][ T4861] SELinux: failed to load policy
[   67.525673][ T4863] EXT4-fs: Ignoring removed nomblk_io_submit option
[   67.556227][ T4863] EXT4-fs mount: 28 callbacks suppressed
[   67.556243][ T4863] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.561099][ T4684] veth0_vlan: entered promiscuous mode
[   67.600410][ T4867] loop3: detected capacity change from 0 to 1024
[   67.604051][ T4684] veth1_vlan: entered promiscuous mode
[   67.622098][ T4867] EXT4-fs: Ignoring removed nomblk_io_submit option
[   67.623171][ T4684] veth0_macvtap: entered promiscuous mode
[   67.638600][ T4684] veth1_macvtap: entered promiscuous mode
[   67.647588][ T4824] serio: Serial port ttyS3
[   67.659023][ T4684] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.670945][ T4867] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.678485][ T4684] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.702853][ T2163] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.718507][ T2163] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.768626][ T2163] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.799175][ T2163] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.845356][ T4869] serio: Serial port ttyS3
[   68.110091][ T4814] syz.0.403 (4814) used greatest stack depth: 6008 bytes left
[   68.257295][ T4873] serio: Serial port ttyS3
[   68.325798][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.453522][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.635002][ T4907] lo speed is unknown, defaulting to 1000
[   68.733459][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.053195][ T4918] lo speed is unknown, defaulting to 1000
[   69.332915][ T4927] __nla_validate_parse: 9 callbacks suppressed
[   69.332931][ T4927] netlink: 4 bytes leftover after parsing attributes in process `syz.2.433'.
[   69.461302][ T4935] loop2: detected capacity change from 0 to 1024
[   69.478831][ T4935] EXT4-fs: Ignoring removed nomblk_io_submit option
[   69.496935][ T4940] hub 9-0:1.0: USB hub found
[   69.502165][ T4940] hub 9-0:1.0: 8 ports detected
[   69.509751][ T4935] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.684265][ T4958] FAULT_INJECTION: forcing a failure.
[   69.684265][ T4958] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   69.697499][ T4958] CPU: 1 UID: 0 PID: 4958 Comm: syz.0.444 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   69.697600][ T4958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   69.697621][ T4958] Call Trace:
[   69.697630][ T4958]  <TASK>
[   69.697638][ T4958]  __dump_stack+0x1d/0x30
[   69.697707][ T4958]  dump_stack_lvl+0x95/0xd0
[   69.697727][ T4958]  dump_stack+0x15/0x1b
[   69.697746][ T4958]  should_fail_ex+0x265/0x280
[   69.697817][ T4958]  should_fail+0xb/0x20
[   69.697860][ T4958]  should_fail_usercopy+0x1a/0x20
[   69.697882][ T4958]  _copy_to_user+0x20/0xa0
[   69.697908][ T4958]  copy_siginfo_to_user+0x22/0xb0
[   69.698017][ T4958]  x64_setup_rt_frame+0x2b5/0x580
[   69.698049][ T4958]  arch_do_signal_or_restart+0x24c/0x450
[   69.698077][ T4958]  exit_to_user_mode_loop+0x6a/0x740
[   69.698099][ T4958]  do_syscall_64+0x1e1/0x2b0
[   69.698170][ T4958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.698194][ T4958] RIP: 0033:0x7f9f394af747
[   69.698210][ T4958] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[   69.698234][ T4958] RSP: 002b:00007f9f37f0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[   69.698254][ T4958] RAX: 0000000000000013 RBX: 00007f9f39705fa0 RCX: 00007f9f394af749
[   69.698347][ T4958] RDX: 0000000000000001 RSI: 00002000000004c0 RDI: 0000000000000003
[   69.698362][ T4958] RBP: 00007f9f37f0f090 R08: 0000000000000000 R09: 0000000000000000
[   69.698375][ T4958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   69.698389][ T4958] R13: 00007f9f39706038 R14: 00007f9f39705fa0 R15: 00007ffff13ee718
[   69.698461][ T4958]  </TASK>
[   69.943419][ T4969] loop3: detected capacity change from 0 to 128
[   69.974157][ T4972] loop0: detected capacity change from 0 to 512
[   70.009425][ T4972] EXT4-fs: Ignoring removed orlov option
[   70.028183][ T4961] lo speed is unknown, defaulting to 1000
[   70.042023][ T4972] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   70.075006][ T4972] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #15: comm syz.0.450: corrupted in-inode xattr: e_value size too large
[   70.122064][ T4972] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.450: couldn't read orphan inode 15 (err -117)
[   70.134707][ T4972] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   70.249831][ T4978] lo speed is unknown, defaulting to 1000
[   70.304710][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.348736][ T4978] Zero length message leads to an empty skb
[   70.412124][ T4953] serio: Serial port ttyS3
[   70.603490][ T4988] SELinux: failed to load policy
[   70.610171][ T4992] hub 9-0:1.0: USB hub found
[   70.615775][ T4992] hub 9-0:1.0: 8 ports detected
[   70.793700][ T5003] SELinux: failed to load policy
[   70.897227][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.026187][ T5018] lo speed is unknown, defaulting to 1000
[   71.034028][ T5026] loop3: detected capacity change from 0 to 1024
[   71.040864][ T5026] EXT4-fs: Ignoring removed nomblk_io_submit option
[   71.101448][ T5026] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.441595][ T5045] SELinux: failed to load policy
[   71.607408][ T5041] serio: Serial port ttyS3
[   71.672037][   T29] kauditd_printk_skb: 165 callbacks suppressed
[   71.672055][   T29] audit: type=1326 audit(1767453287.495:1761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5048 comm="syz.0.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f9f394af749 code=0x7ffc0000
[   71.712009][   T29] audit: type=1400 audit(1767453287.505:1762): avc:  denied  { unmount } for  pid=3322 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   71.732059][   T29] audit: type=1326 audit(1767453287.535:1763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5046 comm="syz.0.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9f3944b829 code=0x7ffc0000
[   71.755896][   T29] audit: type=1326 audit(1767453287.535:1764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5046 comm="syz.0.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f394af749 code=0x7ffc0000
[   71.779493][   T29] audit: type=1326 audit(1767453287.535:1765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5046 comm="syz.0.476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f394af749 code=0x7ffc0000
[   71.783945][ T5056] loop0: detected capacity change from 0 to 512
[   71.844116][ T5056] EXT4-fs: Ignoring removed orlov option
[   71.850142][ T5056] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   71.881847][ T5056] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #15: comm syz.0.479: corrupted in-inode xattr: e_value size too large
[   71.900244][ T5058] sch_fq: defrate 0 ignored.
[   71.916297][ T5056] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.479: couldn't read orphan inode 15 (err -117)
[   71.932616][ T5065] hub 9-0:1.0: USB hub found
[   71.937562][ T5065] hub 9-0:1.0: 8 ports detected
[   71.945810][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.962242][ T5056] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.009976][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.014792][ T5071] hub 9-0:1.0: USB hub found
[   72.024016][ T5071] hub 9-0:1.0: 8 ports detected
[   72.074787][ T3591] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.147617][ T5084] loop0: detected capacity change from 0 to 1024
[   72.157023][ T3591] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.173003][ T5086] netlink: 4 bytes leftover after parsing attributes in process `syz.5.495'.
[   72.185536][ T5084] EXT4-fs: Ignoring removed nomblk_io_submit option
[   72.202077][ T5086] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   72.207730][ T5092] FAULT_INJECTION: forcing a failure.
[   72.207730][ T5092] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   72.209583][ T5086] batman_adv: batadv0: Removing interface: batadv_slave_0
[   72.222641][ T5092] CPU: 1 UID: 0 PID: 5092 Comm: syz.3.497 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   72.222677][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   72.222689][ T5092] Call Trace:
[   72.222697][ T5092]  <TASK>
[   72.222706][ T5092]  __dump_stack+0x1d/0x30
[   72.222732][ T5092]  dump_stack_lvl+0x95/0xd0
[   72.222754][ T5092]  dump_stack+0x15/0x1b
[   72.222773][ T5092]  should_fail_ex+0x265/0x280
[   72.222816][ T5092]  should_fail+0xb/0x20
[   72.222836][ T5092]  should_fail_usercopy+0x1a/0x20
[   72.222860][ T5092]  _copy_from_user+0x1c/0xb0
[   72.222888][ T5092]  __sys_bpf+0x183/0x7c0
[   72.222963][ T5092]  __x64_sys_bpf+0x41/0x50
[   72.222993][ T5092]  x64_sys_call+0x28e1/0x3000
[   72.223016][ T5092]  do_syscall_64+0xca/0x2b0
[   72.223094][ T5092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.223116][ T5092] RIP: 0033:0x7fbf468bf749
[   72.223132][ T5092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.223150][ T5092] RSP: 002b:00007fbf4531f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   72.223200][ T5092] RAX: ffffffffffffffda RBX: 00007fbf46b15fa0 RCX: 00007fbf468bf749
[   72.223213][ T5092] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a
[   72.223226][ T5092] RBP: 00007fbf4531f090 R08: 0000000000000000 R09: 0000000000000000
[   72.223239][ T5092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.223251][ T5092] R13: 00007fbf46b16038 R14: 00007fbf46b15fa0 R15: 00007fff5734ba48
[   72.223278][ T5092]  </TASK>
[   72.282962][ T5089] SELinux: failed to load policy
[   72.296890][ T5084] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.413755][ T5086] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   72.421264][ T5086] batman_adv: batadv0: Removing interface: batadv_slave_1
[   72.474622][ T3591] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.494749][ T5104] lo speed is unknown, defaulting to 1000
[   72.564762][ T3591] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.607559][ T5090] lo speed is unknown, defaulting to 1000
[   72.675487][ T3591] bridge_slave_1: left allmulticast mode
[   72.681182][ T3591] bridge_slave_1: left promiscuous mode
[   72.687105][ T3591] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.710541][ T3591] bridge_slave_0: left allmulticast mode
[   72.716375][ T3591] bridge_slave_0: left promiscuous mode
[   72.722113][ T3591] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.729860][ T5120] FAULT_INJECTION: forcing a failure.
[   72.729860][ T5120] name failslab, interval 1, probability 0, space 0, times 0
[   72.742726][ T5120] CPU: 0 UID: 0 PID: 5120 Comm: syz.5.504 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   72.742756][ T5120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   72.742767][ T5120] Call Trace:
[   72.742773][ T5120]  <TASK>
[   72.742780][ T5120]  __dump_stack+0x1d/0x30
[   72.742805][ T5120]  dump_stack_lvl+0x95/0xd0
[   72.742829][ T5120]  dump_stack+0x15/0x1b
[   72.742852][ T5120]  should_fail_ex+0x265/0x280
[   72.742878][ T5120]  should_failslab+0x8c/0xb0
[   72.742904][ T5120]  kmem_cache_alloc_noprof+0x69/0x4b0
[   72.742926][ T5120]  ? mas_alloc_nodes+0x1a2/0x210
[   72.742957][ T5120]  mas_alloc_nodes+0x1a2/0x210
[   72.742991][ T5120]  mas_preallocate+0x2ca/0x510
[   72.743030][ T5120]  __split_vma+0x240/0x660
[   72.743054][ T5120]  ? obj_cgroup_charge_account+0x122/0x1a0
[   72.743087][ T5120]  vms_gather_munmap_vmas+0x17a/0x7b0
[   72.743116][ T5120]  ? avc_has_perm_noaudit+0xab/0x130
[   72.743139][ T5120]  ? avc_has_perm+0xf7/0x180
[   72.743161][ T5120]  do_vmi_align_munmap+0x1ac/0x3d0
[   72.743198][ T5120]  do_vmi_munmap+0x1db/0x220
[   72.743227][ T5120]  do_munmap+0x79/0xb0
[   72.743257][ T5120]  mremap_to+0x192/0x430
[   72.743277][ T5120]  ? mtree_load+0x33f/0x4f0
[   72.743309][ T5120]  ? check_prep_vma+0x49c/0x660
[   72.743333][ T5120]  __se_sys_mremap+0x632/0xb30
[   72.743362][ T5120]  ? mutex_unlock+0x4f/0x90
[   72.743389][ T5120]  ? fput+0x8f/0xc0
[   72.743424][ T5120]  ? ksys_write+0x192/0x1a0
[   72.743447][ T5120]  __x64_sys_mremap+0x67/0x80
[   72.743471][ T5120]  x64_sys_call+0x2944/0x3000
[   72.743496][ T5120]  do_syscall_64+0xca/0x2b0
[   72.743527][ T5120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.743551][ T5120] RIP: 0033:0x7f29c300f749
[   72.743569][ T5120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.743589][ T5120] RSP: 002b:00007f29c1a77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[   72.743613][ T5120] RAX: ffffffffffffffda RBX: 00007f29c3265fa0 RCX: 00007f29c300f749
[   72.743627][ T5120] RDX: 0000000000200000 RSI: 0000000000600600 RDI: 0000200000000000
[   72.743641][ T5120] RBP: 00007f29c1a77090 R08: 0000200000a00000 R09: 0000000000000000
[   72.743655][ T5120] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001
[   72.743668][ T5120] R13: 00007f29c3266038 R14: 00007f29c3265fa0 R15: 00007fff5d1bade8
[   72.743687][ T5120]  </TASK>
[   73.009176][ T5110] serio: Serial port ttyS3
[   73.009654][   T29] audit: type=1400 audit(1767453288.835:1766): avc:  denied  { execute } for  pid=5122 comm="syz.5.505" path="/20/file0" dev="tmpfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   73.137027][   T29] audit: type=1400 audit(1767453288.955:1767): avc:  denied  { create } for  pid=5122 comm="syz.5.505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   73.157209][   T29] audit: type=1400 audit(1767453288.965:1768): avc:  denied  { ioctl } for  pid=5122 comm="syz.5.505" path="socket:[11586]" dev="sockfs" ino=11586 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   73.186614][ T3591] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   73.196971][ T3591] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   73.209963][ T3591] bond0 (unregistering): Released all slaves
[   73.217351][ T5123] netlink: 4 bytes leftover after parsing attributes in process `syz.5.505'.
[   73.311119][ T5090] chnl_net:caif_netlink_parms(): no params data found
[   73.324444][ T3591] veth1_macvtap: left promiscuous mode
[   73.330042][ T3591] veth0_macvtap: left promiscuous mode
[   73.389843][ T3591] team0 (unregistering): Port device team_slave_1 removed
[   73.399648][ T3591] team0 (unregistering): Port device team_slave_0 removed
[   73.409250][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.460372][ T5141] hub 9-0:1.0: USB hub found
[   73.471769][ T5141] hub 9-0:1.0: 8 ports detected
[   73.485166][ T5138] SELinux: failed to load policy
[   73.533823][ T5090] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.541190][ T5090] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.548955][ T5090] bridge_slave_0: entered allmulticast mode
[   73.555520][ T5090] bridge_slave_0: entered promiscuous mode
[   73.562421][ T5090] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.564894][   T29] audit: type=1400 audit(1767453289.375:1769): avc:  denied  { write } for  pid=5147 comm="syz.3.514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   73.569690][ T5090] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.589766][   T29] audit: type=1400 audit(1767453289.375:1770): avc:  denied  { nlmsg_write } for  pid=5147 comm="syz.3.514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   73.596921][ T5090] bridge_slave_1: entered allmulticast mode
[   73.624416][ T5090] bridge_slave_1: entered promiscuous mode
[   73.630951][ T5155] netlink: 4 bytes leftover after parsing attributes in process `syz.1.515'.
[   73.657417][ T5090] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.697996][ T5090] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.715417][ T5164] loop1: detected capacity change from 0 to 512
[   73.723685][ T5164] EXT4-fs: Ignoring removed orlov option
[   73.729738][ T5164] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   73.781501][ T5164] EXT4-fs error (device loop1): ext4_iget_extra_inode:5073: inode #15: comm syz.1.519: corrupted in-inode xattr: e_value size too large
[   73.885769][ T5090] team0: Port device team_slave_0 added
[   73.915905][ T5172] loop5: detected capacity change from 0 to 1024
[   73.938283][ T5090] team0: Port device team_slave_1 added
[   73.946404][ T5173] lo speed is unknown, defaulting to 1000
[   73.946872][ T5172] EXT4-fs: Ignoring removed nomblk_io_submit option
[   73.967348][ T5164] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.519: couldn't read orphan inode 15 (err -117)
[   74.038931][ T5172] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.039253][ T5164] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.119591][ T5090] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.126915][ T5090] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   74.153053][ T5090] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.214876][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.224335][ T5183] sch_fq: defrate 0 ignored.
[   74.230074][ T5090] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.237422][ T5090] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   74.263738][ T5090] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.311295][ T5090] hsr_slave_0: entered promiscuous mode
[   74.322364][ T5090] hsr_slave_1: entered promiscuous mode
[   74.331277][ T5090] debugfs: 'hsr0' already exists in 'hsr'
[   74.337192][ T5090] Cannot create hsr debugfs directory
[   74.461655][ T5192] lo speed is unknown, defaulting to 1000
[   74.498784][ T5207] netlink: 4 bytes leftover after parsing attributes in process `syz.0.531'.
[   74.510931][ T5207] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   74.518466][ T5207] batman_adv: batadv0: Removing interface: batadv_slave_0
[   74.528608][ T5184] serio: Serial port ttyS3
[   74.550488][ T5205] siw: device registration error -23
[   74.557141][ T5207] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   74.564764][ T5207] batman_adv: batadv0: Removing interface: batadv_slave_1
[   74.587615][ T5090] netdevsim netdevsim6 netdevsim0: renamed from eth0
[   74.604805][ T5090] netdevsim netdevsim6 netdevsim1: renamed from eth1
[   74.616488][ T5090] netdevsim netdevsim6 netdevsim2: renamed from eth2
[   74.627613][ T5090] netdevsim netdevsim6 netdevsim3: renamed from eth3
[   74.684890][ T5090] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.712050][ T5090] 8021q: adding VLAN 0 to HW filter on device team0
[   74.743178][ T3591] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.750278][ T3591] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.768874][ T5218] SELinux: failed to load policy
[   74.777459][ T2240] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.784798][ T2240] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.815093][ T5090] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   74.911373][ T4684] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.944629][ T5090] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.173674][ T5247] loop5: detected capacity change from 0 to 1024
[   75.177057][ T5090] veth0_vlan: entered promiscuous mode
[   75.187154][ T5247] EXT4-fs: Ignoring removed nomblk_io_submit option
[   75.189495][ T5249] netlink: 'syz.3.537': attribute type 21 has an invalid length.
[   75.206970][ T5090] veth1_vlan: entered promiscuous mode
[   75.209526][ T5249] netlink: 4 bytes leftover after parsing attributes in process `syz.3.537'.
[   75.232871][ T5247] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.256540][ T5090] veth0_macvtap: entered promiscuous mode
[   75.319770][ T5090] veth1_macvtap: entered promiscuous mode
[   75.332747][ T5090] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.354083][ T5255] netlink: 36 bytes leftover after parsing attributes in process `syz.3.539'.
[   75.463667][ T5090] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.504045][ T1586] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.524235][ T1586] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.562318][ T1586] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.572302][ T1586] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.714268][ T5278] netlink: 16 bytes leftover after parsing attributes in process `syz.0.543'.
[   75.744090][ T5278] loop0: detected capacity change from 0 to 128
[   75.751980][ T5278] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   75.769418][ T5278] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   75.785661][ T5278] IPv6: NLM_F_CREATE should be specified when creating new route
[   75.833604][ T5253] serio: Serial port ttyS3
[   76.129619][ T5294] hub 9-0:1.0: USB hub found
[   76.135347][ T5294] hub 9-0:1.0: 8 ports detected
[   76.236918][ T4684] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.280422][ T5298] SELinux: failed to load policy
[   76.388134][ T5302] qrtr: Invalid version 0
[   76.450088][ T5305] loop1: detected capacity change from 0 to 512
[   76.457192][ T5305] EXT4-fs: Ignoring removed orlov option
[   76.501795][ T5305] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   76.511149][ T5305] EXT4-fs error (device loop1): ext4_iget_extra_inode:5073: inode #15: comm syz.1.552: corrupted in-inode xattr: e_value size too large
[   76.525851][ T5305] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.552: couldn't read orphan inode 15 (err -117)
[   76.538771][ T5305] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.630736][  T353] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   76.647460][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.691224][ T5313] SELinux: failed to load policy
[   76.819905][ T5321] SELinux: failed to load policy
[   76.842133][ T5318] lo speed is unknown, defaulting to 1000
[   76.859075][ T5327] loop1: detected capacity change from 0 to 1024
[   76.866705][ T5327] EXT4-fs: Ignoring removed nomblk_io_submit option
[   76.896360][ T5327] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.927099][ T5335] $H�: renamed from bond0 (while UP)
[   76.943847][ T5335] $H�: entered promiscuous mode
[   76.949054][ T5335] bond_slave_0: entered promiscuous mode
[   76.954996][ T5335] bond_slave_1: entered promiscuous mode
[   77.010528][   T29] kauditd_printk_skb: 19 callbacks suppressed
[   77.010549][   T29] audit: type=1400 audit(1767453292.825:1790): avc:  denied  { connect } for  pid=5334 comm="syz.5.563" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   77.072943][   T29] audit: type=1400 audit(1767453292.905:1791): avc:  denied  { read } for  pid=5334 comm="syz.5.563" path="socket:[11260]" dev="sockfs" ino=11260 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   77.099625][ T5340] netlink: 16 bytes leftover after parsing attributes in process `syz.6.564'.
[   77.129297][ T5340] loop6: detected capacity change from 0 to 128
[   77.129748][ T5340] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   77.130032][ T5340] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   77.145273][ T5340] IPv6: NLM_F_CREATE should be specified when creating new route
[   77.145969][   T29] audit: type=1326 audit(1767453292.975:1792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5337 comm="syz.6.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[   77.146152][   T29] audit: type=1326 audit(1767453292.975:1793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5337 comm="syz.6.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[   77.146246][   T29] audit: type=1326 audit(1767453292.975:1794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5337 comm="syz.6.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbebcebf783 code=0x7ffc0000
[   77.149091][   T29] audit: type=1326 audit(1767453292.975:1795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5337 comm="syz.6.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fbebcebe1ff code=0x7ffc0000
[   77.150762][   T29] audit: type=1326 audit(1767453292.975:1796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5337 comm="syz.6.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fbebcebf7d7 code=0x7ffc0000
[   77.151111][   T29] audit: type=1326 audit(1767453292.975:1797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5337 comm="syz.6.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbebcebdf90 code=0x7ffc0000
[   77.151142][   T29] audit: type=1326 audit(1767453292.975:1798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5337 comm="syz.6.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fbebcebe3aa code=0x7ffc0000
[   77.152600][   T29] audit: type=1326 audit(1767453292.985:1799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5337 comm="syz.6.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[   77.532127][ T3591] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   77.592800][ T5347] loop0: detected capacity change from 0 to 512
[   77.593123][ T5347] EXT4-fs: Ignoring removed orlov option
[   77.593458][ T5347] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   77.595997][ T5347] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #15: comm syz.0.566: corrupted in-inode xattr: e_value size too large
[   77.596137][ T5347] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.566: couldn't read orphan inode 15 (err -117)
[   77.597159][ T5347] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.747128][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.891352][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.026169][ T5364] netlink: 'syz.0.567': attribute type 4 has an invalid length.
[   78.072655][ T5364] netlink: 'syz.0.567': attribute type 4 has an invalid length.
[   78.113733][ T5364] syz1: rxe_newlink: already configured on veth0_to_bond
[   78.162915][ T5377] qrtr: Invalid version 0
[   78.285953][ T5384] loop5: detected capacity change from 0 to 1024
[   78.318025][ T5388] netlink: 16 bytes leftover after parsing attributes in process `syz.3.581'.
[   78.331405][ T5384] EXT4-fs: Ignoring removed nomblk_io_submit option
[   78.363643][ T5388] loop3: detected capacity change from 0 to 128
[   78.370642][ T5388] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   78.384085][ T5384] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.397252][ T5388] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   78.411359][ T5388] IPv6: NLM_F_CREATE should be specified when creating new route
[   78.507458][ T5393] lo speed is unknown, defaulting to 1000
[   78.632689][ T5401] netlink: 4 bytes leftover after parsing attributes in process `syz.6.585'.
[   78.647362][ T5401] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   78.654958][ T5401] batman_adv: batadv0: Removing interface: batadv_slave_0
[   78.682481][ T5401] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   78.690051][ T5401] batman_adv: batadv0: Removing interface: batadv_slave_1
[   78.862336][ T5406] loop6: detected capacity change from 0 to 512
[   78.869038][ T5406] EXT4-fs: Ignoring removed orlov option
[   78.883450][ T5406] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[   78.954664][ T5406] EXT4-fs error (device loop6): ext4_iget_extra_inode:5073: inode #15: comm syz.6.586: corrupted in-inode xattr: e_value size too large
[   79.022027][ T5406] EXT4-fs error (device loop6): ext4_orphan_get:1396: comm syz.6.586: couldn't read orphan inode 15 (err -117)
[   79.052807][ T5406] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   79.056556][ T5397] serio: Serial port ttyS3
[   79.099926][ T5090] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.355921][   T12] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   79.403899][ T5427] netlink: 16 bytes leftover after parsing attributes in process `syz.0.603'.
[   79.425287][ T4684] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.435867][ T5430] lo speed is unknown, defaulting to 1000
[   79.491994][ T5427] loop0: detected capacity change from 0 to 128
[   79.525122][ T5427] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   79.545255][ T5441] EXT4-fs: Ignoring removed orlov option
[   79.571769][ T5441] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[   79.583986][ T5427] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   79.595871][ T5441] EXT4-fs error (device loop5): ext4_iget_extra_inode:5073: inode #15: comm syz.5.597: corrupted in-inode xattr: e_value size too large
[   79.611045][ T5441] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.597: couldn't read orphan inode 15 (err -117)
[   79.633621][ T5441] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   79.712831][ T4684] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.837654][ T5457] $H�: renamed from bond0 (while UP)
[   79.881594][ T5457] $H�: entered promiscuous mode
[   79.886918][ T5457] bond_slave_0: entered promiscuous mode
[   79.892880][ T5457] bond_slave_1: entered promiscuous mode
[   79.913704][ T5462] netlink: 4 bytes leftover after parsing attributes in process `syz.3.605'.
[   79.967929][ T5461] lo speed is unknown, defaulting to 1000
[   80.059091][ T5455] siw: device registration error -23
[   80.139129][ T2240] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   80.207330][ T5489] set_capacity_and_notify: 1 callbacks suppressed
[   80.207351][ T5489] loop6: detected capacity change from 0 to 1024
[   80.222447][ T5491] $H�: renamed from bond0 (while UP)
[   80.225493][ T5489] EXT4-fs: Ignoring removed nomblk_io_submit option
[   80.237081][ T5491] $H�: entered promiscuous mode
[   80.242186][ T5491] bond_slave_0: entered promiscuous mode
[   80.248016][ T5491] bond_slave_1: entered promiscuous mode
[   80.271973][ T5489] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   80.446984][ T5503] SELinux: failed to load policy
[   80.479929][ T5505] netlink: 16 bytes leftover after parsing attributes in process `syz.0.620'.
[   80.500773][ T5505] loop0: detected capacity change from 0 to 128
[   80.507797][ T5505] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   80.539699][ T5505] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   80.962944][ T5528] loop5: detected capacity change from 0 to 2048
[   80.980931][ T5528] EXT4-fs: Ignoring removed mblk_io_submit option
[   81.025780][ T5528] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   81.111466][ T5489] syz.6.612 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[   81.114810][ T5528] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.630: bg 0: block 234: padding at end of block bitmap is not set
[   81.125607][ T5489] CPU: 1 UID: 0 PID: 5489 Comm: syz.6.612 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   81.125643][ T5489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   81.125657][ T5489] Call Trace:
[   81.125665][ T5489]  <TASK>
[   81.125674][ T5489]  __dump_stack+0x1d/0x30
[   81.125698][ T5489]  dump_stack_lvl+0x95/0xd0
[   81.125718][ T5489]  dump_stack+0x15/0x1b
[   81.125737][ T5489]  dump_header+0x81/0x240
[   81.125782][ T5489]  oom_kill_process+0x295/0x350
[   81.125807][ T5489]  out_of_memory+0x97b/0xb80
[   81.125831][ T5489]  try_charge_memcg+0x610/0xa10
[   81.125901][ T5489]  obj_cgroup_charge_pages+0xa6/0x150
[   81.125934][ T5489]  __memcg_kmem_charge_page+0x9f/0x170
[   81.125964][ T5489]  __alloc_frozen_pages_noprof+0x18f/0x360
[   81.126068][ T5489]  alloc_pages_mpol+0xb3/0x260
[   81.126098][ T5489]  alloc_pages_noprof+0x90/0x130
[   81.126207][ T5489]  __vmalloc_node_range_noprof+0xa7b/0x1310
[   81.126280][ T5489]  __kvmalloc_node_noprof+0x492/0x6b0
[   81.126306][ T5489]  ? ip_set_alloc+0x24/0x30
[   81.126335][ T5489]  ? ip_set_alloc+0x24/0x30
[   81.126365][ T5489]  ip_set_alloc+0x24/0x30
[   81.126476][ T5489]  hash_netiface_create+0x282/0x740
[   81.126526][ T5489]  ? __pfx_hash_netiface_create+0x10/0x10
[   81.126557][ T5489]  ip_set_create+0x3cc/0x970
[   81.126649][ T5489]  ? __nla_parse+0x40/0x60
[   81.126675][ T5489]  nfnetlink_rcv_msg+0x4c6/0x590
[   81.126717][ T5489]  netlink_rcv_skb+0x123/0x220
[   81.126791][ T5489]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   81.126869][ T5489]  nfnetlink_rcv+0x167/0x16c0
[   81.126932][ T5489]  ? kmem_cache_free+0xe3/0x3a0
[   81.126957][ T5489]  ? __kfree_skb+0x109/0x150
[   81.126993][ T5489]  ? nlmon_xmit+0x4f/0x60
[   81.127013][ T5489]  ? consume_skb+0x49/0x150
[   81.127073][ T5489]  ? nlmon_xmit+0x4f/0x60
[   81.127092][ T5489]  ? dev_hard_start_xmit+0x3b0/0x3e0
[   81.127123][ T5489]  ? __dev_queue_xmit+0x13a6/0x1ee0
[   81.127204][ T5489]  ? __dev_queue_xmit+0x148/0x1ee0
[   81.127233][ T5489]  ? ref_tracker_free+0x37d/0x3e0
[   81.127261][ T5489]  ? __netlink_deliver_tap+0x4dc/0x500
[   81.127315][ T5489]  netlink_unicast+0x5c0/0x690
[   81.127353][ T5489]  netlink_sendmsg+0x58b/0x6b0
[   81.127386][ T5489]  ? __pfx_netlink_sendmsg+0x10/0x10
[   81.127417][ T5489]  __sock_sendmsg+0x145/0x180
[   81.127437][ T5489]  ____sys_sendmsg+0x31e/0x4a0
[   81.127593][ T5489]  ___sys_sendmsg+0x17b/0x1d0
[   81.127631][ T5489]  __x64_sys_sendmsg+0xd4/0x160
[   81.127722][ T5489]  x64_sys_call+0x17ba/0x3000
[   81.127747][ T5489]  do_syscall_64+0xca/0x2b0
[   81.127780][ T5489]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.127877][ T5489] RIP: 0033:0x7fbebcebf749
[   81.127895][ T5489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   81.127914][ T5489] RSP: 002b:00007fbebb927038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   81.127936][ T5489] RAX: ffffffffffffffda RBX: 00007fbebd115fa0 RCX: 00007fbebcebf749
[   81.127950][ T5489] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000006
[   81.127987][ T5489] RBP: 00007fbebcf43f91 R08: 0000000000000000 R09: 0000000000000000
[   81.128001][ T5489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   81.128014][ T5489] R13: 00007fbebd116038 R14: 00007fbebd115fa0 R15: 00007ffdea32b9c8
[   81.128033][ T5489]  </TASK>
[   81.128040][ T5489] memory: usage 307200kB, limit 307200kB, failcnt 110
[   81.196276][ T5528] EXT4-fs (loop5): Remounting filesystem read-only
[   81.198123][ T5489] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0
[   81.198144][ T5489] kmem: usage 294496kB, limit 9007199254740988kB, failcnt 0
[   81.234000][ T5528] EXT4-fs (loop5): error restoring inline_data for inode -- potential data loss! (inode 12, error -30)
[   81.236380][ T5489] Memory cgroup stats for /syz6:
[   81.537265][ T5489] cache 12288000
[   81.546013][ T5489] rss 196608
[   81.549342][ T5489] shmem 12279808
[   81.553111][ T5489] mapped_file 11755520
[   81.557404][ T5489] dirty 0
[   81.560349][ T5489] writeback 0
[   81.563672][ T5489] workingset_refault_anon 0
[   81.568170][ T5489] workingset_refault_file 0
[   81.572683][ T5489] swap 0
[   81.575542][ T5489] swapcached 0
[   81.578916][ T5489] pgpgin 3944
[   81.582229][ T5489] pgpgout 768
[   81.585578][ T5489] pgfault 13058
[   81.589044][ T5489] pgmajfault 0
[   81.592554][ T5489] inactive_anon 11767808
[   81.596848][ T5489] active_anon 1232896
[   81.600989][ T5489] inactive_file 0
[   81.604668][ T5489] active_file 8192
[   81.608402][ T5489] unevictable 0
[   81.611922][ T5489] hierarchical_memory_limit 314572800
[   81.617530][ T5489] hierarchical_memsw_limit 9223372036854771712
[   81.623996][ T5489] total_cache 12288000
[   81.628114][ T5489] total_rss 196608
[   81.632318][ T5489] total_shmem 12279808
[   81.636507][ T5489] total_mapped_file 11755520
[   81.641240][ T5489] total_dirty 0
[   81.644777][ T5489] total_writeback 0
[   81.648653][ T5489] total_workingset_refault_anon 0
[   81.653838][ T5489] total_workingset_refault_file 0
[   81.659142][ T5489] total_swap 0
[   81.662560][ T5489] total_swapcached 0
[   81.666560][ T5489] total_pgpgin 3944
[   81.670469][ T5489] total_pgpgout 768
[   81.674406][ T5489] total_pgfault 13058
[   81.678411][ T5489] total_pgmajfault 0
[   81.682162][ T5537] lo speed is unknown, defaulting to 1000
[   81.682339][ T5489] total_inactive_anon 11767808
[   81.692854][ T5489] total_active_anon 1232896
[   81.697907][ T5489] total_inactive_file 0
[   81.702191][ T5489] total_active_file 8192
[   81.706457][ T5489] total_unevictable 0
[   81.710893][ T5489] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.612,pid=5484,uid=0
[   81.725726][ T5489] Memory cgroup out of memory: Killed process 5484 (syz.6.612) total-vm:96148kB, anon-rss:1224kB, file-rss:22452kB, shmem-rss:11264kB, UID:0 pgtables:144kB oom_score_adj:1000
[   81.743693][  T353] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   81.753635][ T4684] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.897251][ T5090] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.958487][ T5547] lo speed is unknown, defaulting to 1000
[   81.998590][ T5555] loop3: detected capacity change from 0 to 512
[   82.006215][ T5555] EXT4-fs: Ignoring removed orlov option
[   82.012599][ T5558] netlink: 4 bytes leftover after parsing attributes in process `syz.5.633'.
[   82.023842][ T5555] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[   82.033284][ T5555] EXT4-fs error (device loop3): ext4_iget_extra_inode:5073: inode #15: comm syz.3.639: corrupted in-inode xattr: e_value size too large
[   82.047639][ T5555] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.639: couldn't read orphan inode 15 (err -117)
[   82.060284][ T5555] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.087720][ T5559] SELinux: failed to load policy
[   82.150245][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.159663][ T5567] loop1: detected capacity change from 0 to 2048
[   82.162854][ T5570] netlink: 8 bytes leftover after parsing attributes in process `syz.5.643'.
[   82.166649][ T5567] EXT4-fs: Ignoring removed mblk_io_submit option
[   82.194234][ T5567] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.223889][ T5567] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.644: bg 0: block 234: padding at end of block bitmap is not set
[   82.245775][ T5570] loop5: detected capacity change from 0 to 128
[   82.252328][ T5567] EXT4-fs (loop1): Remounting filesystem read-only
[   82.259233][ T5567] EXT4-fs (loop1): error restoring inline_data for inode -- potential data loss! (inode 12, error -30)
[   82.270898][ T5570] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   82.283432][ T5570] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   82.294556][ T5570] IPv6: NLM_F_CREATE should be specified when creating new route
[   82.303311][   T29] kauditd_printk_skb: 957 callbacks suppressed
[   82.303361][   T29] audit: type=1326 audit(1767453298.135:2757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5568 comm="syz.5.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29c300f749 code=0x7ffc0000
[   82.333269][   T29] audit: type=1326 audit(1767453298.135:2758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5568 comm="syz.5.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29c300f749 code=0x7ffc0000
[   82.334886][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.356954][   T29] audit: type=1326 audit(1767453298.135:2759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5568 comm="syz.5.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f29c300f749 code=0x7ffc0000
[   82.390269][   T29] audit: type=1326 audit(1767453298.135:2760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5568 comm="syz.5.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f29c300f783 code=0x7ffc0000
[   82.413630][   T29] audit: type=1326 audit(1767453298.135:2761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5568 comm="syz.5.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f29c300e1ff code=0x7ffc0000
[   82.437200][   T29] audit: type=1326 audit(1767453298.135:2762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5568 comm="syz.5.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f29c300f7d7 code=0x7ffc0000
[   82.474219][   T29] audit: type=1326 audit(1767453298.205:2763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5568 comm="syz.5.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f29c300df90 code=0x7ffc0000
[   82.497878][   T29] audit: type=1326 audit(1767453298.205:2764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5568 comm="syz.5.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f29c300e3aa code=0x7ffc0000
[   82.521158][   T29] audit: type=1326 audit(1767453298.205:2765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5568 comm="syz.5.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29c300f749 code=0x7ffc0000
[   82.544655][   T29] audit: type=1326 audit(1767453298.205:2766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5568 comm="syz.5.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29c300f749 code=0x7ffc0000
[   82.674623][ T2240] bond0 (unregistering): Released all slaves
[   82.683618][ T5591] $H�: renamed from bond0 (while UP)
[   82.697055][ T5591] $H�: entered promiscuous mode
[   82.702926][ T5591] bond_slave_0: entered promiscuous mode
[   82.708898][ T5591] bond_slave_1: entered promiscuous mode
[   82.859924][ T5597] SELinux: failed to load policy
[   82.916391][ T5605] loop1: detected capacity change from 0 to 128
[   82.948431][ T5605] lo speed is unknown, defaulting to 1000
[   82.963963][ T5607] loop0: detected capacity change from 0 to 512
[   82.970730][ T5607] EXT4-fs: Ignoring removed orlov option
[   83.002593][ T5607] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   83.003443][ T5608] pim6reg: entered allmulticast mode
[   83.026663][ T1586] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   83.064587][ T5607] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #15: comm syz.0.659: corrupted in-inode xattr: e_value size too large
[   83.097710][ T5607] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.659: couldn't read orphan inode 15 (err -117)
[   83.112424][ T5607] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.142876][ T5605] pim6reg: left allmulticast mode
[   83.201036][ T5628] SELinux: failed to load policy
[   83.243144][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.388212][ T5650] netlink: 'syz.5.667': attribute type 4 has an invalid length.
[   83.423366][ T5627] rdma_rxe: rxe_newlink: failed to add veth0_to_bond
[   83.443347][ T5651] netlink: 4 bytes leftover after parsing attributes in process `syz.6.678'.
[   83.455245][ T5661] loop1: detected capacity change from 0 to 512
[   83.475602][ T5661] EXT4-fs: Ignoring removed orlov option
[   83.493942][ T5661] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   83.514393][ T5661] EXT4-fs error (device loop1): ext4_iget_extra_inode:5073: inode #15: comm syz.1.681: corrupted in-inode xattr: e_value size too large
[   83.552515][ T5670] hub 9-0:1.0: USB hub found
[   83.566953][ T5670] hub 9-0:1.0: 8 ports detected
[   83.593346][ T5661] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.681: couldn't read orphan inode 15 (err -117)
[   83.613806][ T5661] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.675473][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.749567][ T5691] program syz.0.694 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   83.755964][ T5690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.693'.
[   83.759295][ T5687] netlink: 4 bytes leftover after parsing attributes in process `syz.6.695'.
[   83.776784][ T5691] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   83.900489][ T5713] hub 9-0:1.0: USB hub found
[   83.905411][ T5713] hub 9-0:1.0: 8 ports detected
[   84.020678][ T5715] lo speed is unknown, defaulting to 1000
[   84.074714][ T5730] loop6: detected capacity change from 0 to 1024
[   84.086962][ T5730] EXT4-fs: Ignoring removed nomblk_io_submit option
[   84.137501][ T5729] siw: device registration error -23
[   84.137734][ T5739] netlink: 4 bytes leftover after parsing attributes in process `syz.5.711'.
[   84.153796][ T5730] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   84.245917][ T5745] netlink: 4 bytes leftover after parsing attributes in process `syz.5.712'.
[   84.305676][ T5757] EXT4-fs: Ignoring removed orlov option
[   84.344034][ T5757] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   84.380872][ T5757] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #15: comm syz.0.715: corrupted in-inode xattr: e_value size too large
[   84.403185][ T5757] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.715: couldn't read orphan inode 15 (err -117)
[   84.418868][ T5757] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   84.476836][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.579809][ T5777] netlink: 4 bytes leftover after parsing attributes in process `syz.5.723'.
[   84.596524][ T5751] serio: Serial port ttyS3
[   84.760101][ T5730] syz.6.709 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[   84.774447][ T5730] CPU: 1 UID: 0 PID: 5730 Comm: syz.6.709 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   84.774485][ T5730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   84.774501][ T5730] Call Trace:
[   84.774509][ T5730]  <TASK>
[   84.774570][ T5730]  __dump_stack+0x1d/0x30
[   84.774601][ T5730]  dump_stack_lvl+0x95/0xd0
[   84.774656][ T5730]  dump_stack+0x15/0x1b
[   84.774675][ T5730]  dump_header+0x81/0x240
[   84.774695][ T5730]  oom_kill_process+0x295/0x350
[   84.774765][ T5730]  out_of_memory+0x97b/0xb80
[   84.774794][ T5730]  try_charge_memcg+0x610/0xa10
[   84.774844][ T5730]  obj_cgroup_charge_pages+0xa6/0x150
[   84.774919][ T5730]  __memcg_kmem_charge_page+0x9f/0x170
[   84.774953][ T5730]  __alloc_frozen_pages_noprof+0x18f/0x360
[   84.774990][ T5730]  alloc_pages_mpol+0xb3/0x260
[   84.775065][ T5730]  alloc_pages_noprof+0x90/0x130
[   84.775100][ T5730]  __vmalloc_node_range_noprof+0xa7b/0x1310
[   84.775184][ T5730]  __kvmalloc_node_noprof+0x492/0x6b0
[   84.775235][ T5730]  ? ip_set_alloc+0x24/0x30
[   84.775322][ T5730]  ? ip_set_alloc+0x24/0x30
[   84.775358][ T5730]  ip_set_alloc+0x24/0x30
[   84.775450][ T5730]  hash_netiface_create+0x282/0x740
[   84.775496][ T5730]  ? __pfx_hash_netiface_create+0x10/0x10
[   84.775529][ T5730]  ip_set_create+0x3cc/0x970
[   84.775633][ T5730]  ? __nla_parse+0x40/0x60
[   84.775660][ T5730]  nfnetlink_rcv_msg+0x4c6/0x590
[   84.775713][ T5730]  netlink_rcv_skb+0x123/0x220
[   84.775802][ T5730]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   84.775831][ T5730]  nfnetlink_rcv+0x167/0x16c0
[   84.775854][ T5730]  ? kmem_cache_free+0xe3/0x3a0
[   84.775926][ T5730]  ? __kfree_skb+0x109/0x150
[   84.775963][ T5730]  ? nlmon_xmit+0x4f/0x60
[   84.775986][ T5730]  ? consume_skb+0x49/0x150
[   84.776015][ T5730]  ? nlmon_xmit+0x4f/0x60
[   84.776033][ T5730]  ? dev_hard_start_xmit+0x3b0/0x3e0
[   84.776158][ T5730]  ? __dev_queue_xmit+0x13a6/0x1ee0
[   84.776191][ T5730]  ? __dev_queue_xmit+0x148/0x1ee0
[   84.776223][ T5730]  ? ref_tracker_free+0x37d/0x3e0
[   84.776275][ T5730]  ? __netlink_deliver_tap+0x4dc/0x500
[   84.776315][ T5730]  netlink_unicast+0x5c0/0x690
[   84.776413][ T5730]  netlink_sendmsg+0x58b/0x6b0
[   84.776452][ T5730]  ? __pfx_netlink_sendmsg+0x10/0x10
[   84.776496][ T5730]  __sock_sendmsg+0x145/0x180
[   84.776548][ T5730]  ____sys_sendmsg+0x31e/0x4a0
[   84.776643][ T5730]  ___sys_sendmsg+0x17b/0x1d0
[   84.776679][ T5730]  __x64_sys_sendmsg+0xd4/0x160
[   84.776719][ T5730]  x64_sys_call+0x17ba/0x3000
[   84.776741][ T5730]  do_syscall_64+0xca/0x2b0
[   84.776773][ T5730]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.776796][ T5730] RIP: 0033:0x7fbebcebf749
[   84.776816][ T5730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.776862][ T5730] RSP: 002b:00007fbebb927038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   84.776887][ T5730] RAX: ffffffffffffffda RBX: 00007fbebd115fa0 RCX: 00007fbebcebf749
[   84.776902][ T5730] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000008
[   84.776962][ T5730] RBP: 00007fbebcf43f91 R08: 0000000000000000 R09: 0000000000000000
[   84.776976][ T5730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.777011][ T5730] R13: 00007fbebd116038 R14: 00007fbebd115fa0 R15: 00007ffdea32b9c8
[   84.777032][ T5730]  </TASK>
[   84.777041][ T5730] memory: usage 307200kB, limit 307200kB, failcnt 367
[   85.109633][ T5730] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0
[   85.117576][ T5730] kmem: usage 294472kB, limit 9007199254740988kB, failcnt 0
[   85.125062][ T5730] Memory cgroup stats for /syz6:
[   85.125822][ T5730] cache 12308480
[   85.134456][ T5730] rss 196608
[   85.137712][ T5730] shmem 12279808
[   85.141299][ T5730] mapped_file 11755520
[   85.145524][ T5730] dirty 0
[   85.148541][ T5730] writeback 0
[   85.151837][ T5730] workingset_refault_anon 0
[   85.156388][ T5730] workingset_refault_file 3
[   85.160935][ T5730] swap 0
[   85.163879][ T5730] swapcached 0
[   85.167296][ T5730] pgpgin 7795
[   85.170638][ T5730] pgpgout 4614
[   85.174017][ T5730] pgfault 18035
[   85.177616][ T5730] pgmajfault 0
[   85.180991][ T5730] inactive_anon 2650112
[   85.185325][ T5730] active_anon 10350592
[   85.189430][ T5730] inactive_file 28672
[   85.193592][ T5730] active_file 0
[   85.197074][ T5730] unevictable 0
[   85.200662][ T5730] hierarchical_memory_limit 314572800
[   85.206088][ T5730] hierarchical_memsw_limit 9223372036854771712
[   85.212301][ T5730] total_cache 12308480
[   85.216392][ T5730] total_rss 196608
[   85.220106][ T5730] total_shmem 12279808
[   85.224282][ T5730] total_mapped_file 11755520
[   85.228951][ T5730] total_dirty 0
[   85.232456][ T5730] total_writeback 0
[   85.236311][ T5730] total_workingset_refault_anon 0
[   85.241354][ T5730] total_workingset_refault_file 3
[   85.246541][ T5730] total_swap 0
[   85.249930][ T5730] total_swapcached 0
[   85.253940][ T5730] total_pgpgin 7795
[   85.257801][ T5730] total_pgpgout 4614
[   85.261799][ T5730] total_pgfault 18035
[   85.265867][ T5730] total_pgmajfault 0
[   85.269777][ T5730] total_inactive_anon 2650112
[   85.274593][ T5730] total_active_anon 10350592
[   85.279268][ T5730] total_inactive_file 28672
[   85.283836][ T5730] total_active_file 0
[   85.287919][ T5730] total_unevictable 0
[   85.291929][ T5730] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.709,pid=5728,uid=0
[   85.306442][ T5730] Memory cgroup out of memory: Killed process 5730 (syz.6.709) total-vm:94100kB, anon-rss:1268kB, file-rss:22440kB, shmem-rss:11392kB, UID:0 pgtables:144kB oom_score_adj:1000
[   85.425342][ T5090] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.485739][ T5818] netlink: 4 bytes leftover after parsing attributes in process `syz.6.736'.
[   85.744674][ T5851] set_capacity_and_notify: 1 callbacks suppressed
[   85.744696][ T5851] loop5: detected capacity change from 0 to 1024
[   85.758628][ T5851] EXT4-fs: Ignoring removed nomblk_io_submit option
[   85.784682][ T5851] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   86.058987][ T5861] serio: Serial port ttyS3
[   86.069319][ T5864] loop1: detected capacity change from 0 to 2048
[   86.076188][ T5864] EXT4-fs: Ignoring removed mblk_io_submit option
[   86.093398][ T5864] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   86.122117][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.170639][ T5851] syz.5.746 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[   86.184709][ T5851] CPU: 1 UID: 0 PID: 5851 Comm: syz.5.746 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   86.184744][ T5851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   86.184755][ T5851] Call Trace:
[   86.184760][ T5851]  <TASK>
[   86.184767][ T5851]  __dump_stack+0x1d/0x30
[   86.184841][ T5851]  dump_stack_lvl+0x95/0xd0
[   86.184894][ T5851]  dump_stack+0x15/0x1b
[   86.184907][ T5851]  dump_header+0x81/0x240
[   86.184921][ T5851]  oom_kill_process+0x295/0x350
[   86.184941][ T5851]  out_of_memory+0x97b/0xb80
[   86.184982][ T5851]  try_charge_memcg+0x610/0xa10
[   86.185042][ T5851]  obj_cgroup_charge_pages+0xa6/0x150
[   86.185061][ T5851]  __memcg_kmem_charge_page+0x9f/0x170
[   86.185081][ T5851]  __alloc_frozen_pages_noprof+0x18f/0x360
[   86.185131][ T5851]  alloc_pages_mpol+0xb3/0x260
[   86.185164][ T5851]  alloc_pages_noprof+0x90/0x130
[   86.185183][ T5851]  __vmalloc_node_range_noprof+0xa7b/0x1310
[   86.185220][ T5851]  __kvmalloc_node_noprof+0x492/0x6b0
[   86.185236][ T5851]  ? ip_set_alloc+0x24/0x30
[   86.185329][ T5851]  ? ip_set_alloc+0x24/0x30
[   86.185349][ T5851]  ip_set_alloc+0x24/0x30
[   86.185374][ T5851]  hash_netiface_create+0x282/0x740
[   86.185410][ T5851]  ? __pfx_hash_netiface_create+0x10/0x10
[   86.185481][ T5851]  ip_set_create+0x3cc/0x970
[   86.185577][ T5851]  ? __mutex_lock_slowpath+0xa/0x10
[   86.185636][ T5851]  nfnetlink_rcv_msg+0x4c6/0x590
[   86.185671][ T5851]  netlink_rcv_skb+0x123/0x220
[   86.185689][ T5851]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   86.185710][ T5851]  nfnetlink_rcv+0x167/0x16c0
[   86.185806][ T5851]  ? kmem_cache_free+0xe3/0x3a0
[   86.185823][ T5851]  ? __kfree_skb+0x109/0x150
[   86.185838][ T5851]  ? nlmon_xmit+0x4f/0x60
[   86.185882][ T5851]  ? consume_skb+0x49/0x150
[   86.185897][ T5851]  ? nlmon_xmit+0x4f/0x60
[   86.185909][ T5851]  ? dev_hard_start_xmit+0x3b0/0x3e0
[   86.185929][ T5851]  ? __dev_queue_xmit+0x13a6/0x1ee0
[   86.186007][ T5851]  ? __dev_queue_xmit+0x148/0x1ee0
[   86.186025][ T5851]  ? ref_tracker_free+0x37d/0x3e0
[   86.186045][ T5851]  ? __netlink_deliver_tap+0x4dc/0x500
[   86.186109][ T5851]  netlink_unicast+0x5c0/0x690
[   86.186128][ T5851]  netlink_sendmsg+0x58b/0x6b0
[   86.186197][ T5851]  ? __pfx_netlink_sendmsg+0x10/0x10
[   86.186223][ T5851]  __sock_sendmsg+0x145/0x180
[   86.186237][ T5851]  ____sys_sendmsg+0x31e/0x4a0
[   86.186257][ T5851]  ___sys_sendmsg+0x17b/0x1d0
[   86.186303][ T5851]  __x64_sys_sendmsg+0xd4/0x160
[   86.186374][ T5851]  x64_sys_call+0x17ba/0x3000
[   86.186393][ T5851]  do_syscall_64+0xca/0x2b0
[   86.186415][ T5851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.186430][ T5851] RIP: 0033:0x7f29c300f749
[   86.186524][ T5851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.186568][ T5851] RSP: 002b:00007f29c1a77038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   86.186596][ T5851] RAX: ffffffffffffffda RBX: 00007f29c3265fa0 RCX: 00007f29c300f749
[   86.186604][ T5851] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000008
[   86.186613][ T5851] RBP: 00007f29c3093f91 R08: 0000000000000000 R09: 0000000000000000
[   86.186621][ T5851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.186630][ T5851] R13: 00007f29c3266038 R14: 00007f29c3265fa0 R15: 00007fff5d1bade8
[   86.186642][ T5851]  </TASK>
[   86.186647][ T5851] memory: usage 307200kB, limit 307200kB, failcnt 4370
[   86.518709][ T5851] memory+swap: usage 365848kB, limit 9007199254740988kB, failcnt 0
[   86.526652][ T5851] kmem: usage 285488kB, limit 9007199254740988kB, failcnt 0
[   86.534011][ T5851] Memory cgroup stats for /syz5:
[   86.534268][ T5851] cache 20705280
[   86.542798][ T5851] rss 208896
[   86.546021][ T5851] shmem 20676608
[   86.549582][ T5851] mapped_file 11755520
[   86.553666][ T5851] dirty 0
[   86.556721][ T5851] writeback 0
[   86.560087][ T5851] workingset_refault_anon 10
[   86.564777][ T5851] workingset_refault_file 1
[   86.569306][ T5851] swap 60055552
[   86.572901][ T5851] swapcached 790528
[   86.576732][ T5851] pgpgin 42511
[   86.580132][ T5851] pgpgout 37084
[   86.583684][ T5851] pgfault 37844
[   86.587268][ T5851] pgmajfault 9
[   86.590640][ T5851] inactive_anon 21131264
[   86.594973][ T5851] active_anon 1069056
[   86.599044][ T5851] inactive_file 28672
[   86.603143][ T5851] active_file 0
[   86.606613][ T5851] unevictable 0
[   86.610245][ T5851] hierarchical_memory_limit 314572800
[   86.615741][ T5851] hierarchical_memsw_limit 9223372036854771712
[   86.621920][ T5851] total_cache 20705280
[   86.625992][ T5851] total_rss 208896
[   86.629844][ T5851] total_shmem 20676608
[   86.633922][ T5851] total_mapped_file 11755520
[   86.638541][ T5851] total_dirty 0
[   86.642101][ T5851] total_writeback 0
[   86.646160][ T5851] total_workingset_refault_anon 10
[   86.651414][ T5851] total_workingset_refault_file 1
[   86.656648][ T5851] total_swap 60055552
[   86.660646][ T5851] total_swapcached 790528
[   86.664987][ T5851] total_pgpgin 42511
[   86.668884][ T5851] total_pgpgout 37084
[   86.672987][ T5851] total_pgfault 37844
[   86.677311][ T5851] total_pgmajfault 9
[   86.681334][ T5851] total_inactive_anon 21131264
[   86.686187][ T5851] total_active_anon 1069056
[   86.690696][ T5851] total_inactive_file 28672
[   86.695354][ T5851] total_active_file 0
[   86.699342][ T5851] total_unevictable 0
[   86.703425][ T5851] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.746,pid=5850,uid=0
[   86.717983][ T5851] Memory cgroup out of memory: Killed process 5851 (syz.5.746) total-vm:94100kB, anon-rss:1324kB, file-rss:22572kB, shmem-rss:11392kB, UID:0 pgtables:148kB oom_score_adj:1000
[   86.827669][ T4684] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.880474][ T5873] netlink: 4 bytes leftover after parsing attributes in process `syz.5.752'.
[   87.000953][ T5893] loop3: detected capacity change from 0 to 512
[   87.007609][ T5893] EXT4-fs: Ignoring removed orlov option
[   87.014294][ T5893] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[   87.033114][ T5893] EXT4-fs error (device loop3): ext4_iget_extra_inode:5073: inode #15: comm syz.3.760: corrupted in-inode xattr: e_value size too large
[   87.049483][ T5893] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.760: couldn't read orphan inode 15 (err -117)
[   87.062448][ T5893] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   87.087557][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.116746][ T5903] loop3: detected capacity change from 0 to 1024
[   87.123725][ T5903] EXT4-fs: Ignoring removed nomblk_io_submit option
[   87.133398][ T5903] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   87.177108][ T5908] netlink: 'syz.0.759': attribute type 4 has an invalid length.
[   87.194765][ T5908] syz1: rxe_newlink: already configured on veth0_to_bond
[   87.355806][   T29] kauditd_printk_skb: 68 callbacks suppressed
[   87.355826][   T29] audit: type=1326 audit(1767453303.185:2835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5914 comm="syz.6.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[   87.385773][   T29] audit: type=1326 audit(1767453303.185:2836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5914 comm="syz.6.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[   87.428912][   T29] audit: type=1326 audit(1767453303.185:2837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5914 comm="syz.6.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[   87.452921][   T29] audit: type=1326 audit(1767453303.185:2838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5914 comm="syz.6.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[   87.476539][   T29] audit: type=1326 audit(1767453303.185:2839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5914 comm="syz.6.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[   87.500520][   T29] audit: type=1326 audit(1767453303.245:2840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5914 comm="syz.6.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[   87.759914][ T5903] syz.3.763 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[   87.774026][ T5903] CPU: 1 UID: 0 PID: 5903 Comm: syz.3.763 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   87.774056][ T5903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   87.774069][ T5903] Call Trace:
[   87.774077][ T5903]  <TASK>
[   87.774142][ T5903]  __dump_stack+0x1d/0x30
[   87.774160][ T5903]  dump_stack_lvl+0x95/0xd0
[   87.774212][ T5903]  dump_stack+0x15/0x1b
[   87.774225][ T5903]  dump_header+0x81/0x240
[   87.774239][ T5903]  oom_kill_process+0x295/0x350
[   87.774255][ T5903]  out_of_memory+0x97b/0xb80
[   87.774271][ T5903]  try_charge_memcg+0x610/0xa10
[   87.774373][ T5903]  obj_cgroup_charge_pages+0xa6/0x150
[   87.774420][ T5903]  __memcg_kmem_charge_page+0x9f/0x170
[   87.774451][ T5903]  __alloc_frozen_pages_noprof+0x18f/0x360
[   87.774486][ T5903]  alloc_pages_mpol+0xb3/0x260
[   87.774598][ T5903]  alloc_pages_noprof+0x90/0x130
[   87.774618][ T5903]  __vmalloc_node_range_noprof+0xa7b/0x1310
[   87.774704][ T5903]  __kvmalloc_node_noprof+0x492/0x6b0
[   87.774721][ T5903]  ? ip_set_alloc+0x24/0x30
[   87.774741][ T5903]  ? ip_set_alloc+0x24/0x30
[   87.774787][ T5903]  ip_set_alloc+0x24/0x30
[   87.774884][ T5903]  hash_netiface_create+0x282/0x740
[   87.774906][ T5903]  ? __pfx_hash_netiface_create+0x10/0x10
[   87.774927][ T5903]  ip_set_create+0x3cc/0x970
[   87.775022][ T5903]  ? __nla_parse+0x40/0x60
[   87.775040][ T5903]  nfnetlink_rcv_msg+0x4c6/0x590
[   87.775121][ T5903]  netlink_rcv_skb+0x123/0x220
[   87.775141][ T5903]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   87.775227][ T5903]  nfnetlink_rcv+0x167/0x16c0
[   87.775243][ T5903]  ? kmem_cache_free+0xe3/0x3a0
[   87.775260][ T5903]  ? __kfree_skb+0x109/0x150
[   87.775339][ T5903]  ? nlmon_xmit+0x4f/0x60
[   87.775428][ T5903]  ? consume_skb+0x49/0x150
[   87.775462][ T5903]  ? nlmon_xmit+0x4f/0x60
[   87.775484][ T5903]  ? dev_hard_start_xmit+0x3b0/0x3e0
[   87.775560][ T5903]  ? __dev_queue_xmit+0x13a6/0x1ee0
[   87.775591][ T5903]  ? __dev_queue_xmit+0x148/0x1ee0
[   87.775624][ T5903]  ? ref_tracker_free+0x37d/0x3e0
[   87.775648][ T5903]  ? __netlink_deliver_tap+0x4dc/0x500
[   87.775798][ T5903]  netlink_unicast+0x5c0/0x690
[   87.775818][ T5903]  netlink_sendmsg+0x58b/0x6b0
[   87.775839][ T5903]  ? __pfx_netlink_sendmsg+0x10/0x10
[   87.775896][ T5903]  __sock_sendmsg+0x145/0x180
[   87.775909][ T5903]  ____sys_sendmsg+0x31e/0x4a0
[   87.775931][ T5903]  ___sys_sendmsg+0x17b/0x1d0
[   87.776024][ T5903]  __x64_sys_sendmsg+0xd4/0x160
[   87.776140][ T5903]  x64_sys_call+0x17ba/0x3000
[   87.776157][ T5903]  do_syscall_64+0xca/0x2b0
[   87.776224][ T5903]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.776240][ T5903] RIP: 0033:0x7fbf468bf749
[   87.776295][ T5903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.776386][ T5903] RSP: 002b:00007fbf4531f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   87.776402][ T5903] RAX: ffffffffffffffda RBX: 00007fbf46b15fa0 RCX: 00007fbf468bf749
[   87.776411][ T5903] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000008
[   87.776420][ T5903] RBP: 00007fbf46943f91 R08: 0000000000000000 R09: 0000000000000000
[   87.776451][ T5903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.776496][ T5903] R13: 00007fbf46b16038 R14: 00007fbf46b15fa0 R15: 00007fff5734ba48
[   87.776510][ T5903]  </TASK>
[   88.101120][ T5903] memory: usage 307200kB, limit 307200kB, failcnt 2890
[   88.108323][ T5903] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0
[   88.116294][ T5903] kmem: usage 294468kB, limit 9007199254740988kB, failcnt 0
[   88.124224][ T5903] Memory cgroup stats for /syz3:
[   88.127081][ T5903] cache 12300288
[   88.135632][ T5903] rss 212992
[   88.138843][ T5903] shmem 12279808
[   88.142459][ T5903] mapped_file 11755520
[   88.146714][ T5903] dirty 0
[   88.149757][ T5903] writeback 0
[   88.153198][ T5903] workingset_refault_anon 497
[   88.158015][ T5903] workingset_refault_file 4437
[   88.162843][ T5903] swap 0
[   88.165733][ T5903] swapcached 0
[   88.169391][ T5903] pgpgin 69711
[   88.172816][ T5903] pgpgout 66528
[   88.176334][ T5903] pgfault 98745
[   88.179961][ T5903] pgmajfault 355
[   88.183544][ T5903] inactive_anon 11108352
[   88.187932][ T5903] active_anon 1908736
[   88.192023][ T5903] inactive_file 4096
[   88.195918][ T5903] active_file 16384
[   88.199819][ T5903] unevictable 0
[   88.203314][ T5903] hierarchical_memory_limit 314572800
[   88.208848][ T5903] hierarchical_memsw_limit 9223372036854771712
[   88.215157][ T5903] total_cache 12300288
[   88.219310][ T5903] total_rss 212992
[   88.223042][ T5903] total_shmem 12279808
[   88.227155][ T5903] total_mapped_file 11755520
[   88.231760][ T5903] total_dirty 0
[   88.235207][ T5903] total_writeback 0
[   88.239055][ T5903] total_workingset_refault_anon 497
[   88.244491][ T5903] total_workingset_refault_file 4437
[   88.249850][ T5903] total_swap 0
[   88.253379][ T5903] total_swapcached 0
[   88.257265][ T5903] total_pgpgin 69711
[   88.261151][ T5903] total_pgpgout 66528
[   88.265229][ T5903] total_pgfault 98745
[   88.269216][ T5903] total_pgmajfault 355
[   88.273290][ T5903] total_inactive_anon 11108352
[   88.278154][ T5903] total_active_anon 1908736
[   88.282659][ T5903] total_inactive_file 4096
[   88.287204][ T5903] total_active_file 16384
[   88.291631][ T5903] total_unevictable 0
[   88.295636][ T5903] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.763,pid=5902,uid=0
[   88.310439][ T5903] Memory cgroup out of memory: Killed process 5902 (syz.3.763) total-vm:102440kB, anon-rss:1272kB, file-rss:26536kB, shmem-rss:11392kB, UID:0 pgtables:152kB oom_score_adj:1000
[   88.328504][ T5909] serio: Serial port ttyS3
[   88.412616][ T5928] netlink: 8 bytes leftover after parsing attributes in process `syz.6.769'.
[   88.454324][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.508372][ T5928] loop6: detected capacity change from 0 to 128
[   88.520731][ T5928] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   88.538744][ T5928] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   88.552594][   T29] audit: type=1326 audit(1767453304.385:2841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5927 comm="syz.6.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[   88.602353][ T5941] loop1: detected capacity change from 0 to 1024
[   88.609276][ T5941] EXT4-fs: Ignoring removed nomblk_io_submit option
[   88.629583][   T29] audit: type=1326 audit(1767453304.385:2842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5927 comm="syz.6.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[   88.653153][   T29] audit: type=1326 audit(1767453304.385:2843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5927 comm="syz.6.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbebcebf783 code=0x7ffc0000
[   88.676585][   T29] audit: type=1326 audit(1767453304.385:2844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5927 comm="syz.6.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fbebcebe1ff code=0x7ffc0000
[   88.775665][ T5941] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   88.900729][ T5958] loop0: detected capacity change from 0 to 128
[   88.932518][  T387] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   89.079889][ T5965] netlink: 4 bytes leftover after parsing attributes in process `syz.0.782'.
[   89.093712][ T5969] lo speed is unknown, defaulting to 1000
[   89.351473][ T5979] SELinux: failed to load policy
[   89.369872][ T5977] loop0: detected capacity change from 0 to 512
[   89.389500][ T5977] EXT4-fs: Ignoring removed orlov option
[   89.396219][ T5977] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   89.521458][ T5977] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #15: comm syz.0.786: corrupted in-inode xattr: e_value size too large
[   89.569247][ T5987] lo speed is unknown, defaulting to 1000
[   89.583687][ T5977] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.786: couldn't read orphan inode 15 (err -117)
[   89.677596][ T5987] bond0 (unregistering): Released all slaves
[   89.688921][ T5977] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   89.697211][ T5995] loop5: detected capacity change from 0 to 1024
[   89.708138][ T5995] EXT4-fs: Ignoring removed nomblk_io_submit option
[   89.723428][ T5987] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2048 sclass=netlink_route_socket pid=5987 comm=syz.6.790
[   89.755713][ T6001] hub 9-0:1.0: USB hub found
[   89.762208][ T5995] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   89.774750][ T6001] hub 9-0:1.0: 8 ports detected
[   89.834844][ T6004] netlink: 8 bytes leftover after parsing attributes in process `syz.3.795'.
[   89.886946][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.917930][ T6004] loop3: detected capacity change from 0 to 128
[   89.962162][ T6004] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   89.979313][ T6004] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   90.046354][ T5961] serio: Serial port ttyS3
[   90.051021][ T6007] lo speed is unknown, defaulting to 1000
[   90.294737][ T6015] netlink: 4 bytes leftover after parsing attributes in process `syz.0.797'.
[   90.306779][ T6005] serio: Serial port ttyS3
[   90.434837][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.486203][ T2240] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   90.657498][ T6030] lo speed is unknown, defaulting to 1000
[   90.711381][ T6038] EXT4-fs: Ignoring removed mblk_io_submit option
[   90.734446][ T6038] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   90.850801][ T4684] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.922370][ T6048] $H�: renamed from bond0 (while UP)
[   90.932829][ T6048] $H�: entered promiscuous mode
[   90.938007][ T6048] bond_slave_0: entered promiscuous mode
[   90.944276][ T6048] bond_slave_1: entered promiscuous mode
[   91.003186][ T6052] hub 9-0:1.0: USB hub found
[   91.008043][ T6052] hub 9-0:1.0: 8 ports detected
[   91.077892][ T6059] set_capacity_and_notify: 1 callbacks suppressed
[   91.077909][ T6059] loop5: detected capacity change from 0 to 512
[   91.092051][ T6059] EXT4-fs: Ignoring removed orlov option
[   91.102864][ T6059] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[   91.115386][ T6059] EXT4-fs error (device loop5): ext4_iget_extra_inode:5073: inode #15: comm syz.5.812: corrupted in-inode xattr: e_value size too large
[   91.130191][ T6059] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.812: couldn't read orphan inode 15 (err -117)
[   91.150608][ T6062] lo speed is unknown, defaulting to 1000
[   91.179540][ T6066] netlink: 8 bytes leftover after parsing attributes in process `syz.5.814'.
[   91.212180][ T6066] loop5: detected capacity change from 0 to 128
[   91.224583][ T6066] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   91.243989][ T6066] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   91.350789][ T6072] loop6: detected capacity change from 0 to 2048
[   91.368927][ T6072] EXT4-fs: Ignoring removed mblk_io_submit option
[   91.436728][ T6077] loop0: detected capacity change from 0 to 1024
[   91.499050][ T6077] EXT4-fs: Ignoring removed nomblk_io_submit option
[   91.550471][ T6086] loop3: detected capacity change from 0 to 2048
[   91.562605][ T6086] EXT4-fs: Ignoring removed mblk_io_submit option
[   91.701331][ T6096] loop3: detected capacity change from 0 to 512
[   91.752227][ T6096] EXT4-fs: Ignoring removed orlov option
[   91.795318][ T6096] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[   91.834163][ T6096] EXT4-fs error (device loop3): ext4_iget_extra_inode:5073: inode #15: comm syz.3.824: corrupted in-inode xattr: e_value size too large
[   91.849041][ T6096] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.824: couldn't read orphan inode 15 (err -117)
[   91.997003][ T6094] serio: Serial port ttyS3
[   92.055009][  T353] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   92.131791][ T6121] netlink: 4 bytes leftover after parsing attributes in process `syz.3.833'.
[   92.331630][ T6132] loop1: detected capacity change from 0 to 1024
[   92.339518][ T6132] EXT4-fs: Ignoring removed nomblk_io_submit option
[   92.444818][ T6145] loop3: detected capacity change from 0 to 128
[   92.498934][   T29] kauditd_printk_skb: 382 callbacks suppressed
[   92.498951][   T29] audit: type=1326 audit(1767453308.325:3227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6146 comm="syz.3.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf468bf749 code=0x7ffc0000
[   92.528718][   T29] audit: type=1326 audit(1767453308.325:3228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6146 comm="syz.3.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf468bf749 code=0x7ffc0000
[   92.552240][   T29] audit: type=1326 audit(1767453308.325:3229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6146 comm="syz.3.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf468bf749 code=0x7ffc0000
[   92.575647][   T29] audit: type=1326 audit(1767453308.325:3230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6146 comm="syz.3.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf468bf749 code=0x7ffc0000
[   92.599455][   T29] audit: type=1326 audit(1767453308.325:3231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6146 comm="syz.3.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=241 compat=0 ip=0x7fbf468bf749 code=0x7ffc0000
[   92.623696][   T29] audit: type=1326 audit(1767453308.325:3232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6146 comm="syz.3.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf468bf749 code=0x7ffc0000
[   92.647458][   T29] audit: type=1326 audit(1767453308.325:3233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6146 comm="syz.3.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf468bf749 code=0x7ffc0000
[   92.671053][   T29] audit: type=1326 audit(1767453308.325:3234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6146 comm="syz.3.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf468bf749 code=0x7ffc0000
[   92.695038][   T29] audit: type=1326 audit(1767453308.325:3235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6146 comm="syz.3.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbf468bdf90 code=0x7ffc0000
[   92.718627][   T29] audit: type=1326 audit(1767453308.325:3236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6146 comm="syz.3.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf468bf749 code=0x7ffc0000
[   92.820642][ T6157] lo speed is unknown, defaulting to 1000
[   92.827746][ T6162] loop6: detected capacity change from 0 to 1024
[   92.861172][ T6162] EXT4-fs: Ignoring removed nomblk_io_submit option
[   92.896585][ T6163] siw: device registration error -23
[   93.082331][ T6141] serio: Serial port ttyS3
[   93.180809][ T6170] serio: Serial port ttyS3
[   93.874977][ T6183] SELinux: failed to load policy
[   93.917543][ T6190] lo speed is unknown, defaulting to 1000
[   93.979565][ T6196] loop3: detected capacity change from 0 to 256
[   93.992407][ T6193] EXT4-fs: Ignoring removed mblk_io_submit option
[   94.011963][ T6196] FAT-fs (loop3): codepage cp1250 not found
[   94.131585][ T6206] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   94.148893][ T6206] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   94.372234][ T6215] netlink: 20 bytes leftover after parsing attributes in process `syz.6.861'.
[   94.847163][   T23] IPVS: starting estimator thread 0...
[   95.173453][ T6219] IPVS: using max 2400 ests per chain, 120000 per kthread
[   95.254160][ T6227] sch_fq: defrate 0 ignored.
[   96.438411][ T6240] syzkaller0: entered promiscuous mode
[   96.444968][ T6240] syzkaller0: entered allmulticast mode
[   96.724713][ T6255] set_capacity_and_notify: 1 callbacks suppressed
[   96.724727][ T6255] loop5: detected capacity change from 0 to 128
[   96.738841][ T6255] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   96.871930][ T6255] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   96.930416][ T6262] netlink: 8 bytes leftover after parsing attributes in process `syz.1.879'.
[   97.136687][ T2388] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   98.289537][   T29] kauditd_printk_skb: 79 callbacks suppressed
[   98.289553][   T29] audit: type=1400 audit(1767453313.119:3316): avc:  denied  { bind } for  pid=6290 comm="syz.6.889" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   98.373251][   T29] audit: type=1400 audit(1767453313.149:3317): avc:  denied  { write } for  pid=6290 comm="syz.6.889" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   98.442325][ T6304] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   98.473661][ T6304] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   98.482062][   T29] audit: type=1400 audit(1767453313.319:3318): avc:  denied  { write } for  pid=6308 comm="syz.5.898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   98.515318][ T6311] netlink: 4 bytes leftover after parsing attributes in process `syz.1.899'.
[  100.675841][ T6350] loop1: detected capacity change from 0 to 512
[  100.705462][ T6350] EXT4-fs (loop1): orphan cleanup on readonly fs
[  100.712071][ T6350] EXT4-fs error (device loop1): ext4_iget_extra_inode:5073: inode #15: comm syz.1.911: corrupted in-inode xattr: invalid size in ea xattr
[  100.726890][ T6350] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.911: couldn't read orphan inode 15 (err -117)
[  100.739665][ T6350] EXT4-fs mount: 17 callbacks suppressed
[  100.739682][ T6350] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  100.780351][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.091716][   T29] audit: type=1400 audit(1767453315.919:3319): avc:  denied  { connect } for  pid=6365 comm="syz.3.917" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  101.190220][ T6367] loop6: detected capacity change from 0 to 128
[  101.431271][ T6369] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  101.519789][ T6369] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  101.535187][   T29] audit: type=1400 audit(1767453316.369:3320): avc:  denied  { listen } for  pid=6370 comm="syz.3.919" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  102.621996][   T29] audit: type=1400 audit(1767453316.499:3321): avc:  denied  { accept } for  pid=6370 comm="syz.3.919" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  102.643520][   T29] audit: type=1400 audit(1767453316.699:3322): avc:  denied  { mount } for  pid=6378 comm="syz.6.922" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  102.665945][   T29] audit: type=1400 audit(1767453316.949:3323): avc:  denied  { write } for  pid=6380 comm="syz.6.923" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  102.685787][   T29] audit: type=1400 audit(1767453317.219:3324): avc:  denied  { ioctl } for  pid=6383 comm="syz.1.924" path="socket:[15956]" dev="sockfs" ino=15956 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  102.937313][   T29] audit: type=1400 audit(1767453317.519:3325): avc:  denied  { bind } for  pid=6391 comm="syz.3.926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  103.790243][   T29] kauditd_printk_skb: 1 callbacks suppressed
[  103.790263][   T29] audit: type=1400 audit(1767453317.909:3327): avc:  denied  { read } for  pid=6401 comm="syz.6.929" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  103.815634][   T29] audit: type=1400 audit(1767453317.959:3328): avc:  denied  { setopt } for  pid=6401 comm="syz.6.929" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  103.835098][   T29] audit: type=1400 audit(1767453318.529:3329): avc:  denied  { bind } for  pid=6408 comm="syz.1.931" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  103.854358][   T29] audit: type=1400 audit(1767453318.529:3330): avc:  denied  { write } for  pid=6408 comm="syz.1.931" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  104.024609][   T29] audit: type=1400 audit(1767453318.849:3331): avc:  denied  { read } for  pid=6414 comm="syz.0.933" laddr=fe80::f lport=33619 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  104.278314][ T6432] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  104.299144][ T6432] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  104.346588][ T6432] netlink: 12 bytes leftover after parsing attributes in process `syz.5.936'.
[  104.376745][ T3484] IPVS: starting estimator thread 0...
[  104.561713][ T6440] IPVS: using max 2160 ests per chain, 108000 per kthread
[  104.650339][   T29] audit: type=1400 audit(1767453319.479:3332): avc:  denied  { create } for  pid=6441 comm="syz.0.942" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  105.197626][   T29] audit: type=1400 audit(1767453320.029:3333): avc:  denied  { ioctl } for  pid=6452 comm="syz.3.946" path="socket:[15296]" dev="sockfs" ino=15296 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  105.423242][   T29] audit: type=1400 audit(1767453320.249:3334): avc:  denied  { setopt } for  pid=6457 comm="syz.0.947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  105.591766][   T29] audit: type=1400 audit(1767453320.349:3335): avc:  denied  { listen } for  pid=6449 comm="syz.1.945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  106.012707][   T29] audit: type=1400 audit(1767453320.849:3336): avc:  denied  { ioctl } for  pid=6465 comm="syz.6.949" path="socket:[16011]" dev="sockfs" ino=16011 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  106.571131][ T6485] mmap: syz.1.954 (6485) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  106.739812][ T6495] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  106.748561][ T6495] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  107.162901][ T6519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  107.176021][ T6519] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  107.249054][ T6532] netlink: 20 bytes leftover after parsing attributes in process `syz.0.973'.
[  107.358893][ T6547] netlink: 20 bytes leftover after parsing attributes in process `syz.3.982'.
[  107.471411][ T6560] syz_tun: entered allmulticast mode
[  107.480810][ T6560] dvmrp8: entered allmulticast mode
[  107.487851][ T6559] syz_tun: left allmulticast mode
[  107.629999][ T6568] sctp: [Deprecated]: syz.1.991 (pid 6568) Use of int in max_burst socket option deprecated.
[  107.629999][ T6568] Use struct sctp_assoc_value instead
[  107.689931][ T6576] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  107.698757][ T6576] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  107.748335][ T6584] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  107.756904][ T6584] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  108.042998][ T6586] random: crng reseeded on system resumption
[  108.067765][ T6588] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  108.154228][ T6604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  108.162962][ T6604] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  108.218041][ T6610] netlink: 128 bytes leftover after parsing attributes in process `syz.5.1010'.
[  108.242899][ T6614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  108.251796][ T6614] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  108.411774][ T6647] v: renamed from veth0_vlan (while UP)
[  108.474879][ T6660] syz_tun: entered allmulticast mode
[  108.481094][ T6659] syz_tun: left allmulticast mode
[  108.520696][ T6669] loop9: detected capacity change from 0 to 7
[  108.527079][ T6669] Buffer I/O error on dev loop9, logical block 0, async page read
[  108.535003][ T6669] Buffer I/O error on dev loop9, logical block 0, async page read
[  108.543589][ T6669]  loop9: unable to read partition table
[  108.549500][ T6669] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  108.549500][ T6669] 
) failed (rc=-5)
[  108.577249][ T6675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  108.585841][ T6675] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  108.614278][ T6677] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  108.622944][ T6677] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  108.922889][ T6712] loop5: detected capacity change from 0 to 8192
[  109.177152][   T29] kauditd_printk_skb: 5 callbacks suppressed
[  109.177172][   T29] audit: type=1400 audit(1767453324.009:3342): avc:  denied  { connect } for  pid=6726 comm="syz.3.1062" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  109.218213][   T29] audit: type=1400 audit(1767453324.039:3343): avc:  denied  { ioctl } for  pid=6726 comm="syz.3.1062" path="socket:[17520]" dev="sockfs" ino=17520 ioctlcmd=0x48c8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  109.308974][   T29] audit: type=1400 audit(1767453324.139:3344): avc:  denied  { append } for  pid=6739 comm="syz.1.1068" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  109.333729][ T6740] random: crng reseeded on system resumption
[  109.362722][ T6744] loop5: detected capacity change from 0 to 512
[  109.371606][ T6747] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  109.381293][ T6744] EXT4-fs (loop5): orphan cleanup on readonly fs
[  109.384437][ T6747] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  109.387724][ T6744] EXT4-fs error (device loop5): ext4_quota_enable:7173: comm syz.5.1069: Bad quota inum: 3, type: 1
[  109.404583][ T6751] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1072'.
[  109.406560][ T6744] EXT4-fs warning (device loop5): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=3). Please run e2fsck to fix.
[  109.431017][ T6744] EXT4-fs (loop5): Cannot turn on quotas: error -117
[  109.438756][ T6744] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  109.469528][ T4684] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.481633][   T29] audit: type=1400 audit(1767453324.309:3345): avc:  denied  { connect } for  pid=6756 comm="syz.3.1076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  109.511266][ T6757] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  109.520228][ T6757] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  109.548023][ T6761] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.555287][ T6761] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.617781][  T387] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  109.627474][  T387] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  109.642119][  T387] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  109.652098][  T387] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  109.662282][ T6766] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1078'.
[  109.766556][ T6777] random: crng reseeded on system resumption
[  109.828105][ T3952] IPVS: starting estimator thread 0...
[  109.858613][ T6793] loop2: detected capacity change from 0 to 7
[  109.919482][ T6796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  109.928302][ T6796] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  109.952100][ T6788] IPVS: using max 3408 ests per chain, 170400 per kthread
[  110.055884][   T29] audit: type=1400 audit(1767453324.889:3346): avc:  denied  { bind } for  pid=6800 comm="syz.3.1094" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  110.075436][   T29] audit: type=1400 audit(1767453324.889:3347): avc:  denied  { listen } for  pid=6800 comm="syz.3.1094" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  110.112743][ T6805] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.121385][ T6805] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.423580][ T6813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.432415][ T6813] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.590102][ T6836] loop0: detected capacity change from 0 to 256
[  110.605273][ T6836] FAT-fs (loop0): codepage cp860 not found
[  110.630332][ T6839] syz_tun: entered allmulticast mode
[  110.640384][ T6839] dvmrp8: entered allmulticast mode
[  110.652599][ T6838] syz_tun: left allmulticast mode
[  110.681222][   T29] audit: type=1400 audit(1767453325.509:3348): avc:  denied  { write } for  pid=6844 comm="syz.3.1115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  110.759060][ T6859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.768054][ T6861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.769862][ T6859] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.776609][ T6861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.810594][ T6864] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1026 sclass=netlink_route_socket pid=6864 comm=syz.3.1124
[  110.875058][ T6865] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1026 sclass=netlink_route_socket pid=6865 comm=syz.3.1124
[  111.004499][ T6873] syz_tun: entered allmulticast mode
[  111.013349][ T6873] dvmrp8: entered allmulticast mode
[  111.020042][ T6872] syz_tun: left allmulticast mode
[  111.056848][ T6877] tipc: Started in network mode
[  111.061786][ T6877] tipc: Node identity 42370c5c5e68, cluster identity 4711
[  111.069030][ T6877] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  111.076405][ T6877] syzkaller0: entered promiscuous mode
[  111.082082][ T6877] syzkaller0: entered allmulticast mode
[  111.090534][ T6877] tipc: Resetting bearer <eth:syzkaller0>
[  111.097486][ T6876] tipc: Resetting bearer <eth:syzkaller0>
[  111.104150][ T6876] tipc: Disabling bearer <eth:syzkaller0>
[  111.311598][   T29] audit: type=1400 audit(1767453326.139:3349): avc:  denied  { getopt } for  pid=6878 comm="syz.1.1131" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  111.373199][ T6887] loop6: detected capacity change from 0 to 1024
[  111.383277][ T6891] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1137'.
[  111.398428][ T6887] EXT4-fs (loop6): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  111.409747][ T6887] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869)
[  111.411739][ T6891] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1137'.
[  111.419512][ T6887] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  111.450475][ T6887] EXT4-fs error (device loop6): ext4_ext_check_inode:523: inode #3: comm syz.6.1135: pblk 82 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  111.469571][ T6897] loop5: detected capacity change from 0 to 128
[  111.482410][ T6887] EXT4-fs (loop6): no journal found
[  111.487677][ T6887] EXT4-fs (loop6): can't get journal size
[  111.509483][ T6897] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  111.511935][ T6887] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  111.531956][ T6908] loop2: detected capacity change from 0 to 7
[  111.540952][ T6897] ext4 filesystem being mounted at /148/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  111.568416][   T29] audit: type=1400 audit(1767453326.399:3350): avc:  denied  { remove_name } for  pid=6896 comm="syz.5.1139" name="file1" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  111.591443][   T29] audit: type=1400 audit(1767453326.399:3351): avc:  denied  { rename } for  pid=6896 comm="syz.5.1139" name="file1" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  111.613816][ T6887] EXT4-fs (loop6): ext4_remount: Checksum for group 0 failed (38281!=20869)
[  111.628667][ T4684] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  111.639513][ T5090] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.665806][ T6918] syz_tun: entered allmulticast mode
[  111.680112][ T6916] syz_tun: left allmulticast mode
[  111.713756][ T6930] loop5: detected capacity change from 0 to 136
[  111.741440][ T6932] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1154'.
[  111.778095][ T6942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  111.796679][ T6942] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  111.811101][ T6946] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  111.819706][ T6946] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  111.826074][ T6951] loop2: detected capacity change from 0 to 7
[  111.960226][ T6972] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  111.969155][ T6972] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  111.978541][ T6972] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  111.987204][ T6972] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  112.322082][ T6974] random: crng reseeded on system resumption
[  112.344433][ T6976] syz_tun: entered allmulticast mode
[  112.350678][ T6975] syz_tun: left allmulticast mode
[  112.370040][ T6978] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  112.426855][ T6984] FAT-fs (loop6): codepage cp865 not found
[  112.492774][ T6993] EXT4-fs error (device loop3): ext4_iget_extra_inode:5073: inode #15: comm syz.3.1181: corrupted in-inode xattr: invalid ea_ino
[  112.512213][ T6993] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1181: couldn't read orphan inode 15 (err -117)
[  112.534322][ T7000] syz_tun: entered allmulticast mode
[  112.540310][ T6993] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.553291][ T6999] syz_tun: left allmulticast mode
[  112.605965][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.652250][ T7019] EXT4-fs: test_dummy_encryption option not supported
[  112.692111][ T7028] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1197'.
[  112.743623][ T7030] syz_tun: entered allmulticast mode
[  112.771417][ T7029] syz_tun: left allmulticast mode
[  113.007272][ T7053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  113.096223][ T7053] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  113.175651][ T7061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  113.207130][ T7063] process 'syz.1.1213' launched './file0' with NULL argv: empty string added
[  113.231281][ T7061] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  113.365059][ T7079] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.377896][ T7079] ext4 filesystem being mounted at /265/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  113.399128][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.464172][ T7099] syz_tun: entered allmulticast mode
[  113.473116][ T7099] dvmrp8: entered allmulticast mode
[  113.479349][ T7098] syz_tun: left allmulticast mode
[  113.576054][ T7111] random: crng reseeded on system resumption
[  113.604841][ T7116] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1238'.
[  113.721174][ T7138] random: crng reseeded on system resumption
[  113.795285][ T7150] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1251'.
[  113.805052][ T7150] unsupported nlmsg_type 40
[  113.909688][ T7166] set_capacity_and_notify: 7 callbacks suppressed
[  113.909710][ T7166] loop6: detected capacity change from 0 to 1024
[  113.923649][ T7166] EXT4-fs: Ignoring removed nomblk_io_submit option
[  113.944442][ T7166] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.967512][ T7160] lo speed is unknown, defaulting to 1000
[  114.013751][ T7172] siw: device registration error -23
[  114.020132][ T7171] netlink: 'syz.3.1262': attribute type 16 has an invalid length.
[  114.028023][ T7171] netlink: 'syz.3.1262': attribute type 17 has an invalid length.
[  114.297102][ T7173] serio: Serial port ttyS3
[  114.400318][ T7179] loop1: detected capacity change from 0 to 1024
[  114.407297][ T7179] EXT4-fs: Ignoring removed nomblk_io_submit option
[  114.426188][ T7179] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  114.761064][ T7182] serio: Serial port ttyS3
[  114.791227][ T7166] syz.6.1261 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  114.805612][ T7166] CPU: 1 UID: 0 PID: 7166 Comm: syz.6.1261 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  114.805644][ T7166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  114.805658][ T7166] Call Trace:
[  114.805680][ T7166]  <TASK>
[  114.805688][ T7166]  __dump_stack+0x1d/0x30
[  114.805713][ T7166]  dump_stack_lvl+0x95/0xd0
[  114.805733][ T7166]  dump_stack+0x15/0x1b
[  114.805778][ T7166]  dump_header+0x81/0x240
[  114.805803][ T7166]  oom_kill_process+0x295/0x350
[  114.805826][ T7166]  out_of_memory+0x97b/0xb80
[  114.805848][ T7166]  try_charge_memcg+0x610/0xa10
[  114.805887][ T7166]  obj_cgroup_charge_pages+0xa6/0x150
[  114.805962][ T7166]  __memcg_kmem_charge_page+0x9f/0x170
[  114.805992][ T7166]  __alloc_frozen_pages_noprof+0x18f/0x360
[  114.806020][ T7166]  alloc_pages_mpol+0xb3/0x260
[  114.806114][ T7166]  alloc_pages_noprof+0x90/0x130
[  114.806148][ T7166]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  114.806183][ T7166]  __kvmalloc_node_noprof+0x492/0x6b0
[  114.806207][ T7166]  ? ip_set_alloc+0x24/0x30
[  114.806279][ T7166]  ? ip_set_alloc+0x24/0x30
[  114.806306][ T7166]  ip_set_alloc+0x24/0x30
[  114.806351][ T7166]  hash_netiface_create+0x282/0x740
[  114.806380][ T7166]  ? __pfx_hash_netiface_create+0x10/0x10
[  114.806498][ T7166]  ip_set_create+0x3cc/0x970
[  114.806551][ T7166]  ? __nla_parse+0x40/0x60
[  114.806579][ T7166]  nfnetlink_rcv_msg+0x4c6/0x590
[  114.806618][ T7166]  netlink_rcv_skb+0x123/0x220
[  114.806715][ T7166]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  114.806750][ T7166]  nfnetlink_rcv+0x167/0x16c0
[  114.806771][ T7166]  ? kmem_cache_free+0xe3/0x3a0
[  114.806854][ T7166]  ? __kfree_skb+0x109/0x150
[  114.806876][ T7166]  ? nlmon_xmit+0x4f/0x60
[  114.806894][ T7166]  ? consume_skb+0x49/0x150
[  114.806914][ T7166]  ? nlmon_xmit+0x4f/0x60
[  114.806940][ T7166]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  114.807039][ T7166]  ? __dev_queue_xmit+0x13a6/0x1ee0
[  114.807077][ T7166]  ? __dev_queue_xmit+0x148/0x1ee0
[  114.807122][ T7166]  ? ref_tracker_free+0x37d/0x3e0
[  114.807147][ T7166]  ? __netlink_deliver_tap+0x4dc/0x500
[  114.807203][ T7166]  netlink_unicast+0x5c0/0x690
[  114.807310][ T7166]  netlink_sendmsg+0x58b/0x6b0
[  114.807393][ T7166]  ? __pfx_netlink_sendmsg+0x10/0x10
[  114.807481][ T7166]  __sock_sendmsg+0x145/0x180
[  114.807499][ T7166]  ____sys_sendmsg+0x31e/0x4a0
[  114.807526][ T7166]  ___sys_sendmsg+0x17b/0x1d0
[  114.807561][ T7166]  __x64_sys_sendmsg+0xd4/0x160
[  114.807623][ T7166]  x64_sys_call+0x17ba/0x3000
[  114.807646][ T7166]  do_syscall_64+0xca/0x2b0
[  114.807676][ T7166]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.807720][ T7166] RIP: 0033:0x7fbebcebf749
[  114.807735][ T7166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.807760][ T7166] RSP: 002b:00007fbebb927038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  114.807780][ T7166] RAX: ffffffffffffffda RBX: 00007fbebd115fa0 RCX: 00007fbebcebf749
[  114.807838][ T7166] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000008
[  114.807853][ T7166] RBP: 00007fbebcf43f91 R08: 0000000000000000 R09: 0000000000000000
[  114.807865][ T7166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  114.807876][ T7166] R13: 00007fbebd116038 R14: 00007fbebd115fa0 R15: 00007ffdea32b9c8
[  114.807893][ T7166]  </TASK>
[  114.807978][ T7166] memory: usage 307200kB, limit 307200kB, failcnt 3024
[  115.139504][ T7166] memory+swap: usage 307892kB, limit 9007199254740988kB, failcnt 0
[  115.147473][ T7166] kmem: usage 306640kB, limit 9007199254740988kB, failcnt 0
[  115.154800][ T7166] Memory cgroup stats for /syz6:
[  115.155003][ T7166] cache 32768
[  115.163615][ T7166] rss 4096
[  115.166895][ T7166] shmem 0
[  115.169908][ T7166] mapped_file 0
[  115.173446][ T7166] dirty 0
[  115.176528][ T7166] writeback 0
[  115.179811][ T7166] workingset_refault_anon 104
[  115.184545][ T7166] workingset_refault_file 3
[  115.189053][ T7166] swap 708608
[  115.192504][ T7166] swapcached 16384
[  115.196302][ T7166] pgpgin 37367
[  115.199661][ T7166] pgpgout 37227
[  115.203125][ T7166] pgfault 64677
[  115.206716][ T7166] pgmajfault 54
[  115.210249][ T7166] inactive_anon 540672
[  115.214333][ T7166] active_anon 0
[  115.217793][ T7166] inactive_file 20480
[  115.221938][ T7166] active_file 12288
[  115.225821][ T7166] unevictable 0
[  115.229265][ T7166] hierarchical_memory_limit 314572800
[  115.234688][ T7166] hierarchical_memsw_limit 9223372036854771712
[  115.240835][ T7166] total_cache 32768
[  115.244668][ T7166] total_rss 4096
[  115.248298][ T7166] total_shmem 0
[  115.251825][ T7166] total_mapped_file 0
[  115.255811][ T7166] total_dirty 0
[  115.259258][ T7166] total_writeback 0
[  115.263136][ T7166] total_workingset_refault_anon 104
[  115.268408][ T7166] total_workingset_refault_file 3
[  115.273519][ T7166] total_swap 708608
[  115.277328][ T7166] total_swapcached 16384
[  115.281569][ T7166] total_pgpgin 37367
[  115.285496][ T7166] total_pgpgout 37227
[  115.289476][ T7166] total_pgfault 64677
[  115.293524][ T7166] total_pgmajfault 54
[  115.297595][ T7166] total_inactive_anon 540672
[  115.302212][ T7166] total_active_anon 0
[  115.306258][ T7166] total_inactive_file 20480
[  115.310767][ T7166] total_active_file 12288
[  115.315249][ T7166] total_unevictable 0
[  115.319221][ T7166] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.1261,pid=7165,uid=0
[  115.334170][ T7166] Memory cgroup out of memory: Killed process 7165 (syz.6.1261) total-vm:94100kB, anon-rss:1168kB, file-rss:22440kB, shmem-rss:128kB, UID:0 pgtables:144kB oom_score_adj:1000
[  115.416129][ T5090] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.442719][ T7197] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1270'.
[  115.453234][ T7195] loop2: detected capacity change from 0 to 7
[  115.477139][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.502676][ T7197] loop6: detected capacity change from 0 to 128
[  115.509489][ T7197] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  115.519095][ T7199] syzkaller0: entered promiscuous mode
[  115.527324][ T7199] syzkaller0: entered allmulticast mode
[  115.527598][ T7197] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  115.546356][   T29] kauditd_printk_skb: 9 callbacks suppressed
[  115.546374][   T29] audit: type=1326 audit(1767453330.379:3361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7196 comm="syz.6.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[  115.601889][   T29] audit: type=1326 audit(1767453330.409:3362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7196 comm="syz.6.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[  115.625415][   T29] audit: type=1326 audit(1767453330.409:3363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7196 comm="syz.6.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbebcebf783 code=0x7ffc0000
[  115.648970][   T29] audit: type=1326 audit(1767453330.409:3364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7196 comm="syz.6.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fbebcebe1ff code=0x7ffc0000
[  115.672338][   T29] audit: type=1326 audit(1767453330.409:3365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7196 comm="syz.6.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fbebcebf7d7 code=0x7ffc0000
[  115.695823][   T29] audit: type=1326 audit(1767453330.419:3366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7196 comm="syz.6.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbebcebdf90 code=0x7ffc0000
[  115.719514][   T29] audit: type=1326 audit(1767453330.419:3367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7196 comm="syz.6.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fbebcebe3aa code=0x7ffc0000
[  115.742873][   T29] audit: type=1326 audit(1767453330.419:3368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7196 comm="syz.6.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[  115.766489][   T29] audit: type=1326 audit(1767453330.419:3369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7196 comm="syz.6.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[  115.789982][   T29] audit: type=1326 audit(1767453330.419:3370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7196 comm="syz.6.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbebcebf749 code=0x7ffc0000
[  115.840058][ T7211] loop0: detected capacity change from 0 to 128
[  115.943557][ T7197] ==================================================================
[  115.951731][ T7197] BUG: KCSAN: data-race in filemap_splice_read / filemap_splice_read
[  115.959828][ T7197] 
[  115.962174][ T7197] write to 0xffff888104a23168 of 8 bytes by task 7205 on cpu 1:
[  115.969921][ T7197]  filemap_splice_read+0x4f4/0x740
[  115.975193][ T7197]  splice_direct_to_actor+0x26f/0x680
[  115.980684][ T7197]  do_splice_direct+0xda/0x150
[  115.985649][ T7197]  do_sendfile+0x380/0x650
[  115.990192][ T7197]  __x64_sys_sendfile64+0x105/0x150
[  115.995422][ T7197]  x64_sys_call+0x2db1/0x3000
[  116.000219][ T7197]  do_syscall_64+0xca/0x2b0
[  116.004753][ T7197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.010665][ T7197] 
[  116.013009][ T7197] write to 0xffff888104a23168 of 8 bytes by task 7197 on cpu 0:
[  116.020653][ T7197]  filemap_splice_read+0x4f4/0x740
[  116.026321][ T7197]  splice_direct_to_actor+0x26f/0x680
[  116.031720][ T7197]  do_splice_direct+0xda/0x150
[  116.036513][ T7197]  do_sendfile+0x380/0x650
[  116.040990][ T7197]  __x64_sys_sendfile64+0x105/0x150
[  116.046222][ T7197]  x64_sys_call+0x2db1/0x3000
[  116.050926][ T7197]  do_syscall_64+0xca/0x2b0
[  116.055477][ T7197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.061409][ T7197] 
[  116.063757][ T7197] value changed: 0x000000000000017d -> 0x000000000000017e
[  116.070888][ T7197] 
[  116.073236][ T7197] Reported by Kernel Concurrency Sanitizer on:
[  116.079404][ T7197] CPU: 0 UID: 0 PID: 7197 Comm: syz.6.1270 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  116.089159][ T7197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  116.099328][ T7197] ==================================================================
[  116.748801][  T387] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)